jaycee/SolidScan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
SolidScan/data/vuln-feeds/nvdcve-1.1-2003.json
J4YC33 50e6e83bda Initial Commit
2024-05-13 21:24:52 -06:00

170779 lines
5.7 MiB
Raw Blame History

{
"CVE_data_type" : "CVE",
"CVE_data_format" : "MITRE",
"CVE_data_version" : "4.0",
"CVE_data_numberOfCVEs" : "1550",
"CVE_data_timestamp" : "2021-07-23T07:02Z",
"CVE_Items" : [ {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0001",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-200"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.atstake.com/research/advisories/2003/a010603-1.txt",
"name" : "A010603-1",
"refsource" : "ATSTAKE",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/412115",
"name" : "VU#412115",
"refsource" : "CERT-VN",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0016.html",
"name" : "20030110 More information regarding Etherleak",
"refsource" : "VULNWATCH",
"tags" : [ ]
}, {
"url" : "http://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf",
"name" : "http://www.atstake.com/research/advisories/2003/atstake_etherleak_report.pdf",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-025.html",
"name" : "RHSA-2003:025",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-088.html",
"name" : "RHSA-2003:088",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/9962",
"name" : "9962",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/7996",
"name" : "7996",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104222046632243&w=2",
"name" : "20030110 More information regarding Etherleak",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securitytracker.com/id/1031583",
"name" : "1031583",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2665",
"name" : "oval:org.mitre.oval:def:2665",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "http://www.securitytracker.com/id/1040185",
"name" : "1040185",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/307564/30/26270/threaded",
"name" : "20030117 Re: More information regarding Etherleak",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/305335/30/26420/threaded",
"name" : "20030106 Etherleak: Ethernet frame padding information leakage (A010603-1)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets, as demonstrated by Etherleak."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.15:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.16:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000_terminal_services:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.12:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.13:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.17:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.19:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.14:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.5.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.5.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.20:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-01-17T05:00Z",
"lastModifiedDate" : "2019-04-30T14:27Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0002",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.iss.net/security_center/static/10318.php",
"name" : "mcms-manuallogin-reasontxt-xss (10318)",
"refsource" : "XF",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/5922",
"name" : "5922",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=103417794800719&w=2",
"name" : "20021007 CSS on Microsoft Content Management Server",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-002",
"name" : "MS03-002",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting vulnerability (XSS) in ManualLogin.asp script for Microsoft Content Management Server (MCMS) 2001 allows remote attackers to execute arbitrary script via the REASONTXT parameter."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:content_management_server:2001:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:content_management_server:2001:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 6.8
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-02-07T05:00Z",
"lastModifiedDate" : "2018-10-12T21:32Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0003",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.cert.org/advisories/CA-2003-03.html",
"name" : "CA-2003-03",
"refsource" : "CERT",
"tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/610986",
"name" : "VU#610986",
"refsource" : "CERT-VN",
"tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.securityfocus.com/bid/6666",
"name" : "6666",
"refsource" : "BID",
"tags" : [ "Third Party Advisory", "VDB Entry" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104394414713415&w=2",
"name" : "20030130 Microsoft RPC Locator Buffer Overflow Vulnerability (#NISR29012003)",
"refsource" : "BUGTRAQ",
"tags" : [ "Third Party Advisory" ]
}, {
"url" : "http://marc.info/?l=ntbugtraq&m=104393588232166&w=2",
"name" : "20030130 Microsoft RPC Locator Buffer Overflow Vulnerability (#NISR29012003)",
"refsource" : "NTBUGTRAQ",
"tags" : [ "Third Party Advisory" ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A103",
"name" : "oval:org.mitre.oval:def:103",
"refsource" : "OVAL",
"tags" : [ "Third Party Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11132",
"name" : "win-locator-bo(11132)",
"refsource" : "XF",
"tags" : [ "Third Party Advisory", "VDB Entry" ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-001",
"name" : "MS03-001",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in the RPC Locator service for Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code via an RPC call to the service containing certain parameter information."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:windows_2000_terminal_services:-:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:-:*:64-bit:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:-:sp1:64-bit:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000_terminal_services:-:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-02-07T05:00Z",
"lastModifiedDate" : "2019-04-30T14:27Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0004",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0154.html",
"name" : "20030327 NSFOCUS SA2003-01: Microsoft Windows XP Redirector Local Buffer Overflow Vulnerability",
"refsource" : "VULNWATCH",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6778",
"name" : "6778",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.iss.net/security_center/static/11260.php",
"name" : "winxp-windows-redirector-bo(11260)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104878038418534&w=2",
"name" : "20030327 NSFOCUS SA2003-01: Microsoft Windows XP Redirector Local Buffer Overflow Vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-005",
"name" : "MS03-005",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in the Windows Redirector function in Microsoft Windows XP allows local users to execute arbitrary code via a long parameter."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-02-19T05:00Z",
"lastModifiedDate" : "2018-10-12T21:32Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0007",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/6667",
"name" : "6667",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11133",
"name" : "outlook-v1-certificate-plaintext(11133)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-003",
"name" : "MS03-003",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Microsoft Outlook 2002 does not properly handle requests to encrypt email messages with V1 Exchange Server Security certificates, which causes Outlook to send the email in plaintext, aka \"Flaw in how Outlook 2002 handles V1 Exchange Server Security Certificates could lead to Information Disclosure.\""
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:outlook:2002:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:outlook:2002:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:outlook:2002:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-02-07T05:00Z",
"lastModifiedDate" : "2018-10-12T21:32Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0009",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/6966",
"name" : "6966",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.iss.net/security_center/static/11425.php",
"name" : "winme-hsc-hcp-bo(11425)",
"refsource" : "XF",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.ciac.org/ciac/bulletins/n-047.shtml",
"name" : "N-047",
"refsource" : "CIAC",
"tags" : [ ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/489721",
"name" : "VU#489721",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://www.osvdb.org/6074",
"name" : "6074",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104636383018686&w=2",
"name" : "20030227 MS-Windows ME IE/Outlook/HelpCenter critical vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-006",
"name" : "MS03-006",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in Help and Support Center for Microsoft Windows Me allows remote attackers to execute arbitrary script in the Local Computer security context via an hcp:// URL with the malicious script in the topic parameter."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 6.8
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-03-07T05:00Z",
"lastModifiedDate" : "2018-10-12T21:32Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0010",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/7146",
"name" : "7146",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0139.html",
"name" : "20030319 Windows Scripting Engine issue",
"refsource" : "VULNWATCH",
"tags" : [ ]
}, {
"url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=26",
"name" : "20030319 Heap Overflow in Windows Script Engine",
"refsource" : "IDEFENSE",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104812108307645&w=2",
"name" : "20030319 iDEFENSE Security Advisory 03.19.03: Heap Overflow in Windows Script Engine",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A795",
"name" : "oval:org.mitre.oval:def:795",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A794",
"name" : "oval:org.mitre.oval:def:794",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A200",
"name" : "oval:org.mitre.oval:def:200",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A134",
"name" : "oval:org.mitre.oval:def:134",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-008",
"name" : "MS03-008",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Integer overflow in JsArrayFunctionHeapSort function used by Windows Script Engine for JScript (JScript.dll) on various Windows operating system allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail that uses a large array index value that enables a heap-based buffer overflow attack."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000_terminal_services:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_98se:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:server:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-03-24T05:00Z",
"lastModifiedDate" : "2019-04-30T14:27Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0011",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/7145",
"name" : "7145",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-009",
"name" : "MS03-009",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unknown vulnerability in the DNS intrusion detection application filter for Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (blocked traffic to DNS servers) via a certain type of incoming DNS request that is not properly handled."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:isa_server:2000:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:isa_server:2000:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-03-24T05:00Z",
"lastModifiedDate" : "2018-10-12T21:32Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0012",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.iss.net/security_center/static/10971.php",
"name" : "bugzilla-mining-world-writable(10971)",
"refsource" : "XF",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-230",
"name" : "DSA-230",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-012.html",
"name" : "RHSA-2003:012",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6502",
"name" : "6502",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104154319200399&w=2",
"name" : "20030102 [BUGZILLA] Security Advisory - remote database password disclosure",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The data collection script for Bugzilla 2.14.x before 2.14.5, 2.16.x before 2.16.2, and 2.17.x before 2.17.3 sets world-writable permissions for the data/mining directory when it runs, which allows local users to modify or delete the data."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.16:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.17.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.16.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.17:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 2.1
},
"severity" : "LOW",
"exploitabilityScore" : 3.9,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-01-17T05:00Z",
"lastModifiedDate" : "2016-10-18T02:28Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0013",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-230",
"name" : "DSA-230",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/6501",
"name" : "6501",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.iss.net/security_center/static/10970.php",
"name" : "bugzilla-htaccess-database-password(10970)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/6351",
"name" : "6351",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104154319200399&w=2",
"name" : "20030102 [BUGZILLA] Security Advisory - remote database password disclosure",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The default .htaccess scripts for Bugzilla 2.14.x before 2.14.5, 2.16.x before 2.16.2, and 2.17.x before 2.17.3 do not include filenames for backup copies of the localconfig file that are made from editors such as vi and Emacs, which could allow remote attackers to obtain a database password by directly accessing the backup file."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.17.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.16.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.17:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.16:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-01-17T05:00Z",
"lastModifiedDate" : "2016-10-18T02:28Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0014",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://packages.debian.org/changelogs/pool/main/b/bmv/bmv_1.2-14.2/changelog",
"name" : "http://packages.debian.org/changelogs/pool/main/b/bmv/bmv_1.2-14.2/changelog",
"refsource" : "CONFIRM",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.debian.org/security/2005/dsa-633",
"name" : "DSA-633",
"refsource" : "DEBIAN",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://securityfocus.org/bid/12229",
"name" : "12229",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://securitytracker.com/id?1012847",
"name" : "1012847",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/13793",
"name" : "13793",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/13796",
"name" : "13796",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18823",
"name" : "bmv-symlink(18823)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "gsinterf.c in bmv 1.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bmv:bmv:1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-01-11T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0015",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-415"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://security.e-matters.de/advisories/012003.html",
"name" : "http://security.e-matters.de/advisories/012003.html",
"refsource" : "MISC",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://rhn.redhat.com/errata/RHSA-2003-013.html",
"name" : "RHSA-2003:013",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/650937",
"name" : "VU#650937",
"refsource" : "CERT-VN",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://ccvs.cvshome.org/servlets/NewsItemView?newsID=51&JServSessionIdservlets=5of2iuhr14",
"name" : "http://ccvs.cvshome.org/servlets/NewsItemView?newsID=51&JServSessionIdservlets=5of2iuhr14",
"refsource" : "CONFIRM",
"tags" : [ "Broken Link" ]
}, {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0028.html",
"name" : "20030120 Advisory 01/2003: CVS remote vulnerability",
"refsource" : "VULNWATCH",
"tags" : [ ]
}, {
"url" : "http://www.cert.org/advisories/CA-2003-02.html",
"name" : "CA-2003-02",
"refsource" : "CERT",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-233",
"name" : "DSA-233",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:009",
"name" : "MDKSA-2003:009",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-012.html",
"name" : "RHSA-2003:012",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.ciac.org/ciac/bulletins/n-032.shtml",
"name" : "N-032",
"refsource" : "CIAC",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6650",
"name" : "6650",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104438807203491&w=2",
"name" : "FreeBSD-SA-03:01",
"refsource" : "FREEBSD",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104342550612736&w=2",
"name" : "20030124 Test program for CVS double-free.",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104428571204468&w=2",
"name" : "20030202 Exploit for CVS double free() for Linux pserver",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104333092200589&w=2",
"name" : "20030122 [security@slackware.com: [slackware-security] New CVS packages available]",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11108",
"name" : "cvs-doublefree-memory-corruption(11108)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypassing write checks to execute Update-prog and Checkin-prog commands."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cvs:cvs:1.11.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cvs:cvs:1.11.1p1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cvs:cvs:1.10.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cvs:cvs:1.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cvs:cvs:1.11.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cvs:cvs:1.11.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cvs:cvs:1.10.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cvs:cvs:1.11.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-02-07T05:00Z",
"lastModifiedDate" : "2018-05-03T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0016",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.apacheweek.com/issues/03-01-24#security",
"name" : "http://www.apacheweek.com/issues/03-01-24#security",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/979793",
"name" : "VU#979793",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/825177",
"name" : "VU#825177",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://www.securityfocus.com/bid/6659",
"name" : "6659",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=apache-httpd-announce&m=104313442901017&w=2",
"name" : "[apache-httpd-announce] 20030120 [ANNOUNCE] Apache 2.0.44 Released",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11125",
"name" : "apache-device-code-execution(11125)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11124",
"name" : "apache-device-name-dos(11124)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r7035b7c9091c4b665a3b7205364775410646f12125d48e74e395f2ce@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1888194 [2/13] - /httpd/site/trunk/content/security/json/",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/re028d61fe612b0908595d658b9b39e74bca56f2a1ed3c5f06b5ab571@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073139 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073149 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/",
"refsource" : "MLIST",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.43:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.41:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.42:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.38:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.39:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.40:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.36:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.37:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-02-07T05:00Z",
"lastModifiedDate" : "2021-06-06T11:15Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0017",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=apache-httpd-announce&m=104313442901017&w=2",
"name" : "http://marc.info/?l=apache-httpd-announce&m=104313442901017&w=2",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/re028d61fe612b0908595d658b9b39e74bca56f2a1ed3c5f06b5ab571@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073139 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r7035b7c9091c4b665a3b7205364775410646f12125d48e74e395f2ce@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1888194 [2/13] - /httpd/site/trunk/content/security/json/",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073149 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210606 svn commit: r1075467 [1/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as \">\", which causes a different filename to be processed and served."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.42:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.43:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.40:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.41:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.38:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.39:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.36:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.37:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-02-07T05:00Z",
"lastModifiedDate" : "2021-06-06T11:15Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0018",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-025.html",
"name" : "RHSA-2003:025",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.iss.net/security_center/static/11249.php",
"name" : "linux-odirect-information-leak(11249)",
"refsource" : "XF",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.debian.org/security/2004/dsa-423",
"name" : "DSA-423",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://linux.bkbits.net:8080/linux-2.4/cset@3e2f193drGJDBg9SG6JwaDQwCBnAMQ",
"name" : "http://linux.bkbits.net:8080/linux-2.4/cset@3e2f193drGJDBg9SG6JwaDQwCBnAMQ",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-358",
"name" : "DSA-358",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:014",
"name" : "MDKSA-2003:014",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6763",
"name" : "6763",
"refsource" : "BID",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Linux kernel 2.4.10 through 2.4.21-pre4 does not properly handle the O_DIRECT feature, which allows local attackers with write privileges to read portions of previously deleted files, or cause file system corruption."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.13:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.14:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.15:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.16:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.17:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.12:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.19:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 3.6
},
"severity" : "LOW",
"exploitabilityScore" : 3.9,
"impactScore" : 4.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-02-19T05:00Z",
"lastModifiedDate" : "2008-09-11T00:05Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0019",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-056.html",
"name" : "RHSA-2003:056",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.iss.net/security_center/static/11276.php",
"name" : "linux-umlnet-gain-privileges(11276)",
"refsource" : "XF",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/134025",
"name" : "VU#134025",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://www.ciac.org/ciac/bulletins/n-044.shtml",
"name" : "N-044",
"refsource" : "CIAC",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6801",
"name" : "6801",
"refsource" : "BID",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "uml_net in the kernel-utils package for Red Hat Linux 8.0 has incorrect setuid root privileges, which allows local users to modify network interfaces, e.g. by modifying ARP entries or placing interfaces into promiscuous mode."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:linux:8.0:*:i386:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-02-19T05:00Z",
"lastModifiedDate" : "2008-09-11T00:05Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0020",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/9930",
"name" : "9930",
"refsource" : "BID",
"tags" : [ "Third Party Advisory", "VDB Entry" ]
}, {
"url" : "http://www.iss.net/security_center/static/11412.php",
"name" : "apache-esc-seq-injection(11412)",
"refsource" : "XF",
"tags" : [ "Broken Link" ]
}, {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html",
"name" : "20030224 Terminal Emulator Security Issues",
"refsource" : "VULNWATCH",
"tags" : [ "Broken Link" ]
}, {
"url" : "http://security.gentoo.org/glsa/glsa-200405-22.xml",
"name" : "GLSA-200405-22",
"refsource" : "GENTOO",
"tags" : [ "Third Party Advisory" ]
}, {
"url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:050",
"name" : "MDKSA-2003:050",
"refsource" : "MANDRAKE",
"tags" : [ "Broken Link" ]
}, {
"url" : "http://frontal2.mandriva.com/security/advisories?name=MDKSA-2004:046",
"name" : "MDKSA-2004:046",
"refsource" : "MANDRAKE",
"tags" : [ "Third Party Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-082.html",
"name" : "RHSA-2003:082",
"refsource" : "REDHAT",
"tags" : [ "Third Party Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-083.html",
"name" : "RHSA-2003:083",
"refsource" : "REDHAT",
"tags" : [ "Third Party Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-104.html",
"name" : "RHSA-2003:104",
"refsource" : "REDHAT",
"tags" : [ "Third Party Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-139.html",
"name" : "RHSA-2003:139",
"refsource" : "REDHAT",
"tags" : [ "Third Party Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-243.html",
"name" : "RHSA-2003:243",
"refsource" : "REDHAT",
"tags" : [ "Third Party Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-244.html",
"name" : "RHSA-2003:244",
"refsource" : "REDHAT",
"tags" : [ "Third Party Advisory" ]
}, {
"url" : "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.529643",
"name" : "SSA:2004-133",
"refsource" : "SLACKWARE",
"tags" : [ "Mailing List", "Third Party Advisory" ]
}, {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57628-1",
"name" : "57628",
"refsource" : "SUNALERT",
"tags" : [ "Broken Link" ]
}, {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101555-1",
"name" : "101555",
"refsource" : "SUNALERT",
"tags" : [ "Broken Link" ]
}, {
"url" : "http://www.trustix.org/errata/2004/0017",
"name" : "2004-0017",
"refsource" : "TRUSTIX",
"tags" : [ "Broken Link" ]
}, {
"url" : "http://www.trustix.org/errata/2004/0027",
"name" : "2004-0027",
"refsource" : "TRUSTIX",
"tags" : [ "Broken Link" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104612710031920&w=2",
"name" : "20030224 Terminal Emulator Security Issues",
"refsource" : "BUGTRAQ",
"tags" : [ "Third Party Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=108369640424244&w=2",
"name" : "APPLE-SA-2004-05-03",
"refsource" : "APPLE",
"tags" : [ "Third Party Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=108731648532365&w=2",
"name" : "SSRT4717",
"refsource" : "HP",
"tags" : [ "Third Party Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=108437852004207&w=2",
"name" : "20040512 [OpenPKG-SA-2004.021] OpenPKG Security Advisory (apache)",
"refsource" : "BUGTRAQ",
"tags" : [ "Third Party Advisory" ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4114",
"name" : "oval:org.mitre.oval:def:4114",
"refsource" : "OVAL",
"tags" : [ "Third Party Advisory" ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A150",
"name" : "oval:org.mitre.oval:def:150",
"refsource" : "OVAL",
"tags" : [ "Third Party Advisory" ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100109",
"name" : "oval:org.mitre.oval:def:100109",
"refsource" : "OVAL",
"tags" : [ "Third Party Advisory" ]
}, {
"url" : "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ "Mailing List", "Vendor Advisory" ]
}, {
"url" : "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ "Mailing List", "Vendor Advisory" ]
}, {
"url" : "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ "Mailing List", "Vendor Advisory" ]
}, {
"url" : "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ "Mailing List", "Vendor Advisory" ]
}, {
"url" : "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r7035b7c9091c4b665a3b7205364775410646f12125d48e74e395f2ce@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1888194 [2/13] - /httpd/site/trunk/content/security/json/",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/re028d61fe612b0908595d658b9b39e74bca56f2a1ed3c5f06b5ab571@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073139 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073149 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"refsource" : "MLIST",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
"versionStartIncluding" : "1.3.0",
"versionEndExcluding" : "1.3.31",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
"versionStartIncluding" : "2.0.0",
"versionEndExcluding" : "2.0.49",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-03-18T05:00Z",
"lastModifiedDate" : "2021-06-06T11:15Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0021",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html",
"name" : "20030224 Terminal Emulator Security Issues",
"refsource" : "VULNWATCH",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.iss.net/security_center/static/11413.php",
"name" : "terminal-emulator-screen-dump(11413)",
"refsource" : "XF",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:040",
"name" : "MDKSA-2003:040",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6936",
"name" : "6936",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104612710031920&w=2",
"name" : "20030224 Terminal Emulator Security Issues",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The \"screen dump\" feature in Eterm 0.9.1 and earlier allows attackers to overwrite arbitrary files via a certain character escape sequence when it is echoed to a user's terminal, e.g. when the user views a file containing the malicious sequence."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:michael_jennings:eterm:0.8.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:michael_jennings:eterm:0.9.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-03-03T05:00Z",
"lastModifiedDate" : "2016-10-18T02:28Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0022",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html",
"name" : "20030224 Terminal Emulator Security Issues",
"refsource" : "VULNWATCH",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.iss.net/security_center/static/11413.php",
"name" : "terminal-emulator-screen-dump(11413)",
"refsource" : "XF",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:034",
"name" : "MDKSA-2003:034",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-054.html",
"name" : "RHSA-2003:054",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-055.html",
"name" : "RHSA-2003:055",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6938",
"name" : "6938",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104612710031920&w=2",
"name" : "20030224 Terminal Emulator Security Issues",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The \"screen dump\" feature in rxvt 2.7.8 allows attackers to overwrite arbitrary files via a certain character escape sequence when it is echoed to a user's terminal, e.g. when the user views a file containing the malicious sequence."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:rxvt:rxvt:2.6.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:rxvt:rxvt:2.6.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:rxvt:rxvt:2.7.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:rxvt:rxvt:2.7.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:rxvt:rxvt:2.7.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:rxvt:rxvt:2.7.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:rxvt:rxvt:2.6.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:rxvt:rxvt:2.6.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-03-03T05:00Z",
"lastModifiedDate" : "2016-10-18T02:28Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0023",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html",
"name" : "20030224 Terminal Emulator Security Issues",
"refsource" : "VULNWATCH",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.iss.net/security_center/static/11416.php",
"name" : "terminal-emulator-menu-modification(11416)",
"refsource" : "XF",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:034",
"name" : "MDKSA-2003:034",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-055.html",
"name" : "RHSA-2003:055",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-054.html",
"name" : "RHSA-2003:054",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6947",
"name" : "6947",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104612710031920&w=2",
"name" : "20030224 Terminal Emulator Security Issues",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The menuBar feature in rxvt 2.7.8 allows attackers to modify menu options and execute arbitrary commands via a certain character escape sequence that inserts the commands into the menu."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:rxvt:rxvt:2.6.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:rxvt:rxvt:2.6.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:rxvt:rxvt:2.7.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:rxvt:rxvt:2.7.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:rxvt:rxvt:2.7.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:rxvt:rxvt:2.7.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:rxvt:rxvt:2.6.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:rxvt:rxvt:2.6.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-03-03T05:00Z",
"lastModifiedDate" : "2016-10-18T02:28Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0024",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html",
"name" : "20030224 Terminal Emulator Security Issues",
"refsource" : "VULNWATCH",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.iss.net/security_center/static/11416.php",
"name" : "terminal-emulator-menu-modification(11416)",
"refsource" : "XF",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/6949",
"name" : "6949",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104612710031920&w=2",
"name" : "20030224 Terminal Emulator Security Issues",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The menuBar feature in aterm 0.42 allows attackers to modify menu options and execute arbitrary commands via a certain character escape sequence that inserts the commands into the menu."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:aterm:aterm:0.42:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-03-03T05:00Z",
"lastModifiedDate" : "2016-10-18T02:28Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0025",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-229",
"name" : "DSA-229",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/archive/1/306268",
"name" : "20030108 Re: IMP 2.x SQL injection vulnerabilities",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6559",
"name" : "6559",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.securitytracker.com/id?1005904",
"name" : "1005904",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/8087",
"name" : "8087",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/8177",
"name" : "8177",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104204786206563&w=2",
"name" : "20030108 IMP 2.x SQL injection vulnerabilities",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple SQL injection vulnerabilities in IMP 2.2.8 and earlier allow remote attackers to perform unauthorized database activities and possibly gain privileges via certain database functions such as check_prefs() in db.pgsql, as demonstrated using mailbox.php3."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:horde:imp:2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:horde:imp:2.2.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:horde:imp:2.2.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:horde:imp:2.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:horde:imp:2.2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:horde:imp:2.2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:horde:imp:2.2.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:horde:imp:2.2.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:horde:imp:2.2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-01-17T05:00Z",
"lastModifiedDate" : "2016-10-18T02:28Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0026",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.cert.org/advisories/CA-2003-01.html",
"name" : "CA-2003-01",
"refsource" : "CERT",
"tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/284857",
"name" : "VU#284857",
"refsource" : "CERT-VN",
"tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-011.html",
"name" : "RHSA-2003:011",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-231",
"name" : "DSA-231",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-01/0250.html",
"name" : "20030122 [securityslackware.com: [slackware-security] New DHCP packages available]",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.ciac.org/ciac/bulletins/n-031.shtml",
"name" : "N-031",
"refsource" : "CIAC",
"tags" : [ ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000562",
"name" : "CLA-2003:562",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:007",
"name" : "MDKSA-2003:007",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://www.openpkg.com/security/advisories/OpenPKG-SA-2003.002.html",
"name" : "OpenPKG-SA-2003.002",
"refsource" : "OPENPKG",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6627",
"name" : "6627",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.securitytracker.com/id?1005924",
"name" : "1005924",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://www.suse.com/de/security/2003_006_dhcp.html",
"name" : "SuSE-SA:2003:006",
"refsource" : "SUSE",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11073",
"name" : "dhcpd-minires-multiple-bo(11073)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple stack-based buffer overflows in the error handling routines of the minires library, as used in the NSUPDATE capability for ISC DHCPD 3.0 through 3.0.1RC10, allow remote attackers to execute arbitrary code via a DHCP message containing a long hostname."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:isc:dhcpd:3.0.1:rc6:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:isc:dhcpd:3.0.1:rc7:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:isc:dhcpd:3.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:isc:dhcpd:3.0.1:rc8:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:isc:dhcpd:3.0.1:rc1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:isc:dhcpd:3.0.1:rc2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:isc:dhcpd:3.0.1:rc3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:isc:dhcpd:3.0.1:rc4:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:isc:dhcpd:3.0.1:rc5:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-01-17T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0027",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.entercept.com/news/uspr/01-22-03.asp",
"name" : "http://www.entercept.com/news/uspr/01-22-03.asp",
"refsource" : "MISC",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/850785",
"name" : "VU#850785",
"refsource" : "CERT-VN",
"tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/50104",
"name" : "50104",
"refsource" : "SUNALERT",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6665",
"name" : "6665",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104326556329850&w=2",
"name" : "20030122 Entercept Ricochet Advisory: Sun Solaris KCMS Library Service Daemon Arbitrary File Retrieval Vulner",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2592",
"name" : "oval:org.mitre.oval:def:2592",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A195",
"name" : "oval:org.mitre.oval:def:195",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A120",
"name" : "oval:org.mitre.oval:def:120",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11129",
"name" : "solaris-kcms-directory-traversal(11129)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Directory traversal vulnerability in Sun Kodak Color Management System (KCMS) library service daemon (kcms_server) allows remote attackers to read arbitrary files via the KCS_OPEN_PROFILE procedure."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:2.5.1:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:x86_update_2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-02-07T05:00Z",
"lastModifiedDate" : "2018-10-30T16:26Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0028",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.eeye.com/html/Research/Advisories/AD20030318.html",
"name" : "AD20030318",
"refsource" : "EEYE",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://www.cert.org/advisories/CA-2003-10.html",
"name" : "CA-2003-10",
"refsource" : "CERT",
"tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0140.html",
"name" : "20030319 EEYE: XDR Integer Overflow",
"refsource" : "VULNWATCH",
"tags" : [ ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/516825",
"name" : "VU#516825",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-282",
"name" : "DSA-282",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-051.html",
"name" : "RHSA-2003:051",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-052.html",
"name" : "RHSA-2003:052",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-089.html",
"name" : "RHSA-2003:089",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-091.html",
"name" : "RHSA-2003:091",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.linuxsecurity.com/advisories/engarde_advisory-3024.html",
"name" : "ESA-20030321-010",
"refsource" : "ENGARDE",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-266",
"name" : "DSA-266",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-272",
"name" : "DSA-272",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-008.txt.asc",
"name" : "NetBSD-SA2003-008",
"refsource" : "NETBSD",
"tags" : [ ]
}, {
"url" : "http://www.novell.com/linux/security/advisories/2003_027_glibc.html",
"name" : "SuSE-SA:2003:027",
"refsource" : "SUSE",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:037",
"name" : "MDKSA-2003:037",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104810574423662&w=2",
"name" : "20030319 EEYE: XDR Integer Overflow",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104878237121402&w=2",
"name" : "2003-0014",
"refsource" : "TRUSTIX",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104860855114117&w=2",
"name" : "20030325 GLSA: glibc (200303-22)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105362148313082&w=2",
"name" : "20030522 [slackware-security] glibc XDR overflow fix (SSA:2003-141-03)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104811415301340&w=2",
"name" : "20030319 MITKRB5-SA-2003-003: faulty length checks in xdrmem_getbytes",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://security.netapp.com/advisory/ntap-20150122-0002/",
"name" : "https://security.netapp.com/advisory/ntap-20150122-0002/",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A230",
"name" : "oval:org.mitre.oval:def:230",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/316960/30/25250/threaded",
"name" : "20030331 GLSA: krb5 & mit-krb5 (200303-28)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/316931/30/25250/threaded",
"name" : "20030331 GLSA: dietlibc (200303-29)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/315638/30/25430/threaded",
"name" : "20030319 RE: EEYE: XDR Integer Overflow",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:glibc:2.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:glibc:2.1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:glibc:2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:glibc:2.3.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mit:kerberos_5:1.2.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mit:kerberos_5:1.2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openafs:openafs:1.0.4a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openafs:openafs:1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openafs:openafs:1.2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openafs:openafs:1.2.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openafs:openafs:1.1.1a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openafs:openafs:1.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.10m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.15f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.18f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openafs:openafs:1.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.12f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:glibc:2.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:glibc:2.3.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.15m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openafs:openafs:1.2.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.18:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openafs:openafs:1.2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openafs:openafs:1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.10f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:glibc:2.1.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.13:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.12m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:glibc:2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mit:kerberos_5:1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mit:kerberos_5:1.2.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:glibc:2.2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.9f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.16m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.4m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.3f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:glibc:2.2.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openafs:openafs:1.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.14f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.4f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.17:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.13m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openafs:openafs:1.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.9m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.7m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openafs:openafs:1.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:glibc:2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.19:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.16f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.13f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.20:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openafs:openafs:1.3.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openafs:openafs:1.2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.8m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.6f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.7f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openafs:openafs:1.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.14:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.3m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.11f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:glibc:2.2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.6m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.18m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:glibc:2.2.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.16:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mit:kerberos_5:1.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mit:kerberos_5:1.2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mit:kerberos_5:1.2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.17f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.12:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openafs:openafs:1.0.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openafs:openafs:1.2.2b:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.17m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.2f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.2m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.15:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openafs:openafs:1.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.14m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.11m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.8f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.5f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.5m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openafs:openafs:1.3.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openafs:openafs:1.2.2a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mit:kerberos_5:1.2.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cray:unicos:9.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cray:unicos:9.0.2.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.1.1:stable:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.5:release:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.7:stable:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.22:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux_series_700:10.20:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.1.1:release:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.4:stable:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:3.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:2.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cray:unicos:8.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:3.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:2.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:3.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cray:unicos:8.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.20:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.7:release:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux_series_800:10.20:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:2.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:2.5.1:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.6:stable:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.6:release:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.3:stable:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.04:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.5:stable:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cray:unicos:9.2.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cray:unicos:7.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cray:unicos:6.0e:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.3:release:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cray:unicos:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.2:stable:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:2.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.24:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:ibm:aix:4.3.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.20:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cray:unicos:9.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cray:unicos:6.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:2.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:ibm:aix:5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.6.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-03-25T05:00Z",
"lastModifiedDate" : "2020-01-21T15:45Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0030",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.kb.cert.org/vuls/id/247545",
"name" : "VU#247545",
"refsource" : "CERT-VN",
"tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.securityfocus.com/bid/7084",
"name" : "7084",
"refsource" : "BID",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7085",
"name" : "7085",
"refsource" : "BID",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7083",
"name" : "7083",
"refsource" : "BID",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://secunia.com/advisories/8294",
"name" : "8294",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104758650516677&w=2",
"name" : "20030313 Protegrity buffer overflow",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflows in protegrity.dll of Protegrity Secure.Data Extension Feature (SEF) before 2.2.3.9 allow attackers with SQL access to execute arbitrary code via the extended stored procedures (1) xp_pty_checkusers, (2) xp_pty_insert, or (3) xp_pty_select."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:protegrity:secure.data:2.2.3.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:protegrity:secure.data:2.2.3.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-03-18T05:00Z",
"lastModifiedDate" : "2016-10-18T02:28Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0031",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-228",
"name" : "DSA-228",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000567",
"name" : "CLA-2003:567",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6510",
"name" : "6510",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.securitytracker.com/id?1006181",
"name" : "1006181",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104162752401212&w=2",
"name" : "20030103 Multiple libmcrypt vulnerabilities",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104188513728573&w=2",
"name" : "20030105 GLSA: libmcrypt",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple buffer overflows in libmcrypt before 2.5.5 allow attackers to cause a denial of service (crash)."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mcrypt:libmcrypt:2.5.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mcrypt:libmcrypt:2.5.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mcrypt:libmcrypt:2.5.1_r4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mcrypt:libmcrypt:2.5_.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-01-17T05:00Z",
"lastModifiedDate" : "2016-10-18T02:28Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0032",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-228",
"name" : "DSA-228",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.iss.net/security_center/static/10988.php",
"name" : "libmcrypt-libtool-memory-leak(10988)",
"refsource" : "XF",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000567",
"name" : "CLA-2003:567",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6512",
"name" : "6512",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104162752401212&w=2",
"name" : "20030103 Multiple libmcrypt vulnerabilities",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104188513728573&w=2",
"name" : "20030105 GLSA: libmcrypt",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Memory leak in libmcrypt before 2.5.5 allows attackers to cause a denial of service (memory exhaustion) via a large number of requests to the application, which causes libmcrypt to dynamically load algorithms via libtool."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mcrypt:libmcrypt:2.5.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mcrypt:libmcrypt:2.5_.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mcrypt:libmcrypt:2.5.1_r4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mcrypt:libmcrypt:2.5.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-01-17T05:00Z",
"lastModifiedDate" : "2016-10-18T02:28Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0033",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21951",
"name" : "20030303 Snort RPC Preprocessing Vulnerability",
"refsource" : "ISS",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.iss.net/security_center/static/10956.php",
"name" : "snort-rpc-fragment-bo(10956)",
"refsource" : "XF",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/6963",
"name" : "6963",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/916785",
"name" : "VU#916785",
"refsource" : "CERT-VN",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-297",
"name" : "DSA-297",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.linuxsecurity.com/advisories/engarde_advisory-2944.html",
"name" : "ESA-20030307-007",
"refsource" : "ENGARDE",
"tags" : [ ]
}, {
"url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:029",
"name" : "MDKSA-2003:029",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://www.cert.org/advisories/CA-2003-13.html",
"name" : "CA-2003-13",
"refsource" : "CERT",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://www.osvdb.org/4418",
"name" : "4418",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105154530427824&w=2",
"name" : "GLSA-200304-06",
"refsource" : "GENTOO",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104673386226064&w=2",
"name" : "20030303 Snort RPC Vulnerability (fwd)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104716001503409&w=2",
"name" : "GLSA-200303-6.1",
"refsource" : "GENTOO",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in the RPC preprocessor for Snort 1.8 and 1.9.x before 1.9.1 allows remote attackers to execute arbitrary code via fragmented RPC packets."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:snort:snort:1.8.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:snort:snort:1.8.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:snort:snort:1.9.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:snort:snort:1.8.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:snort:snort:1.8.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:snort:snort:1.8.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:snort:snort:1.8.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:snort:snort:1.8.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:snort:snort:1.8.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-03-07T05:00Z",
"lastModifiedDate" : "2016-10-18T02:28Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0034",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.idefense.com/advisory/01.21.03.txt",
"name" : "http://www.idefense.com/advisory/01.21.03.txt",
"refsource" : "MISC",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0029.html",
"name" : "20030121 iDEFENSE Security Advisory 01.21.03: Buffer Overflows in Mandrake Linux printer-drivers Package",
"refsource" : "VULNWATCH",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:010",
"name" : "MDKSA-2003:010",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6656",
"name" : "6656",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.securitytracker.com/id?1005959",
"name" : "1005959",
"refsource" : "SECTRACK",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in the mtink status monitor, as included in the printer-drivers package in Mandrake Linux, allows local users to execute arbitrary code via a long HOME environment variable."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:jean-jacques_sarton:mtink:0.9.32:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:jean-jacques_sarton:mtink:0.9.33:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:jean-jacques_sarton:mtink:0.9.52:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-02-07T05:00Z",
"lastModifiedDate" : "2008-09-11T00:05Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0035",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.idefense.com/advisory/01.21.03.txt",
"name" : "http://www.idefense.com/advisory/01.21.03.txt",
"refsource" : "MISC",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0029.html",
"name" : "20030121 iDEFENSE Security Advisory 01.21.03: Buffer Overflows in Mandrake Linux printer-drivers Package",
"refsource" : "VULNWATCH",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:010",
"name" : "MDKSA-2003:010",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6658",
"name" : "6658",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.securitytracker.com/id?1005959",
"name" : "1005959",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/307608/30/26270/threaded",
"name" : "20030121 iDEFENSE Security Advisory 01.21.03: Buffer Overflows in Mandrake Linux printer-drivers Package",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in escputil, as included in the printer-drivers package in Mandrake Linux, allows local users to execute arbitrary code via a long printer-name command line argument."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:robert_krawitz:escputil:1.15.2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-02-07T05:00Z",
"lastModifiedDate" : "2018-10-19T15:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0036",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.idefense.com/advisory/01.21.03.txt",
"name" : "http://www.idefense.com/advisory/01.21.03.txt",
"refsource" : "MISC",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0029.html",
"name" : "20030121 iDEFENSE Security Advisory 01.21.03: Buffer Overflows in Mandrake Linux printer-drivers Package",
"refsource" : "VULNWATCH",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:010",
"name" : "MDKSA-2003:010",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://www.securitytracker.com/id?1005959",
"name" : "1005959",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/307608/30/26270/threaded",
"name" : "20030121 iDEFENSE Security Advisory 01.21.03: Buffer Overflows in Mandrake Linux printer-drivers Package",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "ml85p, as included in the printer-drivers package for Mandrake Linux, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable filenames of the form \"mlg85p%d\"."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:rildo_pragana:ml85p:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "HIGH",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 6.2
},
"severity" : "MEDIUM",
"exploitabilityScore" : 1.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-02-07T05:00Z",
"lastModifiedDate" : "2018-10-19T15:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0037",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-244",
"name" : "DSA-244",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/6695",
"name" : "6695",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/7955",
"name" : "7955",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11181",
"name" : "noffle-multiple-bo(11181)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflows in noffle news server 1.0.1 and earlier allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:noffle:noffle:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "1.0.1",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-02-07T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0038",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://telia.dl.sourceforge.net/sourceforge/mailman/xss-2.1.0-patch.txt",
"name" : "http://telia.dl.sourceforge.net/sourceforge/mailman/xss-2.1.0-patch.txt",
"refsource" : "CONFIRM",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.debian.org/security/2004/dsa-436",
"name" : "DSA-436",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/6677",
"name" : "6677",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/9205",
"name" : "9205",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://www.securitytracker.com/id?1005987",
"name" : "1005987",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104342745916111",
"name" : "20030124 Mailman: cross-site scripting bug",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11152",
"name" : "mailman-email-variable-xss(11152)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in options.py for Mailman 2.1 allows remote attackers to inject script or HTML into web pages via the (1) email or (2) language parameters."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:mailman:2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-02-07T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0039",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-245",
"name" : "DSA-245",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000616",
"name" : "CLSA-2003:616",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-034.html",
"name" : "RHSA-2003:034",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://cc.turbolinux.com/security/TLSA-2003-26.txt",
"name" : "TLSA-2003-26",
"refsource" : "TURBO",
"tags" : [ ]
}, {
"url" : "http://www.openpkg.org/security/OpenPKG-SA-2003.012-dhcpd.html",
"name" : "20030219 [OpenPKG-SA-2003.012] OpenPKG Security Advisory (dhcpd)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/149953",
"name" : "VU#149953",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://www.securityfocus.com/bid/6628",
"name" : "6628",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104310927813830&w=2",
"name" : "20030115 DoS against DHCP infrastructure with isc dhcrelay",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11187",
"name" : "dhcp-dhcrelay-dos(11187)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "ISC dhcrelay (dhcp-relay) 3.0rc9 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (packet storm) via a certain BOOTP packet that is forwarded to a broadcast MAC address, causing an infinite loop that is not restricted by a hop count."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:isc:dhcpd:3.0.1:rc4:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:isc:dhcpd:3.0.1:rc5:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:isc:dhcpd:3.0.1:rc2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:isc:dhcpd:3.0.1:rc3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:isc:dhcpd:3.0.1:rc6:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:isc:dhcpd:3.0.1:rc7:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:isc:dhcpd:3.0.1:rc1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:isc:dhcpd:3.0.1:rc10:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:isc:dhcpd:3.0.1:rc8:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:isc:dhcpd:3.0.1:rc9:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-02-07T05:00Z",
"lastModifiedDate" : "2017-10-10T01:30Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0040",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-247",
"name" : "DSA-247",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/6738",
"name" : "6738",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11213",
"name" : "courierimap-authmysqllib-sql-injection(11213)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "SQL injection vulnerability in the PostgreSQL auth module for courier 0.40 and earlier allows remote attackers to execute SQL code via the user name."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:inter7:courier-imap:1.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:double_precision_incorporated:courier_mta:0.37.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-02-19T05:00Z",
"lastModifiedDate" : "2017-10-10T01:30Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0041",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-020.html",
"name" : "RHSA-2003:020",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0047.html",
"name" : "20030128 MIT Kerberos FTP client remote shell commands execution",
"refsource" : "VULNWATCH",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:021",
"name" : "MDKSA-2003:021",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/7979",
"name" : "7979",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/8114",
"name" : "8114",
"refsource" : "SECUNIA",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Kerberos FTP client allows remote FTP sites to execute arbitrary code via a pipe (|) character in a filename that is retrieved by the client."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mit:kerberos_ftp_client:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:linux:7.3:*:i386:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:linux:6.2:*:i386:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:linux:7.0:*:i386:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:linux:7.1:*:i386:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:linux:7.2:*:i386:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:linux:7.2:*:ia64:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:linux:8.0:*:i386:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-02-19T05:00Z",
"lastModifiedDate" : "2008-09-10T19:17Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0042",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/",
"name" : "http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/",
"refsource" : "CONFIRM",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt",
"name" : "http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt",
"refsource" : "CONFIRM",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-246",
"name" : "DSA-246",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/advisories/5111",
"name" : "HPSBUX0303-249",
"refsource" : "HP",
"tags" : [ ]
}, {
"url" : "http://www.ciac.org/ciac/bulletins/n-060.shtml",
"name" : "N-060",
"refsource" : "CIAC",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6721",
"name" : "6721",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/7972",
"name" : "7972",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/7977",
"name" : "7977",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104394568616290&w=2",
"name" : "20030130 Apache Jakarta Tomcat 3 URL parsing vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11194",
"name" : "tomcat-null-directory-listing(11194)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote attackers to list directories even with an index.html or other file present, or obtain unprocessed source code for a JSP file, via a URL containing a null character."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:tomcat:3.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:tomcat:3.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:tomcat:3.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:tomcat:3.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:tomcat:3.3.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:tomcat:3.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:tomcat:3.2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:tomcat:3.2.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:tomcat:3.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-02-07T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0043",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/",
"name" : "http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/",
"refsource" : "CONFIRM",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt",
"name" : "http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt",
"refsource" : "CONFIRM",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-246",
"name" : "DSA-246",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/advisories/5111",
"name" : "HPSBUX0303-249",
"refsource" : "HP",
"tags" : [ ]
}, {
"url" : "http://www.ciac.org/ciac/bulletins/n-060.shtml",
"name" : "N-060",
"refsource" : "CIAC",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6722",
"name" : "6722",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11195",
"name" : "tomcat-webxml-read-files(11195)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, uses trusted privileges when processing the web.xml file, which could allow remote attackers to read portions of some files through the web.xml file."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:tomcat:3.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:tomcat:3.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:tomcat:3.3.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:tomcat:3.2.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:tomcat:3.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:tomcat:3.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:tomcat:3.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:tomcat:3.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:tomcat:3.2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-02-07T05:00Z",
"lastModifiedDate" : "2017-10-10T01:30Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0044",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/",
"name" : "http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/",
"refsource" : "CONFIRM",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt",
"name" : "http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt",
"refsource" : "CONFIRM",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-246",
"name" : "DSA-246",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/advisories/5111",
"name" : "HPSBUX0303-249",
"refsource" : "HP",
"tags" : [ ]
}, {
"url" : "http://www.ciac.org/ciac/bulletins/n-060.shtml",
"name" : "N-060",
"refsource" : "CIAC",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6720",
"name" : "6720",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/9203",
"name" : "9203",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/9204",
"name" : "9204",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/7972",
"name" : "7972",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11196",
"name" : "tomcat-web-app-xss(11196)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the (1) examples and (2) ROOT web applications for Jakarta Tomcat 3.x through 3.3.1a allow remote attackers to insert arbitrary web script or HTML."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:tomcat:3.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:tomcat:3.3.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:tomcat:3.2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:tomcat:3.2.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:tomcat:3.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:tomcat:3.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:tomcat:3.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:tomcat:3.3.1a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:tomcat:3.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:tomcat:3.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 6.8
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-02-07T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0045",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt",
"name" : "http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt",
"refsource" : "CONFIRM",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12102",
"name" : "jakarta-tomcat-msdos-dos(12102)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Jakarta Tomcat before 3.3.1a on certain Windows systems may allow remote attackers to cause a denial of service (thread hang and resource consumption) via a request for a JSP page containing an MS-DOS device name, such as aux.jsp."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:tomcat:3.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:tomcat:3.2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:tomcat:3.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:tomcat:3.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:tomcat:3.2.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:tomcat:3.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:tomcat:3.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:tomcat:3.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:tomcat:3.3.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-02-07T05:00Z",
"lastModifiedDate" : "2017-10-10T01:30Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0046",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.idefense.com/advisory/01.28.03.txt",
"name" : "http://www.idefense.com/advisory/01.28.03.txt",
"refsource" : "MISC",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.celestialsoftware.net/telnet/beta_software.html",
"name" : "http://www.celestialsoftware.net/telnet/beta_software.html",
"refsource" : "CONFIRM",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/6725",
"name" : "6725",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.securitytracker.com/id?1006013",
"name" : "1006013",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/7686",
"name" : "7686",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104386492422014&w=2",
"name" : "20030129 iDEFENSE Security Advisory 01.28.03: SSH2 Clients Insecurely Store Passwords",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "AbsoluteTelnet SSH2 client does not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:celestial_software:absolutetelnet:2.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-02-19T05:00Z",
"lastModifiedDate" : "2016-10-18T02:28Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0047",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.idefense.com/advisory/01.28.03.txt",
"name" : "http://www.idefense.com/advisory/01.28.03.txt",
"refsource" : "MISC",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/6726",
"name" : "6726",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6727",
"name" : "6727",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6728",
"name" : "6728",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.securitytracker.com/id?1006010",
"name" : "1006010",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://www.securitytracker.com/id?1006011",
"name" : "1006011",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://www.securitytracker.com/id?1006012",
"name" : "1006012",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104386492422014&w=2",
"name" : "20030129 iDEFENSE Security Advisory 01.28.03: SSH2 Clients Insecurely Store Passwords",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "SSH2 clients for VanDyke (1) SecureCRT 4.0.2 and 3.4.7, (2) SecureFX 2.1.2 and 2.0.4, and (3) Entunnel 1.0.2 and earlier, do not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:van_dyke_technologies:securecrt:3.4.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:van_dyke_technologies:securecrt:4.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:van_dyke_technologies:securefx:2.0.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:van_dyke_technologies:securefx:2.1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:van_dyke_technologies:entunnel:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "1.0.2",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-02-19T05:00Z",
"lastModifiedDate" : "2016-10-18T02:28Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0048",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.idefense.com/advisory/01.28.03.txt",
"name" : "http://www.idefense.com/advisory/01.28.03.txt",
"refsource" : "MISC",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/6724",
"name" : "6724",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.securitytracker.com/id?1006014",
"name" : "1006014",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104386492422014&w=2",
"name" : "20030129 iDEFENSE Security Advisory 01.28.03: SSH2 Clients Insecurely Store Passwords",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "PuTTY 0.53b and earlier does not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:putty:putty:0.53b:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:putty:putty:0.49:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:putty:putty:0.53:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:putty:putty:0.48:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-02-19T05:00Z",
"lastModifiedDate" : "2016-10-18T02:28Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0049",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://docs.info.apple.com/article.html?artnum=61798",
"name" : "http://docs.info.apple.com/article.html?artnum=61798",
"refsource" : "CONFIRM",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.iss.net/security_center/static/11333.php",
"name" : "macos-afp-unauthorized-access(11333)",
"refsource" : "XF",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt",
"name" : "http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6860",
"name" : "6860",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://securitytracker.com/id?1006107",
"name" : "1006107",
"refsource" : "SECTRACK",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Apple File Protocol (AFP) in Mac OS X before 10.2.4 allows administrators to log in as other users by using the administrator password."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-03-03T05:00Z",
"lastModifiedDate" : "2008-09-11T00:05Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0050",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.iss.net/security_center/static/11401.php",
"name" : "quicktime-darwin-command-execution(11401)",
"refsource" : "XF",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt",
"name" : "http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6954",
"name" : "6954",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104618904330226&w=2",
"name" : "20030224 QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute arbitrary code via shell metacharacters."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apple:darwin_streaming_server:4.1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apple:quicktime_streaming_server:4.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-03-07T05:00Z",
"lastModifiedDate" : "2016-10-18T02:28Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0051",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.iss.net/security_center/static/11402.php",
"name" : "quicktime-darwin-path-disclosure(11402)",
"refsource" : "XF",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt",
"name" : "http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6956",
"name" : "6956",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104618904330226&w=2",
"name" : "20030224 QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to obtain the physical path of the server's installation path via a NULL file parameter."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apple:quicktime_streaming_server:4.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apple:darwin_streaming_server:4.1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-03-07T05:00Z",
"lastModifiedDate" : "2016-10-18T02:28Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0052",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.iss.net/security_center/static/11403.php",
"name" : "quicktime-darwin-directory-disclosure(11403)",
"refsource" : "XF",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt",
"name" : "http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6955",
"name" : "6955",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104618904330226&w=2",
"name" : "20030224 QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to list arbitrary directories."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apple:darwin_streaming_server:4.1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apple:quicktime_streaming_server:4.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-03-07T05:00Z",
"lastModifiedDate" : "2016-10-18T02:28Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0053",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.iss.net/security_center/static/11404.php",
"name" : "quicktime-darwin-parsexml-xss(11404)",
"refsource" : "XF",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt",
"name" : "http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6958",
"name" : "6958",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104618904330226&w=2",
"name" : "20030224 QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to insert arbitrary script via the filename parameter, which is inserted into an error message."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apple:darwin_streaming_server:4.1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apple:quicktime_streaming_server:4.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-03-07T05:00Z",
"lastModifiedDate" : "2016-10-18T02:28Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0054",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.iss.net/security_center/static/11405.php",
"name" : "quicktime-darwin-describe-xss(11405)",
"refsource" : "XF",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt",
"name" : "http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6960",
"name" : "6960",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104618904330226&w=2",
"name" : "20030224 QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute certain code via a request to port 7070 with the script in an argument to the rtsp DESCRIBE method, which is inserted into a log file and executed when the log is viewed using a browser."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apple:darwin_streaming_server:4.1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apple:quicktime_streaming_server:4.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-03-07T05:00Z",
"lastModifiedDate" : "2016-10-18T02:28Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0055",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.iss.net/security_center/static/11406.php",
"name" : "quicktime-darwin-mp3-bo(11406)",
"refsource" : "XF",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt",
"name" : "http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6957",
"name" : "6957",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104618904330226&w=2",
"name" : "20030224 QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in the MP3 broadcasting module of Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute arbitrary code via a long filename."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apple:quicktime_darwin_mp3_broadcaster:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-03-07T05:00Z",
"lastModifiedDate" : "2016-10-18T02:28Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0056",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-252",
"name" : "DSA-252",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.usg.org.uk/advisories/2003.001.txt",
"name" : "http://www.usg.org.uk/advisories/2003.001.txt",
"refsource" : "MISC",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-009.0.txt",
"name" : "CSSA-2003-009.0",
"refsource" : "CALDERA",
"tags" : [ ]
}, {
"url" : "http://www.net-security.org/advisory.php?id=2010",
"name" : "CLA-2003:643",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:015",
"name" : "MDKSA-2003:015",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://rhn.redhat.com/errata/RHSA-2004-041.html",
"name" : "RHSA-2004:041",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc",
"name" : "20040202-01-U",
"refsource" : "SGI",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/7982",
"name" : "7982",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/8007",
"name" : "8007",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/8236",
"name" : "8236",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10720",
"name" : "10720",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/7947",
"name" : "7947",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/8118/",
"name" : "8118",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/8749",
"name" : "8749",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104348607205691&w=2",
"name" : "20030125 Re: [USG- SA- 2003.001] USG Security Advisory (slocate)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104428624705363&w=2",
"name" : "20030202 GLSA: slocate",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104342864418213&w=2",
"name" : "20030124 [USG- SA- 2003.001] USG Security Advisory (slocate)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11369",
"name" : "oval:org.mitre.oval:def:11369",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in secure locate (slocate) before 2.7 allows local users to execute arbitrary code via a long (1) -c or (2) -r command line argument."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:slocate:slocate:2.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:slocate:slocate:2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-02-19T05:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0057",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0042.html",
"name" : "20030126 Hypermail buffer overflows",
"refsource" : "VULNWATCH",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-248",
"name" : "DSA-248",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6689",
"name" : "6689",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6690",
"name" : "6690",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/8030",
"name" : "8030",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104369136703903&w=2",
"name" : "20030127 Hypermail buffer overflows",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11158",
"name" : "hypermail-long-hostname-bo(11158)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11157",
"name" : "hypermail-mail-attachment-bo(11157)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple buffer overflows in Hypermail 2 before 2.1.6 allows remote attackers to cause a denial of service and possibly execute arbitrary code (1) via a long attachment filename that is not properly handled by the hypermail executable, or (2) by connecting to the mail CGI program from an IP address that reverse-resolves to a long hostname."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hypermail:hypermail:2.1.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hypermail:hypermail:2.1.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hypermail:hypermail:2.1.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hypermail:hypermail:2.1_.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hypermail:hypermail:2.0b25:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hypermail:hypermail:2.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hypermail:hypermail:2.1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-02-19T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0058",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt",
"name" : "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt",
"refsource" : "CONFIRM",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/661243",
"name" : "VU#661243",
"refsource" : "CERT-VN",
"tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.securityfocus.com/bid/6683",
"name" : "6683",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000639",
"name" : "CLSA-2003:639",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:043",
"name" : "MDKSA-2003:043",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-051.html",
"name" : "RHSA-2003:051",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-052.html",
"name" : "RHSA-2003:052",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-168.html",
"name" : "RHSA-2003:168",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/50142",
"name" : "50142",
"refsource" : "SUNALERT",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1110",
"name" : "oval:org.mitre.oval:def:1110",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10099",
"name" : "kerberos-kdc-null-pointer-dos(10099)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allows remote authenticated attackers to cause a denial of service (crash) on KDCs within the same realm via a certain protocol request that causes a null dereference."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mit:kerberos_5:1.2.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:enterprise_authentication_mechanism:1.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mit:kerberos_5:1.2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mit:kerberos_5:1.2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mit:kerberos_5:1.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-02-19T05:00Z",
"lastModifiedDate" : "2020-01-21T15:44Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0059",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt",
"name" : "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt",
"refsource" : "CONFIRM",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/684563",
"name" : "VU#684563",
"refsource" : "CERT-VN",
"tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.securityfocus.com/bid/6714",
"name" : "6714",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000639",
"name" : "CLSA-2003:639",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:043",
"name" : "MDKSA-2003:043",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-051.html",
"name" : "RHSA-2003:051",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-052.html",
"name" : "RHSA-2003:052",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-168.html",
"name" : "RHSA-2003:168",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11188",
"name" : "kerberos-kdc-user-spoofing(11188)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unknown vulnerability in the chk_trans.c of the libkrb5 library for MIT Kerberos V5 before 1.2.5 allows users from one realm to impersonate users in other realms that have the same inter-realm keys."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mit:kerberos_5:1.2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mit:kerberos_5:1.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-02-19T05:00Z",
"lastModifiedDate" : "2020-01-21T15:44Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0060",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt",
"name" : "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt",
"refsource" : "CONFIRM",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/787523",
"name" : "VU#787523",
"refsource" : "CERT-VN",
"tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.securityfocus.com/bid/6712",
"name" : "6712",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.osvdb.org/4879",
"name" : "4879",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000639",
"name" : "CLSA-2003:639",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11189",
"name" : "kerberos-kdc-format-string(11189)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Format string vulnerabilities in the logging routines for MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in Kerberos principal names."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mit:kerberos_5:1.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mit:kerberos_5:1.2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mit:kerberos_5:1.2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mit:kerberos_5:1.2.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-02-19T05:00Z",
"lastModifiedDate" : "2020-01-21T15:44Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0061",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.idefense.com/application/poi/display?id=87&type=vulnerabilities&flashstatus=true",
"name" : "20030203 HP UX passwd Binary Buffer Overflow Vulnerability",
"refsource" : "IDEFENSE",
"tags" : [ "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in passwd for HP UX B.10.20 allows local users to execute arbitrary commands with root privileges via a long LANG environment variable."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.20:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2002-01-11T05:00Z",
"lastModifiedDate" : "2008-09-05T20:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0062",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.iss.net/security_center/static/11282.php",
"name" : "nod32-pathname-bo(11282)",
"refsource" : "XF",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.idefense.com/advisory/02.10.03.txt",
"name" : "http://www.idefense.com/advisory/02.10.03.txt",
"refsource" : "MISC",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/6803",
"name" : "6803",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104490777824360&w=2",
"name" : "20030210 iDEFENSE Security Advisory 02.10.03: Buffer Overflow In NOD32 Antivirus Software for Unix",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in Eset Software NOD32 for UNIX before 1.013 allows local users to execute arbitrary code via a long path name."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:eset_software:nod32_antivirus:1.0.12:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:eset_software:nod32_antivirus:1.0.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-02-19T05:00Z",
"lastModifiedDate" : "2016-10-18T02:28Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0063",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html",
"name" : "20030224 Terminal Emulator Security Issues",
"refsource" : "VULNWATCH",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.iss.net/security_center/static/11414.php",
"name" : "terminal-emulator-window-title(11414)",
"refsource" : "XF",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-380",
"name" : "DSA-380",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-064.html",
"name" : "RHSA-2003:064",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-065.html",
"name" : "RHSA-2003:065",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-066.html",
"name" : "RHSA-2003:066",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-067.html",
"name" : "RHSA-2003:067",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6940",
"name" : "6940",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104612710031920&w=2",
"name" : "20030224 Terminal Emulator Security Issues",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The xterm terminal emulator in XFree86 4.2.0 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xfree86_project:x11r6:4.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xfree86_project:x11r6:4.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xfree86_project:x11r6:4.2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xfree86_project:x11r6:4.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xfree86_project:x11r6:4.1.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-03-03T05:00Z",
"lastModifiedDate" : "2016-10-18T02:28Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0064",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html",
"name" : "20030224 Terminal Emulator Security Issues",
"refsource" : "VULNWATCH",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.iss.net/security_center/static/11414.php",
"name" : "terminal-emulator-window-title(11414)",
"refsource" : "XF",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/advisories/6236",
"name" : "HPSBUX0401-309",
"refsource" : "HP",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6942",
"name" : "6942",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104612710031920&w=2",
"name" : "20030224 Terminal Emulator Security Issues",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The dtterm terminal emulator allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.10m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.13f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.13m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.16:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.16f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.16m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.4m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.17f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.14f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.17:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:5.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.7m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.2f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.2m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.7f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.14:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.11f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.11m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.8f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.5f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.5m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.9f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:5.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.3f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.4f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.9m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.12:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.15f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.18f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:5.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.17m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.15:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.8m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.12f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.6f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.14m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.3m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:5.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.15m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.6m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.18:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.18m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.10f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.13:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.12m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.20:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.24:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.20:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.22:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:2.5.1:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.26:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.30:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:ibm:aix:4.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:ibm:aix:4.3.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:ibm:aix:4.3.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.04:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.34:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:ibm:aix:4.3.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:ibm:aix:5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-03-03T05:00Z",
"lastModifiedDate" : "2018-10-30T16:26Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0065",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html",
"name" : "20030224 Terminal Emulator Security Issues",
"refsource" : "VULNWATCH",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.iss.net/security_center/static/11414.php",
"name" : "terminal-emulator-window-title(11414)",
"refsource" : "XF",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/6945",
"name" : "6945",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104612710031920&w=2",
"name" : "20030224 Terminal Emulator Security Issues",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The uxterm terminal emulator allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:national_university_of_singapore:uxterm:2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:national_university_of_singapore:uxterm:2.4.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-03-03T05:00Z",
"lastModifiedDate" : "2016-10-18T02:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0066",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html",
"name" : "20030224 Terminal Emulator Security Issues",
"refsource" : "VULNWATCH",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.iss.net/security_center/static/11414.php",
"name" : "terminal-emulator-window-title(11414)",
"refsource" : "XF",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/advisories/5137",
"name" : "200303-16",
"refsource" : "GENTOO",
"tags" : [ ]
}, {
"url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:003",
"name" : "MDKSA-2003:003",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-054.html",
"name" : "RHSA-2003:054",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-055.html",
"name" : "RHSA-2003:055",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6953",
"name" : "6953",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104612710031920&w=2",
"name" : "20030224 Terminal Emulator Security Issues",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The rxvt terminal emulator 2.7.8 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:rxvt:rxvt:2.6.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:rxvt:rxvt:2.7.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:rxvt:rxvt:2.6.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:rxvt:rxvt:2.6.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:rxvt:rxvt:2.7.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:rxvt:rxvt:2.7.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:rxvt:rxvt:2.6.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:rxvt:rxvt:2.7.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-03-03T05:00Z",
"lastModifiedDate" : "2016-10-18T02:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0067",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html",
"name" : "20030224 Terminal Emulator Security Issues",
"refsource" : "VULNWATCH",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.iss.net/security_center/static/11414.php",
"name" : "terminal-emulator-window-title(11414)",
"refsource" : "XF",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104612710031920&w=2",
"name" : "20030224 Terminal Emulator Security Issues",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The aterm terminal emulator 0.42 allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:aterm:aterm:0.42:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-03-18T05:00Z",
"lastModifiedDate" : "2016-10-18T02:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0068",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html",
"name" : "20030224 Terminal Emulator Security Issues",
"refsource" : "VULNWATCH",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.iss.net/security_center/static/11414.php",
"name" : "terminal-emulator-window-title(11414)",
"refsource" : "XF",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.debian.org/security/2004/dsa-496",
"name" : "DSA-496",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:040",
"name" : "MDKSA-2003:040",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/10237",
"name" : "10237",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104612710031920&w=2",
"name" : "20030224 Terminal Emulator Security Issues",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The Eterm terminal emulator 0.9.1 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:michael_jennings:eterm:0.9.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:michael_jennings:eterm:0.8.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-03-03T05:00Z",
"lastModifiedDate" : "2016-10-18T02:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0069",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html",
"name" : "20030224 Terminal Emulator Security Issues",
"refsource" : "VULNWATCH",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.iss.net/security_center/static/11414.php",
"name" : "terminal-emulator-window-title(11414)",
"refsource" : "XF",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.osvdb.org/8347",
"name" : "8347",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104612710031920&w=2",
"name" : "20030224 Terminal Emulator Security Issues",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The PuTTY terminal emulator 0.53 allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:putty:putty:0.53:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-03-18T05:00Z",
"lastModifiedDate" : "2016-10-18T02:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0070",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html",
"name" : "20030224 Terminal Emulator Security Issues",
"refsource" : "VULNWATCH",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.iss.net/security_center/static/11414.php",
"name" : "terminal-emulator-window-title(11414)",
"refsource" : "XF",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-053.html",
"name" : "RHSA-2003:053",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://seclists.org/lists/bugtraq/2003/Mar/0010.html",
"name" : "GLSA-200303-2",
"refsource" : "GENTOO",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104612710031920&w=2",
"name" : "20030224 Terminal Emulator Security Issues",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "VTE, as used by default in gnome-terminal terminal emulator 2.2 and as an option in gnome-terminal 2.0, allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "AND",
"children" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:nalin_dahyabhai:vte:0.17.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:nalin_dahyabhai:vte:0.20.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:nalin_dahyabhai:vte:0.22.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:nalin_dahyabhai:vte:0.12.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:nalin_dahyabhai:vte:0.24.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:nalin_dahyabhai:vte:0.25.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:nalin_dahyabhai:vte:0.14.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:nalin_dahyabhai:vte:0.16.14:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:nalin_dahyabhai:vte:0.11.21:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:nalin_dahyabhai:vte:0.15.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnome:gnome-terminal:2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnome:gnome-terminal:2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ],
"cpe_match" : [ ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 6.8
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : true
}
},
"publishedDate" : "2003-03-03T05:00Z",
"lastModifiedDate" : "2016-10-18T02:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0071",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html",
"name" : "20030224 Terminal Emulator Security Issues",
"refsource" : "VULNWATCH",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.iss.net/security_center/static/11415.php",
"name" : "terminal-emulator-dec-udk(11415)",
"refsource" : "XF",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-380",
"name" : "DSA-380",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-064.html",
"name" : "RHSA-2003:064",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-065.html",
"name" : "RHSA-2003:065",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-066.html",
"name" : "RHSA-2003:066",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-067.html",
"name" : "RHSA-2003:067",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6950",
"name" : "6950",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104612710031920&w=2",
"name" : "20030224 Terminal Emulator Security Issues",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The DEC UDK processing feature in the xterm terminal emulator in XFree86 4.2.99.4 and earlier allows attackers to cause a denial of service via a certain character escape sequence that causes the terminal to enter a tight loop."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xfree86_project:x11r6:4.2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xfree86_project:x11r6:4.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xfree86_project:x11r6:4.1.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xfree86_project:x11r6:4.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xfree86_project:x11r6:4.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 2.1
},
"severity" : "LOW",
"exploitabilityScore" : 3.9,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-03-03T05:00Z",
"lastModifiedDate" : "2016-10-18T02:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0072",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-005-buf.txt",
"name" : "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-005-buf.txt",
"refsource" : "CONFIRM",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-266",
"name" : "DSA-266",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-051.html",
"name" : "RHSA-2003:051",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-052.html",
"name" : "RHSA-2003:052",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-54042-1",
"name" : "54042",
"refsource" : "SUNALERT",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/7184",
"name" : "7184",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/316960/30/25250/threaded",
"name" : "20030331 GLSA: krb5 & mit-krb5 (200303-28)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes an out-of-bounds read of an array (aka \"array overrun\")."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mit:kerberos_5:1.2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mit:kerberos_5:1.2.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mit:kerberos_5:1.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mit:kerberos_5:1.2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mit:kerberos_5:1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mit:kerberos_5:1.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mit:kerberos:1.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mit:kerberos_5:1.2.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mit:kerberos_5:1.2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mit:kerberos_5:1.2.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mit:kerberos:1.2.2.beta1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mit:kerberos_5:1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mit:kerberos_5:1.3:alpha1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mit:kerberos_5:1.0.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-04-02T05:00Z",
"lastModifiedDate" : "2020-01-21T15:47Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0073",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.mysql.com/doc/en/News-3.23.55.html",
"name" : "http://www.mysql.com/doc/en/News-3.23.55.html",
"refsource" : "CONFIRM",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-303",
"name" : "DSA-303",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000743",
"name" : "CLA-2003:743",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://www.linuxsecurity.com/advisories/engarde_advisory-2873.html",
"name" : "ESA-20030220-004",
"refsource" : "ENGARDE",
"tags" : [ ]
}, {
"url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:013",
"name" : "MDKSA-2003:013",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-093.html",
"name" : "RHSA-2003:093",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-094.html",
"name" : "RHSA-2003:094",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-166.html",
"name" : "RHSA-2003:166",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6718",
"name" : "6718",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.iss.net/security_center/static/11199.php",
"name" : "mysql-mysqlchangeuser-doublefree-dos(11199)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104385719107879&w=2",
"name" : "20030129 [OpenPKG-SA-2003.008] OpenPKG Security Advisory (mysql)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A436",
"name" : "oval:org.mitre.oval:def:436",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Double-free vulnerability in mysqld for MySQL before 3.23.55 allows attackers with MySQL access to cause a denial of service (crash) via mysql_change_user."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.31:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.54a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.36:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.41:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.53:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.54:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.47:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.52:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-02-19T05:00Z",
"lastModifiedDate" : "2019-10-07T16:41Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0074",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/6715",
"name" : "6715",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.iss.net/security_center/static/11193.php",
"name" : "plptools-plpnsfd-format-string(11193)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104386699725019&w=2",
"name" : "20030129 Re: Local root vuln in SuSE 8.0 plptools package",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104385772908969&w=2",
"name" : "20030129 Local root vuln in SuSE 8.0 plptools package",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Format string vulnerability in mpmain.c for plpnfsd of the plptools package allows remote attackers to execute arbitrary code via the functions (1) debuglog, (2) errorlog, and (3) infolog."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:plptools:plptools:0.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-02-19T05:00Z",
"lastModifiedDate" : "2016-10-18T02:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0075",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.iss.net/security_center/static/11227.php",
"name" : "bladeenc-myfseek-code-execution(11227)",
"refsource" : "XF",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.pivx.com/luigi/adv/blade942-adv.txt",
"name" : "http://www.pivx.com/luigi/adv/blade942-adv.txt",
"refsource" : "MISC",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/6745",
"name" : "6745",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104428700106672&w=2",
"name" : "20030202 Bladeenc 0.94.2 code execution",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104446346127432&w=2",
"name" : "GLSA-200302-04",
"refsource" : "GENTOO",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Integer signedness error in the myFseek function of samplein.c for Blade encoder (BladeEnc) 0.94.2 and earlier allows remote attackers to execute arbitrary code via a negative offset value following a \"fmt\" wave chunk."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bladeenc:bladeenc:0.94.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bladeenc:bladeenc:0.94.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bladeenc:bladeenc:0.94.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bladeenc:bladeenc:0.92.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bladeenc:bladeenc:0.93.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-02-19T05:00Z",
"lastModifiedDate" : "2016-10-18T02:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0076",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://dc.ketelhot.de/pipermail/dc/2003-January/000094.html",
"name" : "http://dc.ketelhot.de/pipermail/dc/2003-January/000094.html",
"refsource" : "CONFIRM",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.iss.net/security_center/static/11246.php",
"name" : "qtdcgui-directory-download-files(11246)",
"refsource" : "XF",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104437720116243&w=2",
"name" : "20030204 GLSA: qt-dcgui",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unknown vulnerability in the directory parser for Direct Connect 4 Linux (dcgui) before 0.2.2 allows remote attackers to read files outside the sharelist."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:dcgui:dcgui:0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:dcgui:dcgui:0.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:qt-dcgui:qt-dcgui:0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:qt-dcgui:qt-dcgui:0.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 6.4
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 4.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-02-19T05:00Z",
"lastModifiedDate" : "2016-10-18T02:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0077",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html",
"name" : "20030224 Terminal Emulator Security Issues",
"refsource" : "VULNWATCH",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.iss.net/security_center/static/11414.php",
"name" : "terminal-emulator-window-title(11414)",
"refsource" : "XF",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-070.html",
"name" : "RHSA-2003:070",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-071.html",
"name" : "RHSA-2003:071",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/4917",
"name" : "4917",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104612710031920&w=2",
"name" : "20030224 Terminal Emulator Security Issues",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The hanterm (hanterm-xf) terminal emulator 2.0.5 and earlier, and possibly later versions, allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hanterm:hanterm-xf:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "2.0.5",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-03-18T05:00Z",
"lastModifiedDate" : "2016-10-18T02:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0078",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.openssl.org/news/secadv_20030219.txt",
"name" : "http://www.openssl.org/news/secadv_20030219.txt",
"refsource" : "CONFIRM",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-253",
"name" : "DSA-253",
"refsource" : "DEBIAN",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.iss.net/security_center/static/11369.php",
"name" : "ssl-cbc-information-leak(11369)",
"refsource" : "XF",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000570",
"name" : "CLSA-2003:570",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://www.linuxsecurity.com/advisories/engarde_advisory-2874.html",
"name" : "ESA-20030220-005",
"refsource" : "ENGARDE",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-062.html",
"name" : "RHSA-2003:062",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-063.html",
"name" : "RHSA-2003:063",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-082.html",
"name" : "RHSA-2003:082",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-104.html",
"name" : "RHSA-2003:104",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-205.html",
"name" : "RHSA-2003:205",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20030501-01-I",
"name" : "20030501-01-I",
"refsource" : "SGI",
"tags" : [ ]
}, {
"url" : "http://www.trustix.org/errata/2003/0005",
"name" : "2003-0005",
"refsource" : "TRUSTIX",
"tags" : [ ]
}, {
"url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:020",
"name" : "MDKSA-2003:020",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-001.txt.asc",
"name" : "NetBSD-SA2003-001",
"refsource" : "NETBSD",
"tags" : [ ]
}, {
"url" : "http://www.ciac.org/ciac/bulletins/n-051.shtml",
"name" : "N-051",
"refsource" : "CIAC",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6884",
"name" : "6884",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/3945",
"name" : "3945",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104568426824439&w=2",
"name" : "20030219 [OpenPKG-SA-2003.013] OpenPKG Security Advisory (openssl)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104567627211904&w=2",
"name" : "20030219 OpenSSL 0.9.7a and 0.9.6i released",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104577183206905&w=2",
"name" : "GLSA-200302-10",
"refsource" : "GENTOO",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak (timing discrepancy) that may make it easier to launch cryptographic attacks that rely on distinguishing between padding and MAC verification errors, possibly leading to extraction of the original plaintext, aka the \"Vaudenay timing attack.\""
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.7:beta2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.7:beta3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.7:beta1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.8:pre-release:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:3.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:3.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-03-03T05:00Z",
"lastModifiedDate" : "2016-10-18T02:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0079",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html",
"name" : "20030224 Terminal Emulator Security Issues",
"refsource" : "VULNWATCH",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.iss.net/security_center/static/11415.php",
"name" : "terminal-emulator-dec-udk(11415)",
"refsource" : "XF",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-070.html",
"name" : "RHSA-2003:070",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-071.html",
"name" : "RHSA-2003:071",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6944",
"name" : "6944",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/4918",
"name" : "4918",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104612710031920&w=2",
"name" : "20030224 Terminal Emulator Security Issues",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The DEC UDK processing feature in the hanterm (hanterm-xf) terminal emulator before 2.0.5 allows attackers to cause a denial of service via a certain character escape sequence that causes the terminal to enter a tight loop."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hanterm:hanterm-xf:2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 2.1
},
"severity" : "LOW",
"exploitabilityScore" : 3.9,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-03-03T05:00Z",
"lastModifiedDate" : "2016-10-18T02:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0080",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-072.html",
"name" : "RHSA-2003:072",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7128",
"name" : "7128",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.osvdb.org/4400",
"name" : "4400",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11552",
"name" : "gnomelokkit-forward-bypass-firewall(11552)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The iptables ruleset in Gnome-lokkit in Red Hat Linux 8.0 does not include any rules in the FORWARD chain, which could allow attackers to bypass intended access restrictions if packet forwarding is enabled."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnome:gnome-lokkit:0.50_21:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-03-31T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0081",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.guninski.com/etherre.html",
"name" : "http://www.guninski.com/etherre.html",
"refsource" : "MISC",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.ethereal.com/appnotes/enpa-sa-00008.html",
"name" : "http://www.ethereal.com/appnotes/enpa-sa-00008.html",
"refsource" : "CONFIRM",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7049",
"name" : "7049",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-258",
"name" : "DSA-258",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://seclists.org/lists/fulldisclosure/2003/Mar/0080.html",
"name" : "20030308 Ethereal format string bug, yet still ethereal much better than windows",
"refsource" : "FULLDISC",
"tags" : [ ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000627",
"name" : "CLSA-2003:627",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://www.linuxsecurity.com/advisories/gentoo_advisory-2949.html",
"name" : "GLSA-200303-10",
"refsource" : "GENTOO",
"tags" : [ ]
}, {
"url" : "http://frontal2.mandriva.com/security/advisories?name=MDKSA-2003:051",
"name" : "MDKSA-2003:051",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-076.html",
"name" : "RHSA-2003:076",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-077.html",
"name" : "RHSA-2003:077",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.novell.com/linux/security/advisories/2003_019_ethereal.html",
"name" : "SuSE-SA:2003:019",
"refsource" : "SUSE",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A54",
"name" : "oval:org.mitre.oval:def:54",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11497",
"name" : "ethereal-socks-format-string(11497)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Format string vulnerability in packet-socks.c of the SOCKS dissector for Ethereal 0.8.7 through 0.9.9 allows remote attackers to execute arbitrary code via SOCKS packets containing format string specifiers."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.8.18:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-03-18T05:00Z",
"lastModifiedDate" : "2017-10-10T01:30Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0082",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-005-buf.txt",
"name" : "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-005-buf.txt",
"refsource" : "CONFIRM",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-266",
"name" : "DSA-266",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-051.html",
"name" : "RHSA-2003:051",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-052.html",
"name" : "RHSA-2003:052",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-091.html",
"name" : "RHSA-2003:091",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-54042-1",
"name" : "54042",
"refsource" : "SUNALERT",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/7185",
"name" : "7185",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4430",
"name" : "oval:org.mitre.oval:def:4430",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2536",
"name" : "oval:org.mitre.oval:def:2536",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A244",
"name" : "oval:org.mitre.oval:def:244",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/316960/30/25250/threaded",
"name" : "20030331 GLSA: krb5 & mit-krb5 (200303-28)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes the KDC to corrupt its heap (aka \"buffer underrun\")."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mit:kerberos_5:1.2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mit:kerberos_5:1.2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mit:kerberos_5:1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mit:kerberos_5:1.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mit:kerberos_5:1.2.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mit:kerberos_5:1.2.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mit:kerberos_5:1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mit:kerberos_5:1.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mit:kerberos_5:1.3:alpha1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mit:kerberos_5:1.0.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mit:kerberos:1.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mit:kerberos:1.2.2.beta1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mit:kerberos_5:1.2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mit:kerberos_5:1.2.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-04-02T05:00Z",
"lastModifiedDate" : "2020-01-21T15:47Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0083",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://cvs.apache.org/viewcvs.cgi/apache-1.3/src/modules/standard/mod_log_config.c?only_with_tag=APACHE_1_3_25",
"name" : "http://cvs.apache.org/viewcvs.cgi/apache-1.3/src/modules/standard/mod_log_config.c?only_with_tag=APACHE_1_3_25",
"refsource" : "CONFIRM",
"tags" : [ "Broken Link" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-139.html",
"name" : "RHSA-2003:139",
"refsource" : "REDHAT",
"tags" : [ "Third Party Advisory" ]
}, {
"url" : "http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/loggers/mod_log_config.c?only_with_tag=APACHE_2_0_BRANCH",
"name" : "http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/loggers/mod_log_config.c?only_with_tag=APACHE_2_0_BRANCH",
"refsource" : "CONFIRM",
"tags" : [ "Broken Link" ]
}, {
"url" : "http://secunia.com/advisories/8146",
"name" : "8146",
"refsource" : "SECUNIA",
"tags" : [ "Third Party Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=108034113406858&w=2",
"name" : "20040325 LNSA-#2004-0006: bug workaround for Apache 2.0.48",
"refsource" : "BUGTRAQ",
"tags" : [ "Issue Tracking", "Third Party Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=108024081011678&w=2",
"name" : "20040325 GLSA200403-04 Multiple security vulnerabilities in Apache 2",
"refsource" : "BUGTRAQ",
"tags" : [ "Issue Tracking", "Third Party Advisory" ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A151",
"name" : "oval:org.mitre.oval:def:151",
"refsource" : "OVAL",
"tags" : [ "Third Party Advisory" ]
}, {
"url" : "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ "Mailing List", "Vendor Advisory" ]
}, {
"url" : "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ "Mailing List", "Vendor Advisory" ]
}, {
"url" : "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ "Mailing List", "Vendor Advisory" ]
}, {
"url" : "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ "Mailing List", "Vendor Advisory" ]
}, {
"url" : "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"refsource" : "MLIST",
"tags" : [ "Mailing List", "Vendor Advisory" ]
}, {
"url" : "https://lists.apache.org/thread.html/r7035b7c9091c4b665a3b7205364775410646f12125d48e74e395f2ce@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1888194 [2/13] - /httpd/site/trunk/content/security/json/",
"refsource" : "MLIST",
"tags" : [ "Mailing List", "Vendor Advisory" ]
}, {
"url" : "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ "Mailing List", "Vendor Advisory" ]
}, {
"url" : "https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ "Mailing List", "Vendor Advisory" ]
}, {
"url" : "https://lists.apache.org/thread.html/re028d61fe612b0908595d658b9b39e74bca56f2a1ed3c5f06b5ab571@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073139 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"refsource" : "MLIST",
"tags" : [ "Mailing List", "Vendor Advisory" ]
}, {
"url" : "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/",
"refsource" : "MLIST",
"tags" : [ "Mailing List", "Vendor Advisory" ]
}, {
"url" : "https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073149 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"refsource" : "MLIST",
"tags" : [ "Mailing List", "Vendor Advisory" ]
}, {
"url" : "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"refsource" : "MLIST",
"tags" : [ "Mailing List", "Vendor Advisory" ]
}, {
"url" : "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ "Mailing List", "Vendor Advisory" ]
}, {
"url" : "https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ "Mailing List", "Vendor Advisory" ]
}, {
"url" : "https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ "Mailing List", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
"versionStartIncluding" : "1.3.0",
"versionEndExcluding" : "1.3.26",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
"versionStartIncluding" : "2.0.0",
"versionEndExcluding" : "2.0.46",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-04-02T05:00Z",
"lastModifiedDate" : "2021-07-15T20:37Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0084",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://rhn.redhat.com/errata/RHSA-2003-114.html",
"name" : "RHSA-2003:114",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7448",
"name" : "7448",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-113.html",
"name" : "RHSA-2003:113",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.itlab.musc.edu/webNIS/mod_auth_any.html",
"name" : "http://www.itlab.musc.edu/webNIS/mod_auth_any.html",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.ciac.org/ciac/bulletins/n-090.shtml",
"name" : "N-090",
"refsource" : "CIAC",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11893",
"name" : "modauthany-command-execution(11893)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "mod_auth_any package in Red Hat Enterprise Linux 2.1 and other operating systems does not properly escape arguments when calling other programs, which allows attackers to execute arbitrary commands via shell metacharacters."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mod_auth_any:mod_auth_any:1.2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-05-12T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0085",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-262",
"name" : "DSA-262",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7106",
"name" : "7106",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-095.html",
"name" : "RHSA-2003:095",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.novell.com/linux/security/advisories/2003_016_samba.html",
"name" : "SuSE-SA:2003:016",
"refsource" : "SUSE",
"tags" : [ ]
}, {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20030302-01-I",
"name" : "20030302-01-I",
"refsource" : "SGI",
"tags" : [ ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/298233",
"name" : "VU#298233",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200303-11.xml",
"name" : "GLSA-200303-11",
"refsource" : "GENTOO",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:032",
"name" : "MDKSA-2003:032",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/8299",
"name" : "8299",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/8303",
"name" : "8303",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-096.html",
"name" : "RHSA-2003:096",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104801012929374&w=2",
"name" : "20030318 [OpenPKG-SA-2003.021] OpenPKG Security Advisory (samba)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104792723017768&w=2",
"name" : "20030317 Security Bugfix for Samba - Samba 2.2.8 Released",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104792646416629&w=2",
"name" : "20030317 GLSA: samba (200303-11)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A552",
"name" : "oval:org.mitre.oval:def:552",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/317145/30/25220/threaded",
"name" : "IMNX-2003-7+-003-01",
"refsource" : "IMMUNIX",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/316165/30/25370/threaded",
"name" : "20030325 Fwd: APPLE-SA-2003-03-24 Samba, OpenSSL",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in the SMB/CIFS packet fragment re-assembly code for SMB daemon (smbd) in Samba before 2.2.8, and Samba-TNG before 0.3.1, allows remote attackers to execute arbitrary code."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.0a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.1a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.3a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.7a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:cifs-9000_server:a.01.09:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:cifs-9000_server:a.01.09.01:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:cifs-9000_server:a.01.08:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:cifs-9000_server:a.01.08.01:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:cifs-9000_server:a.01.06:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:cifs-9000_server:a.01.07:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:cifs-9000_server:a.01.05:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-03-31T05:00Z",
"lastModifiedDate" : "2018-10-19T15:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0086",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-262",
"name" : "DSA-262",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7107",
"name" : "7107",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-095.html",
"name" : "RHSA-2003:095",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.novell.com/linux/security/advisories/2003_016_samba.html",
"name" : "SuSE-SA:2003:016",
"refsource" : "SUSE",
"tags" : [ ]
}, {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20030302-01-I",
"name" : "20030302-01-I",
"refsource" : "SGI",
"tags" : [ ]
}, {
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200303-11.xml",
"name" : "GLSA-200303-11",
"refsource" : "GENTOO",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:032",
"name" : "MDKSA-2003:032",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/8299",
"name" : "8299",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/8303",
"name" : "8303",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-096.html",
"name" : "RHSA-2003:096",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104801012929374&w=2",
"name" : "20030318 [OpenPKG-SA-2003.021] OpenPKG Security Advisory (samba)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104792646416629&w=2",
"name" : "20030317 GLSA: samba (200303-11)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A554",
"name" : "oval:org.mitre.oval:def:554",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/316165/30/25370/threaded",
"name" : "20030325 Fwd: APPLE-SA-2003-03-24 Samba, OpenSSL",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The code for writing reg files in Samba before 2.2.8 allows local users to overwrite arbitrary files via a race condition involving chown."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.1a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.0a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.7a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.3a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:H/Au:N/C:N/I:P/A:N",
"accessVector" : "LOCAL",
"accessComplexity" : "HIGH",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 1.2
},
"severity" : "LOW",
"exploitabilityScore" : 1.9,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-03-31T05:00Z",
"lastModifiedDate" : "2018-10-19T15:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0087",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.idefense.com/advisory/02.12.03.txt",
"name" : "http://www.idefense.com/advisory/02.12.03.txt",
"refsource" : "MISC",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0066.html",
"name" : "20030212 iDEFENSE Security Advisory 02.12.03: Buffer Overflow in AIX libIM.a",
"refsource" : "VULNWATCH",
"tags" : [ ]
}, {
"url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=IY40307&apar=only",
"name" : "IY40307",
"refsource" : "AIXAPAR",
"tags" : [ ]
}, {
"url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=IY40317&apar=only",
"name" : "IY40317",
"refsource" : "AIXAPAR",
"tags" : [ ]
}, {
"url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=IY40320&apar=only",
"name" : "IY40320",
"refsource" : "AIXAPAR",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6840",
"name" : "6840",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/7996",
"name" : "7996",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104508375107938&w=2",
"name" : "20030212 iDEFENSE Security Advisory 02.12.03: Buffer Overflow in AIX libIM.a",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104508833214691&w=2",
"name" : "20030212 libIM.a buffer overflow vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11309",
"name" : "aix-aixterm-libim-bo(11309)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in libIM library (libIM.a) for National Language Support (NLS) on AIX 4.3 through 5.2 allows local users to gain privileges via several possible attack vectors, including a long -im argument to aixterm."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:national_language_support:libim:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-03-03T05:00Z",
"lastModifiedDate" : "2017-10-10T01:30Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0088",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.atstake.com/research/advisories/2003/a021403-1.txt",
"name" : "A021403-1",
"refsource" : "ATSTAKE",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.iss.net/security_center/static/11332.php",
"name" : "macos-trublueenvironment-gain-privileges(11332)",
"refsource" : "XF",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://docs.info.apple.com/article.html?artnum=61798",
"name" : "http://docs.info.apple.com/article.html?artnum=61798",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt",
"name" : "http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6859",
"name" : "6859",
"refsource" : "BID",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "TruBlueEnvironment for MacOS 10.2.3 and earlier allows local users to overwrite or create arbitrary files and gain root privileges by setting a certain environment variable that is used to write debugging information."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-03-03T05:00Z",
"lastModifiedDate" : "2008-09-11T00:05Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0089",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/advisories/6030",
"name" : "HPSBUX0311-293",
"refsource" : "HP",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/8986",
"name" : "8986",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0038.html",
"name" : "20031113 NSFOCUS SA2003-07: HP-UX Software Distributor Buffer Overflow Vulnerability",
"refsource" : "VULNWATCH",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106873965001431&w=2",
"name" : "20031113 NSFOCUS SA2003-07: HP-UX Software Distributor Buffer Overflow Vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13623",
"name" : "hp-sd-utilities-bo(13623)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5466",
"name" : "oval:org.mitre.oval:def:5466",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in the Software Distributor utilities for HP-UX B.11.00 and B.11.11 allows local users to execute arbitrary code via a long LANG environment variable to setuid programs such as (1) swinstall and (2) swmodify."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-15T05:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0090",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ ]
} ]
},
"references" : {
"reference_data" : [ ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2000-0844. Reason: This candidate is a duplicate of CVE-2000-0844. Notes: All CVE users should reference CVE-2000-0844 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ ]
},
"impact" : { },
"publishedDate" : "2003-12-15T05:00Z",
"lastModifiedDate" : "2008-09-10T19:17Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0091",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0162.html",
"name" : "20030331 NSFOCUS SA2003-02: Solaris lpq Stack Buffer Overflow Vulnerability",
"refsource" : "VULNWATCH",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.nsfocus.com/english/homepage/sa2003-02.htm",
"name" : "http://www.nsfocus.com/english/homepage/sa2003-02.htm",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://packetstormsecurity.org/0304-advisories/sa2003-02.txt",
"name" : "http://packetstormsecurity.org/0304-advisories/sa2003-02.txt",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-52443-1",
"name" : "52443",
"refsource" : "SUNALERT",
"tags" : [ ]
}, {
"url" : "http://www.ciac.org/ciac/bulletins/n-068.shtml",
"name" : "N-068",
"refsource" : "CIAC",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/8713",
"name" : "8713",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4383",
"name" : "oval:org.mitre.oval:def:4383",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/316957/30/25250/threaded",
"name" : "20030331 NSFOCUS SA2003-02: Solaris lpq Stack Buffer Overflow Vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Stack-based buffer overflow in the bsd_queue() function for lpq on Solaris 2.6 and 7 allows local users to gain root privilege."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-04-02T05:00Z",
"lastModifiedDate" : "2018-10-30T16:26Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0092",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0163.html",
"name" : "20030331 NSFOCUS SA2003-03: Solaris dtsession Heap Buffer Overflow Vulnerability",
"refsource" : "VULNWATCH",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-52388-1",
"name" : "52388",
"refsource" : "SUNALERT",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/7240",
"name" : "7240",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1905",
"name" : "oval:org.mitre.oval:def:1905",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/316948/30/25250/threaded",
"name" : "20030331 NSFOCUS SA2003-03: Solaris dtsession Heap Buffer Overflow Vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Heap-based buffer overflow in dtsession for Solaris 2.5.1 through Solaris 9 allows local users to gain root privileges via a long HOME environment variable."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-04-02T05:00Z",
"lastModifiedDate" : "2018-10-30T16:26Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0093",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=81585",
"name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=81585",
"refsource" : "MISC",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-261",
"name" : "DSA-261",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:027",
"name" : "MDKSA-2003:027",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-032.html",
"name" : "RHSA-2003:032",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-033.html",
"name" : "RHSA-2003:033",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-214.html",
"name" : "RHSA-2003:214",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11324",
"name" : "tcpdump-radius-decoder-dos(11324)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The RADIUS decoder in tcpdump 3.6.2 and earlier allows remote attackers to cause a denial of service (crash) via an invalid RADIUS packet with a header length field of 0, which causes tcpdump to generate data within an infinite loop."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:lbl:tcpdump:3.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:lbl:tcpdump:3.4a6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:lbl:tcpdump:3.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:lbl:tcpdump:3.5.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:lbl:tcpdump:3.6.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-03-03T05:00Z",
"lastModifiedDate" : "2017-10-10T01:30Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0094",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:016",
"name" : "MDKSA-2003:016",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6855",
"name" : "6855",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11318",
"name" : "utillinux-mcookie-cookie-predictable(11318)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "A patch for mcookie in the util-linux package for Mandrake Linux 8.2 and 9.0 uses /dev/urandom instead of /dev/random, which causes mcookie to use an entropy source that is more predictable than expected, which may make it easier for certain types of attacks to succeed."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:andries_brouwer:util-linux:2.11n:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:andries_brouwer:util-linux:2.11u:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-03-03T05:00Z",
"lastModifiedDate" : "2017-10-10T01:30Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0095",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-119"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://otn.oracle.com/deploy/security/pdf/2003alert51.pdf",
"name" : "http://otn.oracle.com/deploy/security/pdf/2003alert51.pdf",
"refsource" : "CONFIRM",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.cert.org/advisories/CA-2003-05.html",
"name" : "CA-2003-05",
"refsource" : "CERT",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.iss.net/security_center/static/11328.php",
"name" : "oracle-username-bo(11328)",
"refsource" : "XF",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/953746",
"name" : "VU#953746",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://www.ciac.org/ciac/bulletins/n-046.shtml",
"name" : "N-046",
"refsource" : "CIAC",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6849",
"name" : "6849",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/6319",
"name" : "6319",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104549693426042&w=2",
"name" : "20030217 Oracle unauthenticated remote system compromise (#NISR16022003a)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in ORACLE.EXE for Oracle Database Server 9i, 8i, 8.1.7, and 8.0.6 allows remote attackers to execute arbitrary code via a long username that is provided during login, as exploitable through client applications that perform their own authentication, as demonstrated using LOADPSP."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:9.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:9.0.1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:database_server:8.0.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:database_server:9.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:9.0.1.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:9.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:database_server:9.2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle8i:8.1.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle8i:8.1.7.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:9.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-03-03T05:00Z",
"lastModifiedDate" : "2016-10-18T02:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0096",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-119"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.iss.net/security_center/static/11327.php",
"name" : "oracle-totimestamptz-bo(11327)",
"refsource" : "XF",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/840666",
"name" : "VU#840666",
"refsource" : "CERT-VN",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://otn.oracle.com/deploy/security/pdf/2003alert50.pdf",
"name" : "http://otn.oracle.com/deploy/security/pdf/2003alert50.pdf",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://otn.oracle.com/deploy/security/pdf/2003alert49.pdf",
"name" : "http://otn.oracle.com/deploy/security/pdf/2003alert49.pdf",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/743954",
"name" : "VU#743954",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://otn.oracle.com/deploy/security/pdf/2003alert48.pdf",
"name" : "http://otn.oracle.com/deploy/security/pdf/2003alert48.pdf",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/663786",
"name" : "VU#663786",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://www.cert.org/advisories/CA-2003-05.html",
"name" : "CA-2003-05",
"refsource" : "CERT",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://www.iss.net/security_center/static/11325.php",
"name" : "oracle-bfilename-directory-bo(11325)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "http://www.iss.net/security_center/static/11326.php",
"name" : "oracle-tzoffset-bo(11326)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0075.html",
"name" : "20030217 Oracle TZ_OFFSET Remote System Buffer Overrun (#NISR16022003c)",
"refsource" : "VULNWATCH",
"tags" : [ ]
}, {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0083.html",
"name" : "20030217 Oracle bfilename function buffer overflow vulnerability (#NISR16022003e)",
"refsource" : "VULNWATCH",
"tags" : [ ]
}, {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0073.html",
"name" : "20030217 Oracle unauthenticated remote system compromise (#NISR16022003a)",
"refsource" : "VULNWATCH",
"tags" : [ ]
}, {
"url" : "http://www.nextgenss.com/advisories/ora-bfilebo.txt",
"name" : "http://www.nextgenss.com/advisories/ora-bfilebo.txt",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.nextgenss.com/advisories/ora-tmstmpbo.txt",
"name" : "http://www.nextgenss.com/advisories/ora-tmstmpbo.txt",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.nextgenss.com/advisories/ora-tzofstbo.txt",
"name" : "http://www.nextgenss.com/advisories/ora-tzofstbo.txt",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.ciac.org/ciac/bulletins/n-046.shtml",
"name" : "N-046",
"refsource" : "CIAC",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6847",
"name" : "6847",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6848",
"name" : "6848",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6850",
"name" : "6850",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104550346303295&w=2",
"name" : "20030217 Oracle bfilename function buffer overflow vulnerability (#NISR16022003e)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104549743326864&w=2",
"name" : "20030217 Oracle TO_TIMESTAMP_TZ Remote System Buffer Overrun (#NISR16022003b)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104549782327321&w=2",
"name" : "20030217 Oracle TZ_OFFSET Remote System Buffer Overrun (#NISR16022003c)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple buffer overflows in Oracle 9i Database release 2, Release 1, 8i, 8.1.7, and 8.0.6 allow remote attackers to execute arbitrary code via (1) a long conversion string argument to the TO_TIMESTAMP_TZ function, (2) a long time zone argument to the TZ_OFFSET function, or (3) a long DIRECTORY parameter to the BFILENAME function."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle8i:8.1.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle8i:8.1.7.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:9.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:9.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:database_server:8.0.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:9.0.1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:9.0.1.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:database_server:9.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:database_server:9.2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:9.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "SINGLE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 9.0
},
"severity" : "HIGH",
"exploitabilityScore" : 8.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-03-03T05:00Z",
"lastModifiedDate" : "2016-10-18T02:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0097",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.iss.net/security_center/static/11343.php",
"name" : "php-cgi-sapi-access(11343)",
"refsource" : "XF",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.slackware.com/changelog/current.php?cpu=i386",
"name" : "http://www.slackware.com/changelog/current.php?cpu=i386",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6875",
"name" : "6875",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104550977011668&w=2",
"name" : "20030217 PHP Security Advisory: CGI vulnerability in PHP version 4.3.0",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104567137502557&w=2",
"name" : "GLSA-200302-09.1",
"refsource" : "GENTOO",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104567042700840&w=2",
"name" : "GLSA-200302-09",
"refsource" : "GENTOO",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unknown vulnerability in CGI module for PHP 4.3.0 allows attackers to access arbitrary files as the PHP user, and possibly execute PHP code, by bypassing the CGI force redirect settings (cgi.force_redirect or --enable-force-cgi-redirect)."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php:php:4.3.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-03-03T05:00Z",
"lastModifiedDate" : "2018-10-30T16:25Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0098",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/apcupsd/apcupsd/src/apcnisd.c.diff?r1=1.5&r2=1.6",
"name" : "http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/apcupsd/apcupsd/src/apcnisd.c.diff?r1=1.5&r2=1.6",
"refsource" : "CONFIRM",
"tags" : [ "Broken Link", "Vendor Advisory" ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-277",
"name" : "DSA-277",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://hsj.shadowpenguin.org/misc/apcupsd_exp.txt",
"name" : "http://hsj.shadowpenguin.org/misc/apcupsd_exp.txt",
"refsource" : "MISC",
"tags" : [ "Broken Link" ]
}, {
"url" : "http://sourceforge.net/project/shownotes.php?release_id=137900",
"name" : "http://sourceforge.net/project/shownotes.php?release_id=137900",
"refsource" : "CONFIRM",
"tags" : [ "Broken Link" ]
}, {
"url" : "http://www.novell.com/linux/security/advisories/2003_022_apcupsd.html",
"name" : "SuSE-SA:2003:022",
"refsource" : "SUSE",
"tags" : [ "Broken Link" ]
}, {
"url" : "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-015.0.txt",
"name" : "CSSA-2003-015.0",
"refsource" : "CALDERA",
"tags" : [ "Broken Link" ]
}, {
"url" : "http://www.securityfocus.com/bid/7200",
"name" : "7200",
"refsource" : "BID",
"tags" : [ "Third Party Advisory", "VDB Entry" ]
}, {
"url" : "http://www.iss.net/security_center/static/11334.php",
"name" : "apcupsd-logevent-format-string(11334)",
"refsource" : "XF",
"tags" : [ "Broken Link" ]
}, {
"url" : "http://securitytracker.com/id?1006108",
"name" : "1006108",
"refsource" : "SECTRACK",
"tags" : [ "Third Party Advisory", "VDB Entry" ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:018",
"name" : "MDKSA-2003:018",
"refsource" : "MANDRAKE",
"tags" : [ "Third Party Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/6828",
"name" : "6828",
"refsource" : "BID",
"tags" : [ "Third Party Advisory", "VDB Entry" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unknown vulnerability in apcupsd before 3.8.6, and 3.10.x before 3.10.5, allows remote attackers to gain root privileges, possibly via format strings in a request to a slave server."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apcupsd:apcupsd:*:*:*:*:*:*:*:*",
"versionEndExcluding" : "3.8.6",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apcupsd:apcupsd:*:*:*:*:*:*:*:*",
"versionStartIncluding" : "3.10.0",
"versionEndExcluding" : "3.10.5",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:debian:debian_linux:2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-03-03T05:00Z",
"lastModifiedDate" : "2018-09-26T15:59Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0099",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://sourceforge.net/project/shownotes.php?release_id=137900",
"name" : "http://sourceforge.net/project/shownotes.php?release_id=137900",
"refsource" : "CONFIRM",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-277",
"name" : "DSA-277",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.iss.net/security_center/static/11491.php",
"name" : "apcupsd-vsprintf-multiple-bo(11491)",
"refsource" : "XF",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://sourceforge.net/project/shownotes.php?release_id=137892",
"name" : "http://sourceforge.net/project/shownotes.php?release_id=137892",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/7200",
"name" : "7200",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-015.0.txt",
"name" : "CSSA-2003-015.0",
"refsource" : "CALDERA",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:018",
"name" : "MDKSA-2003:018",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://www.novell.com/linux/security/advisories/2003_022_apcupsd.html",
"name" : "SuSE-SA:2003:022",
"refsource" : "SUSE",
"tags" : [ ]
}, {
"url" : "http://securitytracker.com/id?1006108",
"name" : "1006108",
"refsource" : "SECTRACK",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple buffer overflows in apcupsd before 3.8.6, and 3.10.x before 3.10.5, may allow attackers to cause a denial of service or execute arbitrary code, related to usage of the vsprintf function."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apc:apcupsd:3.8.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-03-03T05:00Z",
"lastModifiedDate" : "2008-09-10T19:17Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0100",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.iss.net/security_center/static/11373.php",
"name" : "cisco-ios-ospf-bo(11373)",
"refsource" : "XF",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/6895",
"name" : "6895",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104587206702715&w=2",
"name" : "20030221 Re: Cisco IOS OSPF exploit",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104576100719090&w=2",
"name" : "20030220 Cisco IOS OSPF exploit",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in Cisco IOS 11.2.x to 12.0.x allows remote attackers to cause a denial of service and possibly execute commands via a large number of OSPF neighbor announcements."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.1\\(15\\)ca:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.1\\(15\\)ia:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.1\\(24b\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.1\\(28a\\)ct:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.1aa:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.1ca:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.2\\(17\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.2\\(19\\)gs0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.2\\(4\\)f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.2\\(4\\)f1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.2\\(9\\)p:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.2xa:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.1\\(36\\)ca2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.1ct:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.1\\(13\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.1\\(16\\)aa:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.3na:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(1\\)xb:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.1cc:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(1\\)xe:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.2wa4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(11\\)st4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.3t:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.2\\(23a\\)bc1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.2\\(19a\\)gs6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(14\\)st:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.1\\(28a\\)ia:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.1\\(16\\)ia:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.3\\(2\\)xa:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(11a\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.3\\(11c\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.2\\(9\\)xa:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.3xa:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0xk:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(16.06\\)s:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.2f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0st:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.2bc:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(5\\)xk2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(17a\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(7.4\\)s:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0xj:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(2\\)xd:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(9\\)s:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(5.3\\)wc1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.2\\(4\\)xaf:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(9\\)s8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(12a\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.3\\(1\\)ed:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0xb:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(14a\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(3d\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.3\\(7\\)db1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(10\\)w5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(16\\)w5\\(21\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(7a\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(10\\)s7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(5.4\\)wc1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(14\\)w5\\(20\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0xa:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0sp:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(2\\)xc:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.3\\(8\\)db2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(5\\)wc:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(17\\)st5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(7\\)xe:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(5\\)xn:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(4\\)s:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(13\\)s6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.2\\(4\\)xa:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0xi:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(7\\)wx5\\(15a\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(5\\)wc2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(12\\)s3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.3wa4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(16\\)sc3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(8\\)s1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0xc:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0xr:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(5\\)t1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(15\\)s3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(13\\)wt6\\(1\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(9\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(5\\)wc3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0xq:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(16a\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(18\\)s5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(16\\)st1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.1ia:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(9a\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0xd:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(7\\)db2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.3da:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(2\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.2\\(8\\)sa3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0xl:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.2\\(8\\)p:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0xs:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.1\\(13\\)ca:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(17\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(17\\)sl2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(14\\)st3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0xh:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0t:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(10\\)w5\\(18g\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(7\\)xv:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(13\\)w5\\(19c\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(4\\)xe:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0xu:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(1\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(3\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.2\\(26a\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(7\\)t:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.2\\(8\\)sa1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.2p:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0sl:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.3db:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0db:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(6b\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(10\\)w5\\(18f\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(2\\)xf:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(7\\)t2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.3aa:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(5.2\\)xu:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(7\\)xk3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(8a\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.1\\(17\\)cc:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(7\\)xf:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(7\\)dc1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(5\\)xe:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0sc:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.2\\(26\\)p2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(4\\)t:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0da:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(15\\)s6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.1\\(17\\)ct:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.1\\(13\\)aa:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0wx:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0xm:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(18b\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(8\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(5\\)wc2b:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0wt:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(18\\)s:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(7\\)xe2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(5\\)t:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.1\\(36\\)cc4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0xg:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.3\\(11\\)b:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(5.1\\)xp:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.1\\(36\\)cc2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(5\\)xk:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(3\\)t2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(17\\)st1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0sx:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(5\\)xn1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.3\\(1\\)t:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(17\\)sl6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.2gs:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(2\\)xe:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(5\\)xs:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.3\\(11b\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(7\\)sc:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.3ma:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(5\\)yb4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0dc:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0xe:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(1\\)w:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(4\\)xm:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(8.0.2\\)s:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.1\\(13\\)ia:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.1\\(15\\)aa:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(14\\)s7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.1\\(20\\)aa4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(7\\)xk:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(8.3\\)sc:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(16\\)s8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(2\\)xg:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(15a\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(7\\)s1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.2\\(4\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(4\\)xe1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.1\\(7\\)aa:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.2sa:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.1\\(7\\)ca:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(7\\)xf1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(10a\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(18\\)st1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.3\\(11b\\)t2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.2\\(26b\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0w5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.1\\(9\\)ia:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.2\\(8.9\\)sa6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0xn:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(5\\)xu:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.3ha:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(13a\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(1\\)xa3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0wc:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.2\\(8\\)sa5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(2b\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(17\\)s:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0s:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(11\\)s6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(18\\)w5\\(22b\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(5\\)wx:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0xw:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.2wa3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(5\\)wc3b:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.2\\(10\\)bc:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.2\\(11b\\)t2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.1\\(24a\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0xp:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0xv:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0xf:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(4\\)xm1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(17\\)s4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-03-03T05:00Z",
"lastModifiedDate" : "2016-10-18T02:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0101",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.iss.net/security_center/static/11390.php",
"name" : "webmin-usermin-root-access(11390)",
"refsource" : "XF",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.lac.co.jp/security/english/snsadv_e/62_e.html",
"name" : "http://www.lac.co.jp/security/english/snsadv_e/62_e.html",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-319",
"name" : "DSA-319",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://archives.neohapsis.com/archives/linux/engarde/2003-q1/0008.html",
"name" : "ESA-20030225-006",
"refsource" : "ENGARDE",
"tags" : [ ]
}, {
"url" : "http://archives.neohapsis.com/archives/hp/2003-q1/0063.html",
"name" : "HPSBUX0303-250",
"refsource" : "HP",
"tags" : [ ]
}, {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20030602-01-I",
"name" : "20030602-01-I",
"refsource" : "SGI",
"tags" : [ ]
}, {
"url" : "http://www.ciac.org/ciac/bulletins/n-058.shtml",
"name" : "N-058",
"refsource" : "CIAC",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6915",
"name" : "6915",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.linuxsecurity.com/advisories/gentoo_advisory-2886.html",
"name" : "http://www.linuxsecurity.com/advisories/gentoo_advisory-2886.html",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:025",
"name" : "MDKSA-2003:025",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/8115",
"name" : "8115",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/8163",
"name" : "8163",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://www.securitytracker.com/id?1006160",
"name" : "1006160",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=webmin-announce&m=104587858408101&w=2",
"name" : "http://marc.info/?l=webmin-announce&m=104587858408101&w=2",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104610336226274&w=2",
"name" : "20030224 GLSA: usermin (200302-14)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104610245624895&w=2",
"name" : "20030224 Webmin 1.050 - 1.060 remote exploit",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104610300325629&w=2",
"name" : "20030224 [SNS Advisory No.62] Webmin/Usermin Session ID Spoofing Vulnerability \"Episode 2\"",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 does not properly handle metacharacters such as line feeds and carriage returns (CRLF) in Base-64 encoded strings during Basic authentication, which allows remote attackers to spoof a session ID and gain root privileges."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:usermin:usermin:0.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:usermin:usermin:0.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:usermin:usermin:0.96:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:usermin:usermin:0.97:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:usermin:usermin:0.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:usermin:usermin:0.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:usermin:usermin:0.93:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:usermin:usermin:0.94:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:usermin:usermin:0.95:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:usermin:usermin:0.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:usermin:usermin:0.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:usermin:usermin:0.91:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:webmin:webmin:1.0.60:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:usermin:usermin:0.99:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:usermin:usermin:0.92:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:usermin:usermin:0.98:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:webmin:webmin:1.0.50:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:engardelinux:guardian_digital_webtool:1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-03-03T05:00Z",
"lastModifiedDate" : "2016-10-18T02:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0102",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.idefense.com/advisory/03.04.03.txt",
"name" : "http://www.idefense.com/advisory/03.04.03.txt",
"refsource" : "MISC",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7008",
"name" : "7008",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-260",
"name" : "DSA-260",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://lwn.net/Alerts/34908/",
"name" : "IMNX-2003-7+-012-01",
"refsource" : "IMMUNIX",
"tags" : [ ]
}, {
"url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:030",
"name" : "MDKSA-2003:030",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-003.txt.asc",
"name" : "NetBSD-SA2003-003",
"refsource" : "NETBSD",
"tags" : [ ]
}, {
"url" : "http://www.novell.com/linux/security/advisories/2003_017_file.html",
"name" : "SuSE-SA:2003:017",
"refsource" : "SUSE",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-086.html",
"name" : "RHSA-2003:086",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-087.html",
"name" : "RHSA-2003:087",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/611865",
"name" : "VU#611865",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104680706201721&w=2",
"name" : "20030304 iDEFENSE Security Advisory 03.04.03: Locally Exploitable Buffer Overflow in file(1)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11469",
"name" : "file-afctr-read-bo(11469)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in tryelf() in readelf.c of the file command allows attackers to execute arbitrary code as the user running file, possibly via a large entity size value in an ELF header (elfhdr.e_shentsize)."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:file:file:3.30:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:file:file:3.32:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:file:file:3.28:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:file:file:3.37:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:file:file:3.39:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:file:file:3.40:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:file:file:3.33:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:file:file:3.34:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:file:file:3.35:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:file:file:3.36:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.5.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.5.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-03-18T05:00Z",
"lastModifiedDate" : "2018-05-03T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0103",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/6952",
"name" : "6952",
"refsource" : "BID",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.iss.net/security_center/static/11421.php",
"name" : "nokia-6210-vcard-dos(11421)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Format string vulnerability in Nokia 6210 handset allows remote attackers to cause a denial of service (crash, lockup, or restart) via a Multi-Part vCard with fields containing a large number of format string specifiers."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:nokia:6210_handset:5.27:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-03-07T05:00Z",
"lastModifiedDate" : "2008-09-05T20:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0104",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21999",
"name" : "20030310 PeopleSoft PeopleTools Remote Command Execution Vulnerability",
"refsource" : "ISS",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.iss.net/security_center/static/10962.php",
"name" : "peoplesoft-schedulertransfer-create-files(10962)",
"refsource" : "XF",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7053",
"name" : "7053",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Directory traversal vulnerability in PeopleTools 8.10 through 8.18, 8.40, and 8.41 allows remote attackers to overwrite arbitrary files via the SchedulerTransfer servlet."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.12:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.14:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.40:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.15:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.16:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.17:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.18:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.13:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.41:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-03-18T05:00Z",
"lastModifiedDate" : "2008-09-05T20:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0105",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.corsaire.com/advisories/c030224-001.txt",
"name" : "http://www.corsaire.com/advisories/c030224-001.txt",
"refsource" : "MISC",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=109215441332682&w=2",
"name" : "20040810 Corsaire Security Advisory - Port80 Software ServerMask inconsistencies",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16947",
"name" : "servermask-header-obtain-info(16947)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "ServerMask 2.2 and earlier does not obfuscate (1) ETag, (2) HTTP Status Message, or (3) Allow HTTP responses, which could tell remote attackers that the web server is an IIS server."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:port80_software:servermask:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "2.2",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-09-28T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0106",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://service1.symantec.com/SUPPORT/ent-gate.nsf/docid/2003032507434754",
"name" : "http://service1.symantec.com/SUPPORT/ent-gate.nsf/docid/2003032507434754",
"refsource" : "CONFIRM",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7196",
"name" : "7196",
"refsource" : "BID",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0152.html",
"name" : "20030326 Corsaire Security Advisory - Symantec Enterprise Firewall (SEF) H TTP URL pattern evasion issue",
"refsource" : "VULNWATCH",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104869513822233&w=2",
"name" : "20030326 Corsaire Security Advisory - Symantec Enterprise Firewall (SEF) H TTP URL pattern evasion issue",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=ntbugtraq&m=104868285106289&w=2",
"name" : "20030326 Corsaire Security Advisory - Symantec Enterprise Firewall (SEF) H TTP URL pattern evasion issue",
"refsource" : "NTBUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The HTTP proxy for Symantec Enterprise Firewall (SEF) 7.0 allows proxy users to bypass pattern matching for blocked URLs via requests that are URL-encoded with escapes, Unicode, or UTF-8."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:symantec:enterprise_firewall:7.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-04-02T05:00Z",
"lastModifiedDate" : "2016-10-18T02:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0107",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://online.securityfocus.com/archive/1/312869",
"name" : "20030222 buffer overrun in zlib 1.1.4",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.iss.net/security_center/static/11381.php",
"name" : "zlib-gzprintf-bo(11381)",
"refsource" : "XF",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://lists.apple.com/mhonarc/security-announce/msg00038.html",
"name" : "http://lists.apple.com/mhonarc/security-announce/msg00038.html",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-011.0.txt",
"name" : "CSSA-2003-011.0",
"refsource" : "CALDERA",
"tags" : [ ]
}, {
"url" : "http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000619",
"name" : "CLSA-2003:619",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:033",
"name" : "MDKSA-2003:033",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-004.txt.asc",
"name" : "NetBSD-SA2003-004",
"refsource" : "NETBSD",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-079.html",
"name" : "RHSA-2003:079",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-081.html",
"name" : "RHSA-2003:081",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57405",
"name" : "57405",
"refsource" : "SUNALERT",
"tags" : [ ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/142121",
"name" : "VU#142121",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://www.securityfocus.com/bid/6913",
"name" : "6913",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/6599",
"name" : "6599",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104620610427210&w=2",
"name" : "20030225 [sorcerer-spells] ZLIB-SORCERER2003-02-25",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104887247624907&w=2",
"name" : "GLSA-200303-25",
"refsource" : "GENTOO",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104610536129508&w=2",
"name" : "20030224 Re: buffer overrun in zlib 1.1.4",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104610337726297&w=2",
"name" : "20030223 poc zlib sploit just for fun :)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000066.html",
"name" : "JVNDB-2015-000066",
"refsource" : "JVNDB",
"tags" : [ ]
}, {
"url" : "http://jvn.jp/en/jp/JVN78689801/index.html",
"name" : "JVN#78689801",
"refsource" : "JVN",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in the gzprintf function in zlib 1.1.4, when zlib is compiled without vsnprintf or when long inputs are truncated using vsnprintf, allows attackers to cause a denial of service or possibly execute arbitrary code."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:zlib:1.1.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-03-07T05:00Z",
"lastModifiedDate" : "2017-01-03T02:59Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0108",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/6974",
"name" : "6974",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.idefense.com/advisory/02.27.03.txt",
"name" : "http://www.idefense.com/advisory/02.27.03.txt",
"refsource" : "MISC",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-255",
"name" : "DSA-255",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.iss.net/security_center/static/11434.php",
"name" : "tcpdump-isakmp-dos(11434)",
"refsource" : "XF",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000629",
"name" : "CLA-2003:629",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:027",
"name" : "MDKSA-2003:027",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-032.html",
"name" : "RHSA-2003:032",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-085.html",
"name" : "RHSA-2003:085",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-214.html",
"name" : "RHSA-2003:214",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.novell.com/linux/security/advisories/2003_015_tcpdump.html",
"name" : "SuSE-SA:2003:0015",
"refsource" : "SUSE",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104637420104189&w=2",
"name" : "20030227 iDEFENSE Security Advisory 02.27.03: TCPDUMP Denial of Service Vulnerability in ISAKMP Packet Parsin",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104678787109030&w=2",
"name" : "20030304 [OpenPKG-SA-2003.014] OpenPKG Security Advisory (tcpdump)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "isakmp_sub_print in tcpdump 3.6 through 3.7.1 allows remote attackers to cause a denial of service (CPU consumption) via a certain malformed ISAKMP packet to UDP port 500, which causes tcpdump to enter an infinite loop."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:lbl:tcpdump:3.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:lbl:tcpdump:3.7.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:lbl:tcpdump:3.5.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:lbl:tcpdump:3.6.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-03-07T05:00Z",
"lastModifiedDate" : "2016-10-18T02:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0109",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=22029",
"name" : "20030317 Microsoft IIS WebDAV Remote Compromise Vulnerability",
"refsource" : "ISS",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.cert.org/advisories/CA-2003-09.html",
"name" : "CA-2003-09",
"refsource" : "CERT",
"tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.iss.net/security_center/static/11533.php",
"name" : "http-webdav-long-request(11533)",
"refsource" : "XF",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7116",
"name" : "7116",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.nextgenss.com/papers/ms03-007-ntdll.pdf",
"name" : "http://www.nextgenss.com/papers/ms03-007-ntdll.pdf",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/117394",
"name" : "VU#117394",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://microsoft.com/downloads/details.aspx?FamilyId=C9A38D45-5145-4844-B62E-C69D32AC929B&displaylang=en",
"name" : "http://microsoft.com/downloads/details.aspx?FamilyId=C9A38D45-5145-4844-B62E-C69D32AC929B&displaylang=en",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104869293619064&w=2",
"name" : "20030326 WebDAV exploit: using wide character decoder scheme",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104887148323552&w=2",
"name" : "20030328 Fate Research Labs Presents: Analysis of the NTDLL.DLL Exploit",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105768156625699&w=2",
"name" : "20030708 WDAV exploit without netcat and with pretty magic number",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104861839130254&w=2",
"name" : "20030325 IIS 5.0 WebDAV -Proof of concept-. Fully documented.",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104826476427372&w=2",
"name" : "20030321 New attack vectors and a vulnerability dissection of MS03-007",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=ntbugtraq&m=104826785731151&w=2",
"name" : "20030321 New attack vectors and a vulnerability dissection of MS03-007",
"refsource" : "NTBUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A109",
"name" : "oval:org.mitre.oval:def:109",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "http://support.microsoft.com/default.aspx?scid=kb;[LN];Q815021",
"name" : "Q815021",
"refsource" : "MSKB",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-007",
"name" : "MS03-007",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute arbitrary code, as demonstrated via a WebDAV request to IIS 5.0."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000_terminal_services:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-03-31T05:00Z",
"lastModifiedDate" : "2019-04-30T14:27Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0110",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.idefense.com/advisory/04.09.03.txt",
"name" : "http://www.idefense.com/advisory/04.09.03.txt",
"refsource" : "MISC",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104994487012027&w=2",
"name" : "20030409 iDEFENSE Security Advisory 04.09.03: Denial of Service in Microsoft Proxy Server and Internet Security and Acceleration Server 2000",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A406",
"name" : "oval:org.mitre.oval:def:406",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-012",
"name" : "MS03-012",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The Winsock Proxy service in Microsoft Proxy Server 2.0 and the Microsoft Firewall service in Internet Security and Acceleration (ISA) Server 2000 allow remote attackers to cause a denial of service (CPU consumption or packet storm) via a spoofed, malformed packet to UDP port 1745."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:isa_server:2000:fp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:isa_server:2000:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:proxy_server:2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:proxy_server:2.0:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:isa_server:2000:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-05-05T04:00Z",
"lastModifiedDate" : "2018-10-12T21:32Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0111",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.kb.cert.org/vuls/id/447569",
"name" : "VU#447569",
"refsource" : "CERT-VN",
"tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.iss.net/security_center/static/11751.php",
"name" : "msvm-bytecode-improper-validation(11751)",
"refsource" : "XF",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A136",
"name" : "oval:org.mitre.oval:def:136",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-011",
"name" : "MS03-011",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The ByteCode Verifier component of Microsoft Virtual Machine (VM) build 5.0.3809 and earlier, as used in Windows and Internet Explorer, allows remote attackers to bypass security checks and execute arbitrary code via a malicious Java applet, aka \"Flaw in Microsoft VM Could Enable System Compromise.\""
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:virtual_machine:3802:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:virtual_machine:3805:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:virtual_machine:3809:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000_terminal_services:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-05-05T04:00Z",
"lastModifiedDate" : "2019-04-30T14:27Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0112",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/7370",
"name" : "7370",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/446338",
"name" : "VU#446338",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11803",
"name" : "win-kernel-lpcrequestwaitreplyport-bo(11803)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A779",
"name" : "oval:org.mitre.oval:def:779",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3145",
"name" : "oval:org.mitre.oval:def:3145",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A262",
"name" : "oval:org.mitre.oval:def:262",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2265",
"name" : "oval:org.mitre.oval:def:2265",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2022",
"name" : "oval:org.mitre.oval:def:2022",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A142",
"name" : "oval:org.mitre.oval:def:142",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1264",
"name" : "oval:org.mitre.oval:def:1264",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-013",
"name" : "MS03-013",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in Windows Kernel allows local users to gain privileges by causing certain error messages to be passed to a debugger."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000_terminal_services:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-05-12T04:00Z",
"lastModifiedDate" : "2019-04-30T14:27Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0113",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.kb.cert.org/vuls/id/169753",
"name" : "VU#169753",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105138417416900&w=2",
"name" : "20030426 Buffer overflow in Internet Explorer's HTTP parsing code",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105718285107246&w=2",
"name" : "20030701 URLMON.DLL buffer overflow - technical details",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A926",
"name" : "oval:org.mitre.oval:def:926",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015",
"name" : "MS03-015",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via an HTTP response containing long values in (1) Content-type and (2) Content-encoding fields."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-05-12T04:00Z",
"lastModifiedDate" : "2018-10-12T21:32Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0114",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=104429340817718&w=2",
"name" : "20030203 internet explorer local file reading",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A963",
"name" : "oval:org.mitre.oval:def:963",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015",
"name" : "MS03-015",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The file upload control in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to automatically upload files from the local system via a web page containing a script to upload the files."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-05-12T04:00Z",
"lastModifiedDate" : "2018-10-12T21:32Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0115",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.iss.net/security_center/static/11848.php",
"name" : "ie-improper-thirdparty-rendering(11848)",
"refsource" : "XF",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015",
"name" : "MS03-015",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check parameters that are passed during third party rendering, which could allow remote attackers to execute arbitrary web script, aka the \"Third Party Plugin Rendering\" vulnerability, a different vulnerability than CVE-2003-0233."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-05-12T04:00Z",
"lastModifiedDate" : "2018-10-12T21:32Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0116",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/6306",
"name" : "6306",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/archive/1/301945",
"name" : "20021203 Poisonous Style for Dialog window turns the zone off.",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/244729",
"name" : "VU#244729",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015",
"name" : "MS03-015",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check the Cascading Style Sheet input parameter for Modal dialogs, which allows remote attackers to read files on the local system via a web page containing script that creates a dialog and then accesses the target files, aka \"Modal Dialog script execution.\""
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-05-12T04:00Z",
"lastModifiedDate" : "2018-10-12T21:32Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0117",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=105216866132289&w=2",
"name" : "20030505 Microsoft Biztalk Server ISAPI HTTP Receive function buffer overflow",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-016",
"name" : "MS03-016",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in the HTTP receiver function (BizTalkHTTPReceive.dll ISAPI) of Microsoft BizTalk Server 2002 allows attackers to execute arbitrary code via a certain request to the HTTP receiver."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:biztalk_server:2002:*:developer:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:biztalk_server:2002:*:enterprise:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-05-12T04:00Z",
"lastModifiedDate" : "2018-10-12T21:32Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0118",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=105216839231951&w=2",
"name" : "20030505 Microsoft Biztalk Server DTA vulnerable to SQL injection",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-016",
"name" : "MS03-016",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "SQL injection vulnerability in the Document Tracking and Administration (DTA) website of Microsoft BizTalk Server 2000 and 2002 allows remote attackers to execute operating system commands via a request to (1) rawdocdata.asp or (2) RawCustomSearchField.asp containing an embedded SQL statement."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:biztalk_server:2000:sp1a:developer:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:biztalk_server:2000:sp1a:enterprise:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:biztalk_server:2000:sp1a:standard:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:biztalk_server:2000:sp2:developer:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:biztalk_server:2000:*:developer:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:biztalk_server:2000:sp2:enterprise:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:biztalk_server:2000:sp2:standard:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:biztalk_server:2000:*:enterprise:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:biztalk_server:2000:*:standard:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:biztalk_server:2002:*:developer:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:biztalk_server:2002:*:enterprise:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-05-12T04:00Z",
"lastModifiedDate" : "2018-10-12T21:32Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0119",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.kb.cert.org/vuls/id/624713",
"name" : "VU#624713",
"refsource" : "CERT-VN",
"tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.securityfocus.com/bid/7264",
"name" : "7264",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www-1.ibm.com/services/continuity/recover1.nsf/4699c03b46f2d4f68525678c006d45ae/85256a3400529a8685256cde0008ddde?OpenDocument",
"name" : "MSS-OAR-E01-2003:0245.1",
"refsource" : "IBM",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/8221",
"name" : "8221",
"refsource" : "SECUNIA",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The secldapclntd daemon in AIX 4.3, 5.1 and 5.2 uses an Internet socket when communicating with the loadmodule, which allows remote attackers to directly connect to the daemon and conduct unauthorized activities."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:ibm:aix:4.3.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:ibm:aix:5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-02-03T05:00Z",
"lastModifiedDate" : "2008-09-05T20:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0120",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-256",
"name" : "DSA-256",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/6978",
"name" : "6978",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.iss.net/security_center/static/11439.php",
"name" : "mhc-adb2mhc-insecure-tmp(11439)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "adb2mhc in the mhc-utils package before 0.25+20010625-7.1 allows local users to overwrite arbitrary files via a symlink attack on a default temporary directory with a predictable name."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mhc-utils:mhc-utils:0.25_snap2001-06-25:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:H/Au:N/C:N/I:P/A:N",
"accessVector" : "LOCAL",
"accessComplexity" : "HIGH",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 1.2
},
"severity" : "LOW",
"exploitabilityScore" : 1.9,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-03-07T05:00Z",
"lastModifiedDate" : "2008-09-05T20:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0121",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/7044",
"name" : "7044",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/archive/1/316311",
"name" : "20030326 RE: Corsaire Security Advisory - Clearswift MAILsweeper MIME attachment evasion issue",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104716030503607&w=2",
"name" : "20030307 Corsaire Security Advisory - Clearswift MAILsweeper MIME attachment evasion issue",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Clearswift MAILsweeper 4.x allows remote attackers to bypass attachment detection via an attachment that does not specify a MIME-Version header field, which is processed by some mail clients."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-03-18T05:00Z",
"lastModifiedDate" : "2016-10-18T02:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0122",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www-1.ibm.com/support/docview.wss?rs=482&q=Domino&uid=swg21105101",
"name" : "http://www-1.ibm.com/support/docview.wss?rs=482&q=Domino&uid=swg21105101",
"refsource" : "CONFIRM",
"tags" : [ "Broken Link" ]
}, {
"url" : "http://www.securityfocus.com/bid/7037",
"name" : "7037",
"refsource" : "BID",
"tags" : [ "Patch", "Third Party Advisory", "VDB Entry", "Vendor Advisory" ]
}, {
"url" : "http://www.rapid7.com/advisories/R7-0010.html",
"name" : "http://www.rapid7.com/advisories/R7-0010.html",
"refsource" : "MISC",
"tags" : [ "Not Applicable" ]
}, {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0125.html",
"name" : "20030313 R7-0010: Buffer Overflow in Lotus Notes Protocol Authentication",
"refsource" : "VULNWATCH",
"tags" : [ "Third Party Advisory" ]
}, {
"url" : "http://www.cert.org/advisories/CA-2003-11.html",
"name" : "CA-2003-11",
"refsource" : "CERT",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/433489",
"name" : "VU#433489",
"refsource" : "CERT-VN",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.ciac.org/ciac/bulletins/n-065.shtml",
"name" : "N-065",
"refsource" : "CIAC",
"tags" : [ "Broken Link" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104757319829443&w=2",
"name" : "20030313 R7-0010: Buffer Overflow in Lotus Notes Protocol Authentication",
"refsource" : "BUGTRAQ",
"tags" : [ "Mailing List", "Third Party Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11526",
"name" : "lotus-nrpc-bo(11526)",
"refsource" : "XF",
"tags" : [ "Third Party Advisory", "VDB Entry" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in Notes server before Lotus Notes R4, R5 before 5.0.11, and early R6 allows remote attackers to execute arbitrary code via a long distinguished name (DN) during NotesRPC authentication and an outer field length that is less than that of the DN field."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino:5.0.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino:5.0.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino:5.0.6a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino:5.0.7a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:lotus_notes_client:5.0.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:lotus_notes_client:5.0.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:lotus_notes_client:r5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino:4.6.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino:5.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino:5.0.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino:5.0.8a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:lotus_notes_client:5.0.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino:4.6.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:lotus_notes_client:5.0.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:lotus_notes_client:5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:lotus_notes_client:5.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino:5.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino:5.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino:5.0.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:lotus_notes_client:5.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino:5.0.4a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino:5.0.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:lotus_notes_client:5.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino:5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino:4.6.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:lotus_notes_client:5.0.9a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino:5.0.9a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino:5.0.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino:5.0.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-03-18T05:00Z",
"lastModifiedDate" : "2017-12-12T17:05Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0123",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www-1.ibm.com/support/docview.wss?rs=482&q=Domino&uid=swg21105060",
"name" : "http://www-1.ibm.com/support/docview.wss?rs=482&q=Domino&uid=swg21105060",
"refsource" : "CONFIRM",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7038",
"name" : "7038",
"refsource" : "BID",
"tags" : [ "Third Party Advisory", "VDB Entry" ]
}, {
"url" : "http://www.rapid7.com/advisories/R7-0011.html",
"name" : "http://www.rapid7.com/advisories/R7-0011.html",
"refsource" : "MISC",
"tags" : [ "Not Applicable" ]
}, {
"url" : "http://www.cert.org/advisories/CA-2003-11.html",
"name" : "CA-2003-11",
"refsource" : "CERT",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/411489",
"name" : "VU#411489",
"refsource" : "CERT-VN",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.ciac.org/ciac/bulletins/n-065.shtml",
"name" : "N-065",
"refsource" : "CIAC",
"tags" : [ "Broken Link" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104757545500368&w=2",
"name" : "20030313 R7-0011: Lotus Notes/Domino Web Retriever HTTP Status Buffer Overflow",
"refsource" : "BUGTRAQ",
"tags" : [ "Mailing List", "Third Party Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11525",
"name" : "lotus-web-retriever-bo(11525)",
"refsource" : "XF",
"tags" : [ "Third Party Advisory", "VDB Entry" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in Web Retriever client for Lotus Notes/Domino R4.5 through R6 allows remote malicious web servers to cause a denial of service (crash) via a long HTTP status line."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino:4.6.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino:5.0.7a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino:5.0.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino:5.0.8a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino:5.0.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino:4.6.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino:5.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino:5.0.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino:5.0.6a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino:5.0.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:lotus_notes_client:5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:lotus_notes_client:5.0.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:lotus_notes_client:5.0.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino:5.0.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino:5.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:lotus_notes_client:r5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:lotus_notes_client:5.0.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:lotus_notes_client:5.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino:5.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:lotus_notes_client:5.0.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:lotus_notes_client:5.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino:5.0.4a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino:5.0.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino:5.0.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:lotus_notes_client:5.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino:5.0.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino:5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino:4.6.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:lotus_notes_client:5.0.9a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino:5.0.9a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-03-18T05:00Z",
"lastModifiedDate" : "2017-11-22T14:04Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0124",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/7066",
"name" : "7066",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000620",
"name" : "CLSA-2003:620",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-133.html",
"name" : "RHSA-2003:133",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-134.html",
"name" : "RHSA-2003:134",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104802285112752&w=2",
"name" : "GLSA-200303-13",
"refsource" : "GENTOO",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104740927915154&w=2",
"name" : "20030311 Vulnerability in man < 1.5l",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11512",
"name" : "man-myxsprintf-code-execution(11512)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "man before 1.5l allows attackers to execute arbitrary code via a malformed man file with improper quotes, which causes the my_xsprintf function to return a string with the value \"unsafe,\" which is then executed as a program via a system call if it is in the search path of the user who runs man."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:andries_brouwer:man:1.5h1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:andries_brouwer:man:1.5i:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:andries_brouwer:man:1.5i2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:andries_brouwer:man:1.5j:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:andries_brouwer:man:1.5k:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-03-18T05:00Z",
"lastModifiedDate" : "2017-10-10T01:30Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0125",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.krusesecurity.dk/advisories/routefind550bof.txt",
"name" : "http://www.krusesecurity.dk/advisories/routefind550bof.txt",
"refsource" : "MISC",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "ftp://ftp.multitech.com/Routers/RF550VPN.TXT",
"name" : "ftp://ftp.multitech.com/Routers/RF550VPN.TXT",
"refsource" : "CONFIRM",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7067",
"name" : "7067",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11514",
"name" : "routefinder-vpn-options-bo(11514)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in the web interface for SOHO Routefinder 550 before firmware 4.63 allows remote attackers to cause a denial of service (reboot) and execute arbitrary code via a long GET /OPTIONS value."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:multitech:routefinder_550_vpn:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "4.63",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-03-18T05:00Z",
"lastModifiedDate" : "2018-05-03T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0126",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.krusesecurity.dk/advisories/routefind550bof.txt",
"name" : "http://www.krusesecurity.dk/advisories/routefind550bof.txt",
"refsource" : "MISC",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The web interface for SOHO Routefinder 550 firmware 4.63 and earlier, and possibly later versions, has a default \"admin\" account with a blank password, which could allow attackers on the LAN side to conduct unauthorized activities."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:multitech:routefinder_550_vpn:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "4.63",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:multitech:routefinder_550_vpn:4.64_beta:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-03-18T05:00Z",
"lastModifiedDate" : "2008-09-05T20:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0127",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://rhn.redhat.com/errata/RHSA-2003-098.html",
"name" : "RHSA-2003:098",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/628849",
"name" : "VU#628849",
"refsource" : "CERT-VN",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://rhn.redhat.com/errata/RHSA-2003-088.html",
"name" : "RHSA-2003:088",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-270",
"name" : "DSA-270",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-276",
"name" : "DSA-276",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-311",
"name" : "DSA-311",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-312",
"name" : "DSA-312",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-332",
"name" : "DSA-332",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-336",
"name" : "DSA-336",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2004/dsa-423",
"name" : "DSA-423",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2004/dsa-495",
"name" : "DSA-495",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-020.0.txt",
"name" : "CSSA-2003-020.0",
"refsource" : "CALDERA",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-145.html",
"name" : "RHSA-2003:145",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://security.gentoo.org/glsa/glsa-200303-17.xml",
"name" : "GLSA-200303-17",
"refsource" : "GENTOO",
"tags" : [ ]
}, {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0134.html",
"name" : "20030317 Fwd: Ptrace hole / Linux 2.2.25",
"refsource" : "VULNWATCH",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-103.html",
"name" : "RHSA-2003:103",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:038",
"name" : "MDKSA-2003:038",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:039",
"name" : "MDKSA-2003:039",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105301461726555&w=2",
"name" : "ESA-20030515-017",
"refsource" : "ENGARDE",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A254",
"name" : "oval:org.mitre.oval:def:254",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The kernel module loader in Linux kernel 2.2.x before 2.2.25, and 2.4.x before 2.4.21, allows local users to gain root privileges by using ptrace to attach to a child process that is spawned by the kernel."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.2.15:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.2.16:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.2.22:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.2.13:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.2.14:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.2.20:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.2.21:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.2.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.2.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.13:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.15:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.12:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.21:pre1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.2.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.2.12:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.16:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.2.23:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.19:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.14:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.2.19:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.2.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.2.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.2.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.20:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.2.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.2.18:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.17:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.2.24:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.2.17:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-03-31T05:00Z",
"lastModifiedDate" : "2018-05-03T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0128",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.coresecurity.com/common/showdoc.php?idx=309&idxseccion=10",
"name" : "http://www.coresecurity.com/common/showdoc.php?idx=309&idxseccion=10",
"refsource" : "MISC",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7117",
"name" : "7117",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0141.html",
"name" : "20030319 CORE-2003-03-04-01: Multiple vulnerabilities in Ximian 's Evolution Mail User Agent",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-108.html",
"name" : "RHSA-2003:108",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000648",
"name" : "CLA-2003:648",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200303-18.xml",
"name" : "GLSA-200303-18",
"refsource" : "GENTOO",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:045",
"name" : "MDKSA-2003:045",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104826470527308&w=2",
"name" : "20030321 GLSA: evolution (200303-18)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A107",
"name" : "oval:org.mitre.oval:def:107",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The try_uudecoding function in mail-format.c for Ximian Evolution Mail User Agent 1.2.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a malicious uuencoded (UUE) header, possibly triggering a heap-based buffer overflow."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ximian:evolution:1.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ximian:evolution:1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ximian:evolution:1.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ximian:evolution:1.0.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ximian:evolution:1.0.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ximian:evolution:1.2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ximian:evolution:1.0.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ximian:evolution:1.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ximian:evolution:1.0.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ximian:evolution:1.0.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-03-24T05:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0129",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.coresecurity.com/common/showdoc.php?idx=309&idxseccion=10",
"name" : "http://www.coresecurity.com/common/showdoc.php?idx=309&idxseccion=10",
"refsource" : "MISC",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7118",
"name" : "7118",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0141.html",
"name" : "20030319 CORE-2003-03-04-01: Multiple vulnerabilities in Ximian 's Evolution Mail User Agent",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-108.html",
"name" : "RHSA-2003:108",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000648",
"name" : "CLA-2003:648",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200303-18.xml",
"name" : "GLSA-200303-18",
"refsource" : "GENTOO",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:045",
"name" : "MDKSA-2003:045",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104826470527308&w=2",
"name" : "20030321 GLSA: evolution (200303-18)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A108",
"name" : "oval:org.mitre.oval:def:108",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Ximian Evolution Mail User Agent 1.2.2 and earlier allows remote attackers to cause a denial of service (memory consumption) via a mail message that is uuencoded multiple times."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ximian:evolution:1.0.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ximian:evolution:1.0.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ximian:evolution:1.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ximian:evolution:1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ximian:evolution:1.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ximian:evolution:1.0.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ximian:evolution:1.0.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ximian:evolution:1.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ximian:evolution:1.0.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ximian:evolution:1.2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-03-24T05:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0130",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.coresecurity.com/common/showdoc.php?idx=309&idxseccion=10",
"name" : "http://www.coresecurity.com/common/showdoc.php?idx=309&idxseccion=10",
"refsource" : "MISC",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7119",
"name" : "7119",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0141.html",
"name" : "20030319 CORE-2003-03-04-01: Multiple vulnerabilities in Ximian 's Evolution Mail User Agent",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-108.html",
"name" : "RHSA-2003:108",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000648",
"name" : "CLA-2003:648",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200303-18.xml",
"name" : "GLSA-200303-18",
"refsource" : "GENTOO",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:045",
"name" : "MDKSA-2003:045",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104826470527308&w=2",
"name" : "20030321 GLSA: evolution (200303-18)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A111",
"name" : "oval:org.mitre.oval:def:111",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The handle_image function in mail-format.c for Ximian Evolution Mail User Agent 1.2.2 and earlier does not properly escape HTML characters, which allows remote attackers to inject arbitrary data and HTML via a MIME Content-ID header in a MIME-encoded image."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ximian:evolution:1.0.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ximian:evolution:1.0.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ximian:evolution:1.0.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ximian:evolution:1.0.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ximian:evolution:1.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ximian:evolution:1.0.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ximian:evolution:1.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ximian:evolution:1.2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ximian:evolution:1.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ximian:evolution:1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-03-24T05:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0131",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://eprint.iacr.org/2003/052/",
"name" : "http://eprint.iacr.org/2003/052/",
"refsource" : "MISC",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7148",
"name" : "7148",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/888801",
"name" : "VU#888801",
"refsource" : "CERT-VN",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-007.txt.asc",
"name" : "NetBSD-SA2003-007",
"refsource" : "NETBSD",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-101.html",
"name" : "RHSA-2003:101",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-102.html",
"name" : "RHSA-2003:102",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-288",
"name" : "DSA-288",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20030501-01-I",
"name" : "20030501-01-I",
"refsource" : "SGI",
"tags" : [ ]
}, {
"url" : "http://lists.apple.com/mhonarc/security-announce/msg00028.html",
"name" : "http://lists.apple.com/mhonarc/security-announce/msg00028.html",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.openssl.org/news/secadv_20030319.txt",
"name" : "http://www.openssl.org/news/secadv_20030319.txt",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000625",
"name" : "CLA-2003:625",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-014.0.txt",
"name" : "CSSA-2003-014.0",
"refsource" : "CALDERA",
"tags" : [ ]
}, {
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200303-20.xml",
"name" : "GLSA-200303-20",
"refsource" : "GENTOO",
"tags" : [ ]
}, {
"url" : "http://www.openpkg.org/security/OpenPKG-SA-2003.026-openssl.html",
"name" : "OpenPKG-SA-2003.026",
"refsource" : "OPENPKG",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:035",
"name" : "MDKSA-2003:035",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104852637112330&w=2",
"name" : "20030324 GLSA: openssl (200303-20)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104811162730834&w=2",
"name" : "20030319 [OpenSSL Advisory] Klima-Pokorny-Rosa attack on PKCS #1 v1.5 padding",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104878215721135&w=2",
"name" : "2003-0013",
"refsource" : "TRUSTIX",
"tags" : [ ]
}, {
"url" : "https://lists.opensuse.org/opensuse-security-announce/2003-04/msg00005.html",
"name" : "SuSE-SA:2003:024",
"refsource" : "SUSE",
"tags" : [ ]
}, {
"url" : "http://www.linuxsecurity.com/advisories/immunix_advisory-3066.html",
"name" : "http://www.linuxsecurity.com/advisories/immunix_advisory-3066.html",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11586",
"name" : "ssl-premaster-information-leak(11586)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A461",
"name" : "oval:org.mitre.oval:def:461",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/316577/30/25310/threaded",
"name" : "IMNX-2003-7+-001-01",
"refsource" : "IMMUNIX",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS #1 v1.5 padding that cause OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext, aka the \"Klima-Pokorny-Rosa attack.\""
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-03-24T05:00Z",
"lastModifiedDate" : "2018-10-19T15:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0132",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-772"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.idefense.com/advisory/04.08.03.txt",
"name" : "http://www.idefense.com/advisory/04.08.03.txt",
"refsource" : "MISC",
"tags" : [ "Third Party Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-139.html",
"name" : "RHSA-2003:139",
"refsource" : "REDHAT",
"tags" : [ "Third Party Advisory" ]
}, {
"url" : "http://lists.apple.com/mhonarc/security-announce/msg00028.html",
"name" : "http://lists.apple.com/mhonarc/security-announce/msg00028.html",
"refsource" : "CONFIRM",
"tags" : [ "Third Party Advisory" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/206537",
"name" : "VU#206537",
"refsource" : "CERT-VN",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=205147",
"name" : "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=205147",
"refsource" : "MISC",
"tags" : [ "Broken Link" ]
}, {
"url" : "http://secunia.com/advisories/8499",
"name" : "8499",
"refsource" : "SECUNIA",
"tags" : [ "Third Party Advisory" ]
}, {
"url" : "http://secunia.com/advisories/34920",
"name" : "34920",
"refsource" : "SECUNIA",
"tags" : [ "Third Party Advisory" ]
}, {
"url" : "http://www.vupen.com/english/advisories/2009/1233",
"name" : "ADV-2009-1233",
"refsource" : "VUPEN",
"tags" : [ "Third Party Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105013378320711&w=2",
"name" : "20030411 PATCH: [CAN-2003-0132] Apache 2.0.44 Denial of Service",
"refsource" : "BUGTRAQ",
"tags" : [ "Issue Tracking", "Third Party Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104994309010974&w=2",
"name" : "20030408 Exploit Code Released for Apache 2.x Memory Leak",
"refsource" : "BUGTRAQ",
"tags" : [ "Issue Tracking", "Third Party Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105001663120995&w=2",
"name" : "20030410 working apache <= 2.0.44 DoS exploit for linux.",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104931360606484&w=2",
"name" : "20030402 [ANNOUNCE] Apache 2.0.45 Released",
"refsource" : "BUGTRAQ",
"tags" : [ "Issue Tracking", "Third Party Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104982175321731&w=2",
"name" : "20030408 iDEFENSE Security Advisory 04.08.03: Denial of Service in Apache HTTP Server 2.x",
"refsource" : "BUGTRAQ",
"tags" : [ "Issue Tracking", "Third Party Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104994239010517&w=2",
"name" : "20030409 GLSA: apache (200304-01)",
"refsource" : "BUGTRAQ",
"tags" : [ "Issue Tracking", "Third Party Advisory" ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A156",
"name" : "oval:org.mitre.oval:def:156",
"refsource" : "OVAL",
"tags" : [ "Third Party Advisory" ]
}, {
"url" : "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ "Mailing List", "Vendor Advisory" ]
}, {
"url" : "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ "Mailing List", "Vendor Advisory" ]
}, {
"url" : "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ "Mailing List", "Vendor Advisory" ]
}, {
"url" : "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ "Mailing List", "Vendor Advisory" ]
}, {
"url" : "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"refsource" : "MLIST",
"tags" : [ "Mailing List", "Vendor Advisory" ]
}, {
"url" : "https://lists.apache.org/thread.html/r7035b7c9091c4b665a3b7205364775410646f12125d48e74e395f2ce@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1888194 [2/13] - /httpd/site/trunk/content/security/json/",
"refsource" : "MLIST",
"tags" : [ "Mailing List", "Vendor Advisory" ]
}, {
"url" : "https://lists.apache.org/thread.html/re028d61fe612b0908595d658b9b39e74bca56f2a1ed3c5f06b5ab571@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073139 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"refsource" : "MLIST",
"tags" : [ "Mailing List", "Vendor Advisory" ]
}, {
"url" : "https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073149 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"refsource" : "MLIST",
"tags" : [ "Mailing List", "Vendor Advisory" ]
}, {
"url" : "https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ "Mailing List", "Vendor Advisory" ]
}, {
"url" : "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ "Mailing List", "Vendor Advisory" ]
}, {
"url" : "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/",
"refsource" : "MLIST",
"tags" : [ "Mailing List", "Vendor Advisory" ]
}, {
"url" : "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"refsource" : "MLIST",
"tags" : [ "Mailing List", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
"versionStartIncluding" : "2.0.0",
"versionEndIncluding" : "2.0.44",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-04-11T04:00Z",
"lastModifiedDate" : "2021-07-15T20:14Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0133",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-126.html",
"name" : "RHSA-2003:126",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000737",
"name" : "CLA-2003:737",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:046",
"name" : "MDKSA-2003:046",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A138",
"name" : "oval:org.mitre.oval:def:138",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "GtkHTML, as included in Evolution before 1.2.4, allows remote attackers to cause a denial of service (crash) via certain malformed messages."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnome:gtkhtml:1.1.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnome:gtkhtml:1.1.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-05-05T04:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0134",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://cvs.apache.org/viewcvs/apr/file_io/os2/filestat.c.diff?r1=1.34&r2=1.35",
"name" : "http://cvs.apache.org/viewcvs/apr/file_io/os2/filestat.c.diff?r1=1.34&r2=1.35",
"refsource" : "CONFIRM",
"tags" : [ "Patch" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105418115512559&w=2",
"name" : "20030528 [SECURITY] [ANNOUNCE] Apache 2.0.46 released",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104931360606484&w=2",
"name" : "20030402 [ANNOUNCE] Apache 2.0.45 Released",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/re028d61fe612b0908595d658b9b39e74bca56f2a1ed3c5f06b5ab571@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073139 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r7035b7c9091c4b665a3b7205364775410646f12125d48e74e395f2ce@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1888194 [2/13] - /httpd/site/trunk/content/security/json/",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/raa117ef183f0da9b3f46efbeaa66f7622bd68868a450cae4fd8ed594@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073149 [3/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unknown vulnerability in filestat.c for Apache running on OS2, versions 2.0 through 2.0.45, allows unknown attackers to cause a denial of service via requests related to device names."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.32:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.35:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.36:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.43:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.44:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.37:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.38:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.45:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.28:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.42:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.39:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.41:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.40:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-04-11T04:00Z",
"lastModifiedDate" : "2021-06-06T11:15Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0135",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-084.html",
"name" : "RHSA-2003:084",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7253",
"name" : "7253",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A634",
"name" : "oval:org.mitre.oval:def:634",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "vsftpd FTP daemon in Red Hat Linux 9 is not compiled against TCP wrappers (tcp_wrappers) but is installed as a standalone service, which inadvertently prevents vsftpd from restricting access as intended."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:linux:9.0:*:i386:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-04-11T04:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0136",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-285",
"name" : "DSA-285",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-142.html",
"name" : "RHSA-2003:142",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=188366",
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=188366",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A423",
"name" : "oval:org.mitre.oval:def:423",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "psbanner in the LPRng package allows local users to overwrite arbitrary files via a symbolic link attack on the /tmp/before file."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:astart_technologies:lprng:3.8.10.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:astart_technologies:lprng:3.8.19:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:astart_technologies:lprng:3.8.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:astart_technologies:lprng:3.7.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 2.1
},
"severity" : "LOW",
"exploitabilityScore" : 3.9,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-05-05T04:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0137",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.atstake.com/research/advisories/2003/a031303-2.txt",
"name" : "A031303-2",
"refsource" : "ATSTAKE",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://secunia.com/advisories/8301",
"name" : "8301",
"refsource" : "SECUNIA",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "SNMP daemon in the DX200 based network element for Nokia Serving GPRS support node (SGSN) allows remote attackers to read SNMP options via arbitrary community strings."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:nokia:sgsn_dx200:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-03-18T05:00Z",
"lastModifiedDate" : "2008-09-10T19:18Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0138",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-266",
"name" : "DSA-266",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-004-krb4.txt",
"name" : "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-004-krb4.txt",
"refsource" : "CONFIRM",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/623217",
"name" : "VU#623217",
"refsource" : "CERT-VN",
"tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-269",
"name" : "DSA-269",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-273",
"name" : "DSA-273",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-051.html",
"name" : "RHSA-2003:051",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-052.html",
"name" : "RHSA-2003:052",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-091.html",
"name" : "RHSA-2003:091",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/7113",
"name" : "7113",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104791775804776&w=2",
"name" : "20030317 MITKRB5-SA-2003-004: Cryptographic weaknesses in Kerberos v4 protocol",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A248",
"name" : "oval:org.mitre.oval:def:248",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/316960/30/25250/threaded",
"name" : "20030331 GLSA: krb5 & mit-krb5 (200303-28)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Version 4 of the Kerberos protocol (krb4), as used in Heimdal and other packages, allows an attacker to impersonate any principal in a realm via a chosen-plaintext attack."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mit:kerberos:4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-03-24T05:00Z",
"lastModifiedDate" : "2018-10-19T15:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0139",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-004-krb4.txt",
"name" : "http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-004-krb4.txt",
"refsource" : "CONFIRM",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/442569",
"name" : "VU#442569",
"refsource" : "CERT-VN",
"tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-266",
"name" : "DSA-266",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-273",
"name" : "DSA-273",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-051.html",
"name" : "RHSA-2003:051",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-052.html",
"name" : "RHSA-2003:052",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-091.html",
"name" : "RHSA-2003:091",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104791775804776&w=2",
"name" : "20030319 MITKRB5-SA-2003-004: Cryptographic weaknesses in Kerberos v4",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A250",
"name" : "oval:org.mitre.oval:def:250",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/317130/30/25250/threaded",
"name" : "20030330 GLSA: openafs (200303-26)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/316960/30/25250/threaded",
"name" : "20030331 GLSA: krb5 & mit-krb5 (200303-28)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Certain weaknesses in the implementation of version 4 of the Kerberos protocol (krb4) in the krb5 distribution, when triple-DES keys are used to key krb4 services, allow an attacker to create krb4 tickets for unauthorized principals using a cut-and-paste attack and \"ticket splicing.\""
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mit:kerberos:4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-03-24T05:00Z",
"lastModifiedDate" : "2018-10-19T15:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0140",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/315679",
"name" : "20030319 mutt-1.4.1 fixes a buffer overflow.",
"refsource" : "BUGTRAQ",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7120",
"name" : "7120",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-268",
"name" : "DSA-268",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.novell.com/linux/security/advisories/2003_020_mutt.html",
"name" : "SuSE-SA:2003:020",
"refsource" : "SUSE",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-109.html",
"name" : "RHSA-2003:109",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.coresecurity.com/common/showdoc.php?idx=310&idxseccion=10",
"name" : "http://www.coresecurity.com/common/showdoc.php?idx=310&idxseccion=10",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000626",
"name" : "CLA-2003:626",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000630",
"name" : "CLA-2003:630",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200303-19.xml",
"name" : "GLSA-200303-19",
"refsource" : "GENTOO",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:041",
"name" : "MDKSA-2003:041",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105171507629573&w=2",
"name" : "20030430 GLSA: balsa (200304-10)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104852190605988&w=2",
"name" : "20030322 GLSA: mutt (200303-19)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104817995421439&w=2",
"name" : "20030320 [OpenPKG-SA-2003.025] OpenPKG Security Advisory (mutt)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104818814931378&w=2",
"name" : "20030320 CORE-20030304-02: Vulnerability in Mutt Mail User Agent",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11583",
"name" : "mutt-folder-name-bo(11583)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A434",
"name" : "oval:org.mitre.oval:def:434",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2",
"name" : "oval:org.mitre.oval:def:2",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in Mutt 1.4.0 and possibly earlier versions, 1.5.x up to 1.5.3, and other programs that use Mutt code such as Balsa before 2.0.10, allows a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a crafted folder."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mutt:mutt:1.3.12:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mutt:mutt:1.3.16:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mutt:mutt:1.5.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mutt:mutt:1.3.17:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mutt:mutt:1.3.22:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mutt:mutt:1.3.27:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mutt:mutt:1.4.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mutt:mutt:1.3.24:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mutt:mutt:1.3.25:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-03-24T05:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0141",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.coresecurity.com/common/showdoc.php?idx=311&idxseccion=10",
"name" : "http://www.coresecurity.com/common/showdoc.php?idx=311&idxseccion=10",
"refsource" : "MISC",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7177",
"name" : "7177",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0156.html",
"name" : "20030328 CORE-2003-0306: RealPlayer PNG deflate heap corruption vulnerability",
"refsource" : "VULNWATCH",
"tags" : [ ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/705761",
"name" : "VU#705761",
"refsource" : "CERT-VN",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104887465427579&w=2",
"name" : "20030328 CORE-2003-0306: RealPlayer PNG deflate heap corruption vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The PNG deflate algorithm in RealOne Player 6.0.11.x and earlier, RealPlayer 8/RealPlayer Plus 8 6.0.9.584, and other versions allows remote attackers to corrupt the heap and overwrite arbitrary memory via a PNG graphic file format containing compressed data using fixed trees that contain the length values 286-287, which are treated as a very large length."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:realnetworks:realone_player:6.0.11.853:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:realnetworks:realone_player:9.0.0.288:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:realnetworks:realone_enterprise_desktop:6.0.11.774:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:realnetworks:realone_player:2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:realnetworks:realone_player:9.0.0.297:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:realnetworks:realplayer:8.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:realnetworks:realone_player:6.0.11.830:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:realnetworks:realone_player:6.0.11.841:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:realnetworks:realone_player:6.0.10.505:gold:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:realnetworks:realone_player:6.0.11.818:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "HIGH",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.1
},
"severity" : "MEDIUM",
"exploitabilityScore" : 4.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : true
}
},
"publishedDate" : "2003-04-02T05:00Z",
"lastModifiedDate" : "2016-10-18T02:30Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0142",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/328224",
"name" : "20030708 Adobe Acrobat and PDF security: no improvements for 2 years",
"refsource" : "BUGTRAQ",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/689835",
"name" : "VU#689835",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Adobe Acrobat Reader (acroread) 6, under certain circumstances when running with the \"Certified plug-ins only\" option disabled, loads plug-ins with signatures used for older versions of Acrobat, which can allow attackers to cause Acrobat to enter Certified mode and run untrusted plugins by modifying the CTIsCertifiedMode function."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:adobe:acrobat_reader:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-18T04:00Z",
"lastModifiedDate" : "2008-09-05T20:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0143",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-259",
"name" : "DSA-259",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7058",
"name" : "7058",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.novell.com/linux/security/advisories/2003_018_qpopper.html",
"name" : "SuSE-SA:2003:018",
"refsource" : "SUSE",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104792541215354&w=2",
"name" : "GLSA-200303-12",
"refsource" : "GENTOO",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104748775900481&w=2",
"name" : "20030312 Re: QPopper 4.0.x buffer overflow vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104768137314397&w=2",
"name" : "20030314 [OpenPKG-SA-2003.018] OpenPKG Security Advisory (qpopper)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104739841223916&w=2",
"name" : "20030310 QPopper 4.0.x buffer overflow vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11516",
"name" : "qpopper-popmsg-macroname-bo(11516)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The pop_msg function in qpopper 4.0.x before 4.0.5fc2 does not null terminate a message buffer after a call to Qvsnprintf, which could allow authenticated users to execute arbitrary code via a buffer overflow in a mdef command with a long macro name."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:qualcomm:qpopper:4.0.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:qualcomm:qpopper:4.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:qualcomm:qpopper:4.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:qualcomm:qpopper:4.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-03-18T05:00Z",
"lastModifiedDate" : "2017-10-10T01:30Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0144",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/7025",
"name" : "7025",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/010_lprm.patch",
"name" : "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/010_lprm.patch",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-267",
"name" : "DSA-267",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-275",
"name" : "DSA-275",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20030406-02-P",
"name" : "20030406-02-P",
"refsource" : "SGI",
"tags" : [ ]
}, {
"url" : "http://www.novell.com/linux/security/advisories/2003_014_lprold.html",
"name" : "SuSE-SA:2003:0014",
"refsource" : "SUSE",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:059",
"name" : "MDKSA-2003:059",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/8293",
"name" : "8293",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104714441925019&w=2",
"name" : "20030308 OpenBSD lprm(1) exploit",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104690434504429&w=2",
"name" : "20030305 potential buffer overflow in lprm (fwd)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11473",
"name" : "lprm-bo(11473)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in the lprm command in the lprold lpr package on SuSE 7.1 through 7.3, OpenBSD 3.2 and earlier, and possibly other operating systems, allows local users to gain root privileges via long command line arguments such as (1) request ID or (2) user name."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:lprold:lprold:3.0.48:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:2.2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:2.2.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:2.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:2.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:2.2.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:2.2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:2.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:2.2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:bsd:lpr:2000-05-07:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:2.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:3.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:2.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:3.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:bsd:lpr:0.48:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:3.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-03-31T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0145",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.tcpdump.org/tcpdump-changes.txt",
"name" : "http://www.tcpdump.org/tcpdump-changes.txt",
"refsource" : "CONFIRM",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-261",
"name" : "DSA-261",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:027",
"name" : "MDKSA-2003:027",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-032.html",
"name" : "RHSA-2003:032",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-151.html",
"name" : "RHSA-2003:151",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-214.html",
"name" : "RHSA-2003:214",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11857",
"name" : "tcpdump-radius-attribute-dos(11857)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unknown vulnerability in tcpdump before 3.7.2 related to an inability to \"Handle unknown RADIUS attributes properly,\" allows remote attackers to cause a denial of service (infinite loop), a different vulnerability than CAN-2003-0093."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:lbl:tcpdump:3.6.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:lbl:tcpdump:3.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:lbl:tcpdump:3.5.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:lbl:tcpdump:3.7.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-03-31T05:00Z",
"lastModifiedDate" : "2017-10-10T01:30Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0146",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-263",
"name" : "DSA-263",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-060.html",
"name" : "RHSA-2003:060",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/630433",
"name" : "VU#630433",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://www.securityfocus.com/bid/6979",
"name" : "6979",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000656",
"name" : "CLSA-2003:656",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104644687816522&w=2",
"name" : "20030228 NetPBM, multiple vulnerabilities",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11463",
"name" : "netpbm-multiple-bo(11463)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple vulnerabilities in NetPBM 9.20 and earlier, and possibly other versions, may allow remote attackers to cause a denial of service or execute arbitrary code via \"maths overflow errors\" such as (1) integer signedness errors or (2) integer overflows, which lead to buffer overflows."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:netpbm:netpbm:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "9.20",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-03-31T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0147",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0130.html",
"name" : "20030313 OpenSSL Private Key Disclosure",
"refsource" : "VULNWATCH",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/997481",
"name" : "VU#997481",
"refsource" : "CERT-VN",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.openssl.org/news/secadv_20030317.txt",
"name" : "http://www.openssl.org/news/secadv_20030317.txt",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf",
"name" : "http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-288",
"name" : "DSA-288",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:035",
"name" : "MDKSA-2003:035",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-101.html",
"name" : "RHSA-2003:101",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-102.html",
"name" : "RHSA-2003:102",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20030501-01-I",
"name" : "20030501-01-I",
"refsource" : "SGI",
"tags" : [ ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000625",
"name" : "CLA-2003:625",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-014.0.txt",
"name" : "CSSA-2003-014.0",
"refsource" : "CALDERA",
"tags" : [ ]
}, {
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200303-23.xml",
"name" : "GLSA-200303-23",
"refsource" : "GENTOO",
"tags" : [ ]
}, {
"url" : "http://www.openpkg.com/security/advisories/OpenPKG-SA-2003.019.html",
"name" : "OpenPKG-SA-2003.019",
"refsource" : "OPENPKG",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104819602408063&w=2",
"name" : "20030320 [OpenPKG-SA-2003.026] OpenPKG Security Advisory (openssl)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104792570615648&w=2",
"name" : "20030317 [ADVISORY] Timing Attack on OpenSSL",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104829040921835&w=2",
"name" : "GLSA-200303-15",
"refsource" : "GENTOO",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104766550528628&w=2",
"name" : "20030313 Vulnerability in OpenSSL",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104861762028637&w=2",
"name" : "GLSA-200303-24",
"refsource" : "GENTOO",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A466",
"name" : "oval:org.mitre.oval:def:466",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/316577/30/25310/threaded",
"name" : "IMNX-2003-7+-001-01",
"refsource" : "IMMUNIX",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/316165/30/25370/threaded",
"name" : "20030325 Fwd: APPLE-SA-2003-03-24 Samba, OpenSSL",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms (\"Karatsuba\" and normal)."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openpkg:openpkg:1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:3.15:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:3.16:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:3.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:3.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:4.02:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:3.14:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:3.22:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:3.18:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:3.20:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:4.04:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openpkg:openpkg:1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:3.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:3.21:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:3.13:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:3.17:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:3.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:3.12:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openpkg:openpkg:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:4.01:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:4.03:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:3.19:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:3.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:4.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-03-31T05:00Z",
"lastModifiedDate" : "2018-10-19T15:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0148",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.atstake.com/research/advisories/2003/a073103-1.txt",
"name" : "A073103-1",
"refsource" : "ATSTAKE",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.nai.com/us/promos/mcafee/epo_vulnerabilities.asp",
"name" : "http://www.nai.com/us/promos/mcafee/epo_vulnerabilities.asp",
"refsource" : "CONFIRM",
"tags" : [ "Patch", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The default installation of MSDE via McAfee ePolicy Orchestrator 2.0 through 3.0 allows attackers to execute arbitrary code via a series of steps that (1) obtain the database administrator username and encrypted password in a configuration file from the ePO server using a certain request, (2) crack the password due to weak cryptography, and (3) use the password to pass commands through xp_cmdshell."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mcafee:epolicy_orchestrator:2.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mcafee:epolicy_orchestrator:2.5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mcafee:epolicy_orchestrator:2.5:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mcafee:epolicy_orchestrator:3.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mcafee:epolicy_orchestrator:2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2008-09-10T19:18Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0149",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.atstake.com/research/advisories/2003/a073103-1.txt",
"name" : "A073103-1",
"refsource" : "ATSTAKE",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.nai.com/us/promos/mcafee/epo_vulnerabilities.asp",
"name" : "http://www.nai.com/us/promos/mcafee/epo_vulnerabilities.asp",
"refsource" : "CONFIRM",
"tags" : [ "Patch", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Heap-based buffer overflow in ePO agent for McAfee ePolicy Orchestrator 2.0, 2.5, and 2.5.1 allows remote attackers to execute arbitrary code via a POST request containing long parameters."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mcafee:epolicy_orchestrator:2.5:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mcafee:epolicy_orchestrator:2.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mcafee:epolicy_orchestrator:2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mcafee:epolicy_orchestrator:2.5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2008-09-10T19:18Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0150",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/7052",
"name" : "7052",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000743",
"name" : "CLA-2003:743",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-303",
"name" : "DSA-303",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.linuxsecurity.com/advisories/engarde_advisory-3046.html",
"name" : "ESA-20030324-012",
"refsource" : "ENGARDE",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-093.html",
"name" : "RHSA-2003:093",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://rhn.redhat.com/errata/RHSA-2003-094.html",
"name" : "RHSA-2003:094",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/203897",
"name" : "VU#203897",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:057",
"name" : "MDKSA-2003:057",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104800948128630&w=2",
"name" : "20030318 [OpenPKG-SA-2003.022] OpenPKG Security Advisory (mysql)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104802285012750&w=2",
"name" : "20030318 GLSA: mysql (200303-14)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104715840202315&w=2",
"name" : "20030308 MySQL_user_can_be_changed_to_root?",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104739810523433&w=2",
"name" : "20030310 Re: MySQL user can be changed to root",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11510",
"name" : "mysql-datadir-root-privileges(11510)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A442",
"name" : "oval:org.mitre.oval:def:442",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "MySQL 3.23.55 and earlier creates world-writeable files and allows mysql users to gain root privileges by using the \"SELECT * INFO OUTFILE\" operator to overwrite a configuration file and cause mysql to run as root upon restart, as demonstrated by modifying my.cnf."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.53a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.54:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.54a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.55:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.52:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.53:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "SINGLE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 9.0
},
"severity" : "HIGH",
"exploitabilityScore" : 8.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-03-24T05:00Z",
"lastModifiedDate" : "2019-10-07T16:41Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0151",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.s21sec.com/en/avisos/s21sec-011-en.txt",
"name" : "http://www.s21sec.com/en/avisos/s21sec-011-en.txt",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-28.jsp",
"name" : "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-28.jsp",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/7122",
"name" : "7122",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/7124",
"name" : "7124",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104792544515384&w=2",
"name" : "20030317 S21SEC-011 - Multiple vulnerabilities in BEA WebLogic Server",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104792477914620&w=2",
"name" : "20030317 SPI ADVISORY: Remote Administration of BEA WebLogic Server and Express",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "BEA WebLogic Server and Express 6.0 through 7.0 does not properly restrict access to certain internal servlets that perform administrative functions, which allows remote attackers to read arbitrary files or execute arbitrary code."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.0:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.0:sp2:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp3:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.0:*:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp1:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp2:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp4:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:*:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.0:sp1:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp4:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.0:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp2:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp1:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:*:express:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-03-24T05:00Z",
"lastModifiedDate" : "2016-10-18T02:30Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0152",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-265",
"name" : "DSA-265",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7162",
"name" : "7162",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unknown vulnerability in bonsai Mozilla CVS query tool allows remote attackers to execute arbitrary commands as the www-data user."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bonsai:1.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-04-02T05:00Z",
"lastModifiedDate" : "2008-09-05T20:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0153",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-265",
"name" : "DSA-265",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://bugzilla.mozilla.org/show_bug.cgi?id=187230",
"name" : "http://bugzilla.mozilla.org/show_bug.cgi?id=187230",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/5517",
"name" : "5517",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=102980129101054&w=2",
"name" : "20020819 Advisory: Bonsai XSS and Physical Path Revealing Vulnerabilities",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/9921",
"name" : "bonsai-path-disclosure(9921)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "bonsai Mozilla CVS query tool leaks the absolute pathname of the tool in certain error messages generated by (1) cvslog.cgi, (2) cvsview2.cgi, or (3) multidiff.cgi."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bonsai:1.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-04-02T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0154",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-265",
"name" : "DSA-265",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/5516",
"name" : "5516",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://bugzilla.mozilla.org/show_bug.cgi?id=163573",
"name" : "http://bugzilla.mozilla.org/show_bug.cgi?id=163573",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://bugzilla.mozilla.org/show_bug.cgi?id=146244",
"name" : "http://bugzilla.mozilla.org/show_bug.cgi?id=146244",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.iss.net/security_center/static/9920.php",
"name" : "bonsai-error-message-xss(9920)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "http://bugzilla.mozilla.org/attachment.cgi?id=95950&action=view",
"name" : "http://bugzilla.mozilla.org/attachment.cgi?id=95950&action=view",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://bugzilla.mozilla.org/attachment.cgi?id=95985&action=view",
"name" : "http://bugzilla.mozilla.org/attachment.cgi?id=95985&action=view",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=102980129101054&w=2",
"name" : "20020819 Advisory: Bonsai XSS and Physical Path Revealing Vulnerabilities",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting vulnerabilities (XSS) in bonsai Mozilla CVS query tool allow remote attackers to execute arbitrary web script via (1) the file, root, or rev parameters to cvslog.cgi, (2) the file or root parameters to cvsblame.cgi, (3) various parameters to cvsquery.cgi, (4) the person parameter to showcheckins.cgi, (5) the module parameter to cvsqueryform.cgi, and (6) possibly other attack vectors as identified by Mozilla bug #146244."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bonsai:1.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 6.8
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-04-02T05:00Z",
"lastModifiedDate" : "2016-10-18T02:30Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0155",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-265",
"name" : "DSA-265",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7163",
"name" : "7163",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "bonsai Mozilla CVS query tool allows remote attackers to gain access to the parameters page without authentication."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bonsai:1.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-04-02T05:00Z",
"lastModifiedDate" : "2008-09-05T20:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0156",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-264",
"name" : "DSA-264",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7062",
"name" : "7062",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104739747222492&w=2",
"name" : "20030311 Cross-Referencing Linux vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Directory traversal vulnerability in Cross-Referencing Linux (LXR) allows remote attackers to read arbitrary files via .. (dot dot) sequences in the v parameter."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cross_referencer:lxr:0.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cross_referencer:lxr:0.9.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cross_referencer:lxr:0.9.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cross_referencer:lxr:0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cross_referencer:lxr:0.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-03-24T05:00Z",
"lastModifiedDate" : "2016-10-18T02:30Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0157",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ ]
} ]
},
"references" : {
"reference_data" : [ ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2003-0138. Reason: This candidate is a reservation duplicate of CVE-2003-0138 due to incomplete coordination. Notes: All CVE users should reference CVE-2003-0138 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ ]
},
"impact" : { },
"publishedDate" : "2003-03-24T05:00Z",
"lastModifiedDate" : "2008-09-10T19:18Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0158",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ ]
} ]
},
"references" : {
"reference_data" : [ ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2003-0139. Reason: This candidate is a reservation duplicate of CVE-2003-0139 due to incomplete coordination. Notes: All CVE users should reference CVE-2003-0139 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ ]
},
"impact" : { },
"publishedDate" : "2003-03-24T05:00Z",
"lastModifiedDate" : "2008-09-10T19:18Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0159",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.ethereal.com/appnotes/enpa-sa-00008.html",
"name" : "http://www.ethereal.com/appnotes/enpa-sa-00008.html",
"refsource" : "CONFIRM",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7050",
"name" : "7050",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.novell.com/linux/security/advisories/2003_019_ethereal.html",
"name" : "SuSE-SA:2003:019",
"refsource" : "SUSE",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-077.html",
"name" : "RHSA-2003:077",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:051",
"name" : "MDKSA-2003:051",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104741640924709&w=2",
"name" : "20030309 GLSA: ethereal (200303-10)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A55",
"name" : "oval:org.mitre.oval:def:55",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Heap-based buffer overflow in the NTLMSSP code for Ethereal 0.9.9 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.8.18:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-04-02T05:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0160",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://sourceforge.net/mailarchive/forum.php?thread_id=1641953&forum_id=1988",
"name" : "http://sourceforge.net/mailarchive/forum.php?thread_id=1641953&forum_id=1988",
"refsource" : "CONFIRM",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-112.html",
"name" : "RHSA-2003:112",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A614",
"name" : "oval:org.mitre.oval:def:614",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.2.11 allow remote attackers to inject arbitrary HTML code and steal information from a client's web browser."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:squirrelmail:squirrelmail:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "1.2.11",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 5.8
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 4.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-04-02T05:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0161",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.cert.org/advisories/CA-2003-12.html",
"name" : "CA-2003-12",
"refsource" : "CERT",
"tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.securityfocus.com/bid/7230",
"name" : "7230",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-120.html",
"name" : "RHSA-2003:120",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-March/004295.html",
"name" : "20030329 Sendmail: -1 gone wild",
"refsource" : "FULLDISC",
"tags" : [ ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/897604",
"name" : "VU#897604",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:07.sendmail.asc",
"name" : "FreeBSD-SA-03:07",
"refsource" : "FREEBSD",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-121.html",
"name" : "RHSA-2003:121",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.11/SCOSA-2004.11.txt",
"name" : "SCOSA-2004.11",
"refsource" : "SCO",
"tags" : [ ]
}, {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20030401-01-P",
"name" : "20030401-01-P",
"refsource" : "SGI",
"tags" : [ ]
}, {
"url" : "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-016.0.txt",
"name" : "CSSA-2003-016.0",
"refsource" : "CALDERA",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-278",
"name" : "DSA-278",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-290",
"name" : "DSA-290",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://lists.apple.com/mhonarc/security-announce/msg00028.html",
"name" : "http://lists.apple.com/mhonarc/security-announce/msg00028.html",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000614",
"name" : "CLA-2003:614",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/321997",
"name" : "20030520 [Fwd: 127 Research and Development: 127 Day!]",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200303-27.xml",
"name" : "GLSA-200303-27",
"refsource" : "GENTOO",
"tags" : [ ]
}, {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-52620-1",
"name" : "52620",
"refsource" : "SUNALERT",
"tags" : [ ]
}, {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-52700-1",
"name" : "52700",
"refsource" : "SUNALERT",
"tags" : [ ]
}, {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1001088.1-1",
"name" : "1001088",
"refsource" : "SUNALERT",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104896621106790&w=2",
"name" : "20030329 sendmail 8.12.9 available",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104914999806315&w=2",
"name" : "20030330 [OpenPKG-SA-2003.027] OpenPKG Security Advisory (sendmail)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104897487512238&w=2",
"name" : "20030329 Sendmail: -1 gone wild",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/317135/30/25220/threaded",
"name" : "20030401 Immunix Secured OS 7+ openssl update",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/316961/30/25250/threaded",
"name" : "20030331 GLSA: sendmail (200303-27)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special \"NOCHAR\" control value, allowing attackers to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CVE-2002-1337."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.10.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.11.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.9.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.9.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:2.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:2.1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:3.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:2.6.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:2.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12:beta16:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.11.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.11.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:2.1.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.11.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:2.6.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.10.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:2.2.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12:beta5:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:3.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.11.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:3.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:2.2.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:3.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:2.2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.11.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12:beta12:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.9.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:3.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:2.2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:2.1.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:3.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12:beta7:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.9.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:3.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:3.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12:beta10:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.11.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:2.1.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:4.0f_pk7_bl18:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:4.0g:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:4.0d:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:4.0d_pk9_bl17:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.0_pk4_bl18:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.0a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1_pk6_bl20:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.01:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.08:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.34:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux_series_800:10.20:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.30:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:sis:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.00:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.26:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:2.5.1:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:2.5:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1_pk4_bl18:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.0_pk4_bl17:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1b_pk1_bl1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:4.0g_pk3_bl17:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux_series_700:10.20:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.0.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:4.0b:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1_pk5_bl19:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:x86_update_2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.0a_pk3_bl17:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1_pk3_bl17:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:2.4:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:2.5.1:*:ppc:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:4.0f_pk6_bl17:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1a_pk3_bl3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:4.0f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.24:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.22:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.20:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1b:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1a_pk2_bl2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.09:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.0f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.20:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1a_pk1_bl1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.16:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-04-02T05:00Z",
"lastModifiedDate" : "2018-10-30T16:26Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0162",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/6971",
"name" : "6971",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-271",
"name" : "DSA-271",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104673407728323&w=2",
"name" : "20030303 Re: Ecardis Password Reseting Vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104636153214262&w=2",
"name" : "20030227 Ecardis Password Reseting Vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11431",
"name" : "ecartis-password-reset(11431)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Ecartis 1.0.0 (formerly listar) before snapshot 20030227 allows remote attackers to reset passwords of other users and gain privileges by modifying hidden form fields in the HTML page."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ecartis:ecartis:1.0.0_snapshot_2002-10-13:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-04-02T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0163",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.rapid7.com/advisories/R7-0013.html",
"name" : "http://www.rapid7.com/advisories/R7-0013.html",
"refsource" : "MISC",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7182",
"name" : "7182",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105013281120352&w=2",
"name" : "20030412 R7-0013: Heap Corruption in Gaim-Encryption Plugin",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "decrypt_msg for the Gaim-Encryption GAIM plugin 1.15 and earlier does not properly validate a message length parameter, which allows remote attackers to cause a denial of service (crash) via a negative length, which overwrites arbitrary heap memory with a zero byte."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gaim-encryption:gaim-encryption:1.14:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gaim-encryption:gaim-encryption:1.15:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gaim-encryption:gaim-encryption:1.13:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-05-05T04:00Z",
"lastModifiedDate" : "2016-10-18T02:30Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0165",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-128.html",
"name" : "RHSA-2003:128",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7121",
"name" : "7121",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0157.html",
"name" : "20030328 Vulnerability in GNOME's Eye of Gnome",
"refsource" : "VULNWATCH",
"tags" : [ ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/363001",
"name" : "VU#363001",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://www.coresecurity.com/common/showdoc.php?idx=312&idxseccion=10",
"name" : "http://www.coresecurity.com/common/showdoc.php?idx=312&idxseccion=10",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:048",
"name" : "MDKSA-2003:048",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104887189724146&w=2",
"name" : "20030328 CORE-2003-0304-03: Vulnerability in GNOME's Eye of Gnome",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A52",
"name" : "oval:org.mitre.oval:def:52",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Format string vulnerability in Eye Of Gnome (EOG) allows attackers to execute arbitrary code via format string specifiers in a command line argument for the file to display."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnome:eog:1.0.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnome:eog:1.1.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnome:eog:1.1.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnome:eog:1.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnome:eog:1.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnome:eog:2.2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnome:eog:1.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnome:eog:1.1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnome:eog:1.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnome:eog:1.0.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-04-02T05:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0166",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/7197",
"name" : "7197",
"refsource" : "BID",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7198",
"name" : "7198",
"refsource" : "BID",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000691",
"name" : "CLSA-2003:691",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104878100719467&w=2",
"name" : "20030327 RE: FUD-ALARM: @(#)Mordred Labs advisory - Integer overflow in PHP memory allocator",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104931415307111&w=2",
"name" : "20030402 Inaccurate Reports Concerning PHP Vulnerabilities",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104869828526885&w=2",
"name" : "20030326 @(#)Mordred Labs advisory - Integer overflow in PHP memory allocator",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Integer signedness error in emalloc() function for PHP before 4.3.2 allow remote attackers to cause a denial of service (memory consumption) and possibly execute arbitrary code via negative arguments to functions such as (1) socket_recv, (2) socket_recvfrom, and possibly other functions."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php:php:4.0.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php:php:4.0.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php:php:4.2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php:php:4.2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php:php:4.0.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php:php:4.1.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php:php:4.3.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php:php:4.3.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php:php:4.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php:php:4.0.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php:php:4.2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php:php:4.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php:php:4.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php:php:4.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php:php:4.1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php:php:4.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php:php:4.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-04-02T05:00Z",
"lastModifiedDate" : "2018-10-30T16:25Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0167",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-274",
"name" : "DSA-274",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7229",
"name" : "7229",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-300",
"name" : "DSA-300",
"refsource" : "DEBIAN",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple off-by-one buffer overflows in the IMAP capability for Mutt 1.3.28 and earlier, and Balsa 1.2.4 and earlier, allow a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a specially crafted mail folder, a different vulnerability than CVE-2003-0140."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mutt:mutt:1.3.12.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mutt:mutt:1.3.17:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mutt:mutt:1.3.28:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mutt:mutt:1.3.22:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mutt:mutt:1.3.24:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mutt:mutt:1.3.25:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mutt:mutt:1.3.27:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mutt:mutt:1.3.12:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mutt:mutt:1.3.16:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-04-02T05:00Z",
"lastModifiedDate" : "2008-09-05T20:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0168",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0166.html",
"name" : "20030331 iDEFENSE Security Advisory 03.31.03: Buffer Overflow in Windows QuickTime Player",
"refsource" : "VULNWATCH",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://www.idefense.com/advisory/03.31.03.txt",
"name" : "http://www.idefense.com/advisory/03.31.03.txt",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://lists.apple.com/mhonarc/security-announce/msg00027.html",
"name" : "http://lists.apple.com/mhonarc/security-announce/msg00027.html",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/112553",
"name" : "VU#112553",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://www.securityfocus.com/bid/7247",
"name" : "7247",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/10561",
"name" : "10561",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11671",
"name" : "quicktime-url-bo(11671)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/317148/30/25220/threaded",
"name" : "20030401 iDEFENSE Security Advisory 03.31.03: Buffer Overflow in Windows QuickTime Player",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/317141/30/25220/threaded",
"name" : "20030401 Fwd: QuickTime 6.1 for Windows is available",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in Apple QuickTime Player 5.x and 6.0 for Windows allows remote attackers to execute arbitrary code via a long QuickTime URL."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apple:quicktime:5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apple:quicktime:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-04-02T05:00Z",
"lastModifiedDate" : "2018-10-19T15:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0169",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0164.html",
"name" : "20030331 [DDI-1012] Malformed request causes denial of service in HP Instant TopTools",
"refsource" : "VULNWATCH",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7246",
"name" : "7246",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104914959705949&w=2",
"name" : "20030331 [DDI-1012] Malformed request causes denial of service in HP Instant TopTools",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "hpnst.exe in the GoAhead-Webs webserver for HP Instant TopTools before 5.55 allows remote attackers to cause a denial of service (CPU consumption) via a request to hpnst.exe that calls itself, which causes an infinite loop."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:instant_toptools:5.04:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-04-11T04:00Z",
"lastModifiedDate" : "2016-10-18T02:30Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0170",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www-1.ibm.com/support/docview.wss?uid=isg1IY42424",
"name" : "IY42424",
"refsource" : "AIXAPAR",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7346",
"name" : "7346",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www-1.ibm.com/services/continuity/recover1.nsf/MSS/MSS-OAR-E01-2003.0469.1",
"name" : "MSS-OAR-E01-2003.0469.1",
"refsource" : "IBM",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/4878",
"name" : "4878",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11823",
"name" : "aix-ftpd-gain-access(11823)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unknown vulnerability in ftpd in IBM AIX 5.2, when configured to use Kerberos 5 for authentication, allows remote attackers to gain privileges via unknown attack vectors."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-03-29T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0171",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.atstake.com/research/advisories/2003/a041003-1.txt",
"name" : "A041003-1",
"refsource" : "ATSTAKE",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://lists.apple.com/mhonarc/security-announce/msg00028.html",
"name" : "http://lists.apple.com/mhonarc/security-announce/msg00028.html",
"refsource" : "CONFIRM",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "DirectoryServices in MacOS X trusts the PATH environment variable to locate and execute the touch command, which allows local users to execute arbitrary commands by modifying the PATH to point to a directory containing a malicious touch program."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.0.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.1.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.1.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.1.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-05-05T04:00Z",
"lastModifiedDate" : "2008-09-10T19:18Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0172",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/7210",
"name" : "7210",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/archive/1/316583",
"name" : "20030327 Re: @(#)Mordred Labs advisory - PHP for Win32: buffer overflow in openlog() function",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/385238",
"name" : "20041222 PHP v4.3.x exploit for Windows.",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/2113",
"name" : "2113",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104878149020152&w=2",
"name" : "20030327 @(#)Mordred Labs advisory - PHP for Win32: buffer overflow in openlog() function",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104931415307111&w=2",
"name" : "20030402 Inaccurate Reports Concerning PHP Vulnerabilities",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11637",
"name" : "php-openlog-stack-bo(11637)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in openlog function for PHP 4.3.1 on Windows operating system, and possibly other OSes, allows remote attackers to cause a crash and possibly execute arbitrary code via a long filename argument."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php:php:4.3.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-04-02T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0173",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20030404-01-P",
"name" : "20030404-01-P",
"refsource" : "SGI",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-283",
"name" : "DSA-283",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/111673",
"name" : "VU#111673",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:047",
"name" : "MDKSA-2003:047",
"refsource" : "MANDRAKE",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "xfsdq in xfsdump does not create quota information files securely, which allows local users to gain root privileges."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xfsdump:xfsdump:2.0.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xfsdump:xfsdump:2.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.10f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.12m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.13f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.15m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.16f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.18:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.18m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xfsdump:xfsdump:2.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.16m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.4m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.17f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.4f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.17:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.9m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.12:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.19f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xfsdump:xfsdump:2.0.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.17m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.12f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.3m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.11f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.11m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.6m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xfsdump:xfsdump:2.0.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.5f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.9f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xfsdump:xfsdump:2.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.3f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.14f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.13m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.10m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.15f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.18f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.7m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.19:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.2f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.2m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.15:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.8m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.6f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.7f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.14m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.14:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.19m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.8f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.5m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.13:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.16:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-05-05T04:00Z",
"lastModifiedDate" : "2008-09-10T19:18Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0174",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20030407-01-P",
"name" : "20030407-01-P",
"refsource" : "SGI",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7442",
"name" : "7442",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.ciac.org/ciac/bulletins/n-084.shtml",
"name" : "N-084",
"refsource" : "CIAC",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11860",
"name" : "irix-ldap-authentication-bypass(11860)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The LDAP name service (nsd) in IRIX 6.5.19 and earlier does not properly verify if the USERPASSWORD attribute has been provided by an LDAP server, which could allow attackers to log in without a password."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.11f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.13m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.14:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.11m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.12:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.14f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.14m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.17f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.17m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.9f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.16m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.4m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.3f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.17:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.10m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.7m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.19:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.16f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.13f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.2f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.6f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.3m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.6m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.18m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.10f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.13:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.16:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.4f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.9m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.15f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.18f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.19f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.2m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.15:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.8m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.12f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.7f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.19m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.15m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.8f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.5f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.18:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.5m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.12m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-05-12T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0175",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.kb.cert.org/vuls/id/142228",
"name" : "VU#142228",
"refsource" : "CERT-VN",
"tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.securityfocus.com/bid/7868",
"name" : "7868",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20030603-01-P",
"name" : "20030603-01-P",
"refsource" : "SGI",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securitytracker.com/id?1008770",
"name" : "1008770",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12241",
"name" : "irix-piocswatch-ioctl-dos(12241)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "SGI IRIX before 6.5.21 allows local users to cause a denial of service (kernel panic) via a certain call to the PIOCSWATCH ioctl."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.12:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.12f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.12m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.15:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.15f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.17m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.18:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.20f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.20m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.16m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.4m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.3f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.14f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.4f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.13m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.10m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.19f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.19:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.16f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.8m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.7f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.14:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.11f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.11m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.8f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.5m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.9f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.17f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.17:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.9m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.18f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.7m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.13f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.20:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.2f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.2m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.6f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.14m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.3m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.19m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.15m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.6m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.5f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.18m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.10f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.13:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.16:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 2.1
},
"severity" : "LOW",
"exploitabilityScore" : 3.9,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-02-03T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0176",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20030701-01-P",
"name" : "20030701-01-P",
"refsource" : "SGI",
"tags" : [ "Patch", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The Name Service Daemon (nsd), when running on an NIS master on SGI IRIX 6.5.x through 6.5.20f, and possibly earlier versions, allows remote attackers to cause a denial of service (crash) via a UDP port scan."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.19m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.20f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.20m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.15m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.16f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.16m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.17f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.12:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.15f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.18f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.19f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.17m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.14:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.18m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.13:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-18T04:00Z",
"lastModifiedDate" : "2008-09-05T20:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0177",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20030701-01-P",
"name" : "20030701-01-P",
"refsource" : "SGI",
"tags" : [ "Patch", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "SGI IRIX 6.5.x through 6.5.20f, and possibly earlier versions, does not follow \"-\" entries in the /etc/group file, which may cause subsequent group membership entries to be processed inadvertently."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.14:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.15f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.15m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.16f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.18m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.19f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.16m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.17f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.12:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.18f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.17m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.20m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.19m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.20f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.13:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-18T04:00Z",
"lastModifiedDate" : "2008-09-05T20:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0178",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.kb.cert.org/vuls/id/772817",
"name" : "VU#772817",
"refsource" : "CERT-VN",
"tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.securityfocus.com/bid/6871",
"name" : "6871",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.nextgenss.com/advisories/lotus-hostlocbo.txt",
"name" : "http://www.nextgenss.com/advisories/lotus-hostlocbo.txt",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.nextgenss.com/advisories/lotus-inotesoflow.txt",
"name" : "http://www.nextgenss.com/advisories/lotus-inotesoflow.txt",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.cert.org/advisories/CA-2003-11.html",
"name" : "CA-2003-11",
"refsource" : "CERT",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/206361",
"name" : "VU#206361",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/542873",
"name" : "VU#542873",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://www.ciac.org/ciac/bulletins/n-065.shtml",
"name" : "N-065",
"refsource" : "CIAC",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6870",
"name" : "6870",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0080.html",
"name" : "20030217 Lotus Domino Web Server Host/Location Buffer Overflow Vulnerability (#NISR17022003a)",
"refsource" : "VULNWATCH",
"tags" : [ ]
}, {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0081.html",
"name" : "20030217 Lotus Domino Web Server iNotes Overflow (#NISR17022003b)",
"refsource" : "VULNWATCH",
"tags" : [ ]
}, {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0082.html",
"name" : "20030217 Lotus iNotes Client ActiveX Control Buffer Overrun (#NISR17022003c)",
"refsource" : "VULNWATCH",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104550335103136&w=2",
"name" : "20030217 Domino Advisories UPDATE",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104550063431461&w=2",
"name" : "20030217 Lotus Domino Web Server iNotes Overflow (#NISR17022003b)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104550063431463&w=2",
"name" : "20030217 Lotus Domino Web Server Host/Location Buffer Overflow Vulnerability (#NISR17022003a)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=ntbugtraq&m=104558777531350&w=2",
"name" : "20030217 Lotus Domino Web Server iNotes Overflow (#NISR17022003b)",
"refsource" : "NTBUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=ntbugtraq&m=104558778331387&w=2",
"name" : "20030217 Domino Advisories UPDATE",
"refsource" : "NTBUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=ntbugtraq&m=104558777331345&w=2",
"name" : "20030217 Lotus Domino Web Server Host/Location Buffer Overflow Vulnerability (#NISR17022003a)",
"refsource" : "NTBUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11337",
"name" : "lotus-domino-hostname-bo(11337)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11336",
"name" : "lotus-domino-inotes-bo(11336)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple buffer overflows in Lotus Domino Web Server before 6.0.1 allow remote attackers to cause a denial of service or execute arbitrary code via (1) the s_ViewName option in the PresetFields parameter for iNotes, (2) the Foldername option in the PresetFields parameter for iNotes, or (3) a long Host header, which is inserted into a long Location header and used during a redirect operation."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino_web_server:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-04-02T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0179",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.kb.cert.org/vuls/id/571297",
"name" : "VU#571297",
"refsource" : "CERT-VN",
"tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.securityfocus.com/bid/6872",
"name" : "6872",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0082.html",
"name" : "20030217 Lotus iNotes Client ActiveX Control Buffer Overrun (#NISR17022003c)",
"refsource" : "VULNWATCH",
"tags" : [ ]
}, {
"url" : "http://www.nextgenss.com/advisories/lotus-inotesclientaxbo.txt",
"name" : "http://www.nextgenss.com/advisories/lotus-inotesclientaxbo.txt",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg21104543",
"name" : "http://www-1.ibm.com/support/docview.wss?uid=swg21104543",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.cert.org/advisories/CA-2003-11.html",
"name" : "CA-2003-11",
"refsource" : "CERT",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://www.ciac.org/ciac/bulletins/n-065.shtml",
"name" : "N-065",
"refsource" : "CIAC",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104550335103136&w=2",
"name" : "20030217 Domino Advisories UPDATE",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=ntbugtraq&m=104558778331387&w=2",
"name" : "20030217 Domino Advisories UPDATE",
"refsource" : "NTBUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104550124032513&w=2",
"name" : "20030217 Lotus iNotes Client ActiveX Control Buffer Overrun (#NISR17022003c)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=ntbugtraq&m=104558778131373&w=2",
"name" : "20030217 Lotus iNotes Client ActiveX Control Buffer Overrun (#NISR17022003c)",
"refsource" : "NTBUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11339",
"name" : "lotus-notes-activex-bo(11339)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in the COM Object Control Handler for Lotus Domino 6.0.1 and earlier allows remote attackers to execute arbitrary code via multiple attack vectors, as demonstrated using the InitializeUsingNotesUserName method in the iNotes ActiveX control."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino_web_server:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:lotus_notes_client:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-04-02T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0180",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.nextgenss.com/advisories/lotus-60dos.txt",
"name" : "http://www.nextgenss.com/advisories/lotus-60dos.txt",
"refsource" : "MISC",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.cert.org/advisories/CA-2003-11.html",
"name" : "CA-2003-11",
"refsource" : "CERT",
"tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/355169",
"name" : "VU#355169",
"refsource" : "CERT-VN",
"tags" : [ "Patch", "US Government Resource", "Third Party Advisory" ]
}, {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0086.html",
"name" : "20030218 More Lotus Domino Advisories",
"refsource" : "VULNWATCH",
"tags" : [ ]
}, {
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg21104528",
"name" : "http://www-1.ibm.com/support/docview.wss?uid=swg21104528",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.ciac.org/ciac/bulletins/n-065.shtml",
"name" : "N-065",
"refsource" : "CIAC",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6951",
"name" : "6951",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11360",
"name" : "lotus-incomplete-post-dos(11360)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote attackers to cause a denial of service via an incomplete POST request, as demonstrated using the h_PageUI form."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino_web_server:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-04-02T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0181",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.nextgenss.com/advisories/lotus-60dos.txt",
"name" : "http://www.nextgenss.com/advisories/lotus-60dos.txt",
"refsource" : "MISC",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.cert.org/advisories/CA-2003-11.html",
"name" : "CA-2003-11",
"refsource" : "CERT",
"tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0086.html",
"name" : "20030218 More Lotus Domino Advisories",
"refsource" : "VULNWATCH",
"tags" : [ ]
}, {
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg21104528",
"name" : "http://www-1.ibm.com/support/docview.wss?uid=swg21104528",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6951",
"name" : "6951",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11361",
"name" : "lotus-invalid-field-dos(11361)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote attackers to cause a denial of service via a \"Fictionary Value Field POST request\" as demonstrated using the s_Validation form with a long, unknown parameter name."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:lotus_domino_web_server:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-04-02T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0187",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=105986028426824&w=2",
"name" : "20030802 [SECURITY] Netfilter Security Advisory: Conntrack list_del() DoS",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A260",
"name" : "oval:org.mitre.oval:def:260",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The connection tracking core of Netfilter for Linux 2.4.20, with CONFIG_IP_NF_CONNTRACK enabled or the ip_conntrack module loaded, allows remote attackers to cause a denial of service (resource consumption) due to an inconsistency with Linux 2.4.20's support of linked lists, which causes Netfilter to fail to identify connections with an UNCONFIRMED status and use large timeouts."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.20:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0188",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-169.html",
"name" : "RHSA-2003:169",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-304",
"name" : "DSA-304",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-167.html",
"name" : "RHSA-2003:167",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.turbolinux.com/security/TLSA-2003-35.txt",
"name" : "TLSA-2003-35",
"refsource" : "TURBO",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A430",
"name" : "oval:org.mitre.oval:def:430",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "lv reads a .lv file from the current working directory, which allows local users to execute arbitrary commands as other lv users by placing malicious .lv files into other directories."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:lv:lv:4.49.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:lv:lv:4.49.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:lv:4.49.4-9:*:i386:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:lv:lv:4.49.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:lv:lv:4.49.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:lv:4.49.4-1:*:i386:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:lv:4.49.4-3:*:i386:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:lv:4.49.4-7:*:i386:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:linux:8.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:linux:7.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:linux:9.0:*:i386:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-09T04:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0189",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.apache.org/dist/httpd/Announcement2.html",
"name" : "http://www.apache.org/dist/httpd/Announcement2.html",
"refsource" : "CONFIRM",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-186.html",
"name" : "RHSA-2003:186",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/479268",
"name" : "VU#479268",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://www.securityfocus.com/bid/7725",
"name" : "7725",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/8881",
"name" : "8881",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000661",
"name" : "CLA-2003:661",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105418115512559&w=2",
"name" : "20030528 [SECURITY] [ANNOUNCE] Apache 2.0.46 released",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12091",
"name" : "apache-aprpasswordvalidate-dos(12091)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r7035b7c9091c4b665a3b7205364775410646f12125d48e74e395f2ce@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1888194 [2/13] - /httpd/site/trunk/content/security/json/",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/re028d61fe612b0908595d658b9b39e74bca56f2a1ed3c5f06b5ab571@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073139 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/raa117ef183f0da9b3f46efbeaa66f7622bd68868a450cae4fd8ed594@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073149 [3/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210606 svn commit: r1075467 [1/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the crypt_r or crypt functions, which allows remote attackers to cause a denial of service (failed Basic authentication with valid usernames and passwords) when a threaded MPM is used."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.44:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.45:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.40:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.41:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.42:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.43:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-09T04:00Z",
"lastModifiedDate" : "2021-06-06T11:15Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0190",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/7467",
"name" : "7467",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-April/004815.html",
"name" : "20030430 OpenSSH/PAM timing attack allows remote users identification",
"refsource" : "FULLDISC",
"tags" : [ ]
}, {
"url" : "http://lab.mediaservice.net/advisory/2003-01-openssh.txt",
"name" : "http://lab.mediaservice.net/advisory/2003-01-openssh.txt",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-222.html",
"name" : "RHSA-2003:222",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-224.html",
"name" : "RHSA-2003:224",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.turbolinux.com/security/TLSA-2003-31.txt",
"name" : "TLSA-2003-31",
"refsource" : "TURBO",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105172058404810&w=2",
"name" : "20030430 OpenSSH/PAM timing attack allows remote users identification",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106018677302607&w=2",
"name" : "20030806 [OpenPKG-SA-2003.035] OpenPKG Security Advisory (openssh)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A445",
"name" : "oval:org.mitre.oval:def:445",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openbsd:openssh:3.6.1p1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openbsd:openssh:3.4p1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-05-12T04:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0192",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-240.html",
"name" : "RHSA-2003:240",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-243.html",
"name" : "RHSA-2003:243",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.6/SCOSA-2004.6.txt",
"name" : "SCOSA-2004.6",
"refsource" : "SCO",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-244.html",
"name" : "RHSA-2003:244",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:075",
"name" : "MDKSA-2003:075",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105776593602600&w=2",
"name" : "20030709 [ANNOUNCE][SECURITY] Apache 2.0.47 released",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A169",
"name" : "oval:org.mitre.oval:def:169",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r7035b7c9091c4b665a3b7205364775410646f12125d48e74e395f2ce@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1888194 [2/13] - /httpd/site/trunk/content/security/json/",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/re028d61fe612b0908595d658b9b39e74bca56f2a1ed3c5f06b5ab571@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073139 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/raa117ef183f0da9b3f46efbeaa66f7622bd68868a450cae4fd8ed594@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073149 [3/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/",
"refsource" : "MLIST",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle \"certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one,\" which could cause Apache to use the weak ciphersuite."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.32:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.35:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.36:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.43:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.44:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.39:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.28:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.41:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.42:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.40:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.37:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.38:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.45:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.46:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 6.4
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 4.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-18T04:00Z",
"lastModifiedDate" : "2021-06-06T11:15Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0193",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2004/dsa-575",
"name" : "DSA-575",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/11560",
"name" : "11560",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/11193",
"name" : "11193",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/13021/",
"name" : "13021",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/13022/",
"name" : "13022",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=183525",
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=183525",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16335",
"name" : "catdoc-xlsview-symlink(16335)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "msxlsview.sh in xlsview for catdoc 0.91 and earlier allows local users to overwrite arbitrary files via a symlink attack on predictable temporary file names (\"word$$.html\")."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:catdoc:catdoc:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "0.91",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 2.1
},
"severity" : "LOW",
"exploitabilityScore" : 3.9,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-08-18T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0194",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-174.html",
"name" : "RHSA-2003:174",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-151.html",
"name" : "RHSA-2003:151",
"refsource" : "REDHAT",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "tcpdump does not properly drop privileges to the pcap user when starting up."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:tcpdump:3.6.3-3:*:i386:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:tcpdump:3.7.2-1:*:i386:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:tcpdump:3.4-39:*:i386:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:tcpdump:3.6.2-9:*:i386:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:tcpdump:3.6.2-12:*:i386:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:tcpdump:3.6.2-9:*:ia64:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:linux:7.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:linux:9.0:*:i386:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:linux:8.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-09T04:00Z",
"lastModifiedDate" : "2008-09-05T20:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0195",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-171.html",
"name" : "RHSA-2003:171",
"refsource" : "REDHAT",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-317",
"name" : "DSA-317",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.novell.com/linux/security/advisories/2003_028.html",
"name" : "SuSE-SA:2003:028",
"refsource" : "SUSE",
"tags" : [ ]
}, {
"url" : "http://www.turbolinux.com/security/TLSA-2003-33.txt",
"name" : "TLSA-2003-33",
"refsource" : "TURBO",
"tags" : [ ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000678",
"name" : "CLSA-2003:678",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/7637",
"name" : "7637",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:062",
"name" : "MDKSA-2003:062",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105427288724449&w=2",
"name" : "20030529 [slackware-security] CUPS DoS vulnerability fixed (SSA:2003-149-01)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6",
"name" : "oval:org.mitre.oval:def:6",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "CUPS before 1.1.19 allows remote attackers to cause a denial of service via a partial printing request to the IPP port (631), which does not time out."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:slackware:slackware_linux:8.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:slackware:slackware_linux:9.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-16T04:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0196",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-280",
"name" : "DSA-280",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-137.html",
"name" : "RHSA-2003:137",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:044",
"name" : "MDKSA-2003:044",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104973186901597&w=2",
"name" : "20030407 [OpenPKG-SA-2003.028] OpenPKG Security Advisory (samba)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104974612519064&w=2",
"name" : "20030407 Immunix Secured OS 7+ samba update",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A564",
"name" : "oval:org.mitre.oval:def:564",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple buffer overflows in Samba before 2.2.8a may allow remote attackers to execute arbitrary code or cause a denial of service, as discovered by the Samba team and a different vulnerability than CVE-2003-0201."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba-tng:samba-tng:0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba-tng:samba-tng:0.3.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.3a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.1a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.7a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.0a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:4.0d:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:4.0d_pk9_bl17:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.0_pk4_bl18:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.0a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1_pk6_bl20:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.20:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.24:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:2.5.1:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.0a_pk3_bl17:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.01:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:2.5.1:*:ppc:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.04:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1_pk4_bl18:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.0_pk4_bl17:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1b_pk1_bl1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:4.0f_pk6_bl17:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:4.0g_pk3_bl17:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:4.0f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:4.0b:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1_pk5_bl19:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1a_pk2_bl2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.0f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1a_pk1_bl1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1_pk3_bl17:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:4.0g:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1a_pk3_bl3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.22:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1b:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:4.0f_pk7_bl18:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.20:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:cifs-9000_server:a.01.09.01:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:cifs-9000_server:a.01.09.02:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:cifs-9000_server:a.01.08.01:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:cifs-9000_server:a.01.09:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:cifs-9000_server:a.01.05:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:cifs-9000_server:a.01.06:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:cifs-9000_server:a.01.07:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:cifs-9000_server:a.01.08:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-05-05T04:00Z",
"lastModifiedDate" : "2018-10-30T16:26Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0197",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.secnetops.com/research/advisories/SRT2003-04-03-1300.txt",
"name" : "http://www.secnetops.com/research/advisories/SRT2003-04-03-1300.txt",
"refsource" : "MISC",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0003.html",
"name" : "20030403 SRT2003-04-03-1300 - Interbase ISC_LOCK_ENV overflow",
"refsource" : "VULNWATCH",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104940730819887&w=2",
"name" : "20030403 SRT2003-04-03-1300 - Interbase ISC_LOCK_ENV overflow",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow gds_lock_mgr of Interbase Database 6.x allows local users to gain privileges via a long ISC_LOCK_ENV environment variable (INTERBASE_LOCK)."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:borland_software:interbase:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:borland_software:interbase:6.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:borland_software:interbase:6.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:firebirdsql:firebird:1.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-04-11T04:00Z",
"lastModifiedDate" : "2016-10-18T02:30Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0198",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://lists.apple.com/mhonarc/security-announce/msg00028.html",
"name" : "http://lists.apple.com/mhonarc/security-announce/msg00028.html",
"refsource" : "CONFIRM",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Mac OS X before 10.2.5 allows guest users to modify the permissions of the DropBox folder and read unauthorized files."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.0.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.1.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.1.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.1.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 6.4
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 4.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-05-05T04:00Z",
"lastModifiedDate" : "2008-09-10T19:18Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0199",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ ]
} ]
},
"references" : {
"reference_data" : [ ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ ]
},
"impact" : { },
"publishedDate" : "2017-05-11T14:29Z",
"lastModifiedDate" : "2017-05-11T14:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0200",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ ]
} ]
},
"references" : {
"reference_data" : [ ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ ]
},
"impact" : { },
"publishedDate" : "2017-05-11T14:29Z",
"lastModifiedDate" : "2017-05-11T14:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0201",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-280",
"name" : "DSA-280",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7294",
"name" : "7294",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.digitaldefense.net/labs/advisories/DDI-1013.txt",
"name" : "http://www.digitaldefense.net/labs/advisories/DDI-1013.txt",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.novell.com/linux/security/advisories/2003_025_samba.html",
"name" : "SuSE-SA:2003:025",
"refsource" : "SUSE",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-137.html",
"name" : "RHSA-2003:137",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20030403-01-P",
"name" : "20030403-01-P",
"refsource" : "SGI",
"tags" : [ ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/267873",
"name" : "VU#267873",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000624",
"name" : "CLA-2003:624",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:044",
"name" : "MDKSA-2003:044",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104972664226781&w=2",
"name" : "20030407 [DDI-1013] Buffer Overflow in Samba allows remote root compromise",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104974612519064&w=2",
"name" : "20030407 Immunix Secured OS 7+ samba update",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104994564212488&w=2",
"name" : "20030409 GLSA: samba (200304-02)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104981682014565&w=2",
"name" : "20030408 [Sorcerer-spells] SAMBA--SORCERER2003-04-08",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A567",
"name" : "oval:org.mitre.oval:def:567",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2163",
"name" : "oval:org.mitre.oval:def:2163",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.1a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.3a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.0a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.7a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba-tng:samba-tng:0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba-tng:samba-tng:0.3.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.0.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:2.2.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:4.0d_pk9_bl17:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:4.0f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:4.0f_pk6_bl17:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.0a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.0a_pk3_bl17:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:4.0b:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:4.0d:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.0_pk4_bl17:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.0_pk4_bl18:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1_pk5_bl19:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.01:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:2.5.1:*:ppc:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:2.5.1:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.04:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:4.0g:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.24:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1_pk6_bl20:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.20:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1a_pk2_bl2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.0f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:4.0f_pk7_bl18:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:x86_update_2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1a_pk1_bl1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1_pk3_bl17:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1_pk4_bl18:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1b_pk1_bl1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:4.0g_pk3_bl17:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1a_pk3_bl3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.22:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1b:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.20:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:cifs-9000_server:a.01.09:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:cifs-9000_server:a.01.09.01:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:cifs-9000_server:a.01.09.02:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:cifs-9000_server:a.01.05:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:cifs-9000_server:a.01.06:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:cifs-9000_server:a.01.07:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:cifs-9000_server:a.01.08:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:cifs-9000_server:a.01.08.01:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-05-05T04:00Z",
"lastModifiedDate" : "2018-10-30T16:26Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0202",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-279",
"name" : "DSA-279",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7293",
"name" : "7293",
"refsource" : "BID",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11734",
"name" : "metrics-tmpfile-symlink(11734)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The (1) halstead and (2) gather_stats scripts in metrics 1.0 allow local users to overwrite arbitrary files via a symlink attack on temporary files."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:brian_renaud:metrics:1.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-04-15T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0203",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/6921",
"name" : "6921",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-281",
"name" : "DSA-281",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/8136",
"name" : "8136",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2003-02/0338.html",
"name" : "20030223 moxftp arbitrary code execution poc/advisory",
"refsource" : "FULLDISC",
"tags" : [ ]
}, {
"url" : "http://www.securitytracker.com/id?1006156",
"name" : "1006156",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104610380126860&w=2",
"name" : "20030223 moxftp arbitrary code execution poc/advisory",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11399",
"name" : "moxftp-welcome-banner-bo(11399)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in moxftp 2.2 and earlier allows remote malicious FTP servers to execute arbitrary code via a long FTP banner."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:moxftp:moxftp:2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xftp:xftp:2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-04-11T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0204",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.kde.org/info/security/advisory-20030409-1.txt",
"name" : "http://www.kde.org/info/security/advisory-20030409-1.txt",
"refsource" : "CONFIRM",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-284",
"name" : "DSA-284",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://bugs.kde.org/show_bug.cgi?id=56808",
"name" : "http://bugs.kde.org/show_bug.cgi?id=56808",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://bugs.kde.org/show_bug.cgi?id=53343",
"name" : "http://bugs.kde.org/show_bug.cgi?id=53343",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-293",
"name" : "DSA-293",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-296",
"name" : "DSA-296",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-002.html",
"name" : "RHSA-2003:002",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000668",
"name" : "CLA-2003:668",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000747",
"name" : "CLA-2003:747",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:049",
"name" : "MDKSA-2003:049",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105017403010459&w=2",
"name" : "20030412 [Sorcerer-spells] KDE-SORCERER2003-04-12",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105012994719099&w=2",
"name" : "20030411 GLSA: kde-2.x (200304-05)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105034222521369&w=2",
"name" : "20030414 GLSA: kde-2.x (200304-05.1)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105001557020141&w=2",
"name" : "20030410 GLSA: kde-3.x (200304-04)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "KDE 2 and KDE 3.1.1 and earlier 3.x versions allows attackers to execute arbitrary commands via (1) PostScript (PS) or (2) PDF files, related to missing -dPARANOIDSAFER and -dSAFER arguments when using the kghostview Ghostscript viewer."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:kde:kde:2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:kde:kde:2.2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:kde:kde:3.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:kde:kde:3.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:kde:kde:3.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:kde:kde:2.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:kde:kde:2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:kde:kde:3.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:kde:kde:3.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:kde:kde:2.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:kde:kde:2.1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:kde:kde:2.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:kde:kde:3.0.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:kde:kde:2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:kde:kde:3.0.5a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:kde:kde:3.0.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:kde:kde:3.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:kde:kde:3.0.3a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-05-05T04:00Z",
"lastModifiedDate" : "2016-10-18T02:30Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0205",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-294",
"name" : "DSA-294",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105111327000755&w=2",
"name" : "20030423 Security problems in gkrellm-newsticker",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "gkrellm-newsticker gkrellm plugin before 0.3-3.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the ticker title of a URI."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gkrellm_newsticker:gkrellm_newsticker:0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-05-12T04:00Z",
"lastModifiedDate" : "2016-10-18T02:30Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0206",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-294",
"name" : "DSA-294",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105111327000755&w=2",
"name" : "20030423 Security problems in gkrellm-newsticker",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "gkrellm-newsticker gkrellm plugin before 0.3-3.1 allows remote attackers to cause a denial of service (crash) via (1) link or (2) title elements that contain multiple lines."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gkrellm_newsticker:gkrellm_newsticker:0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-05-12T04:00Z",
"lastModifiedDate" : "2016-10-18T02:30Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0207",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-286",
"name" : "DSA-286",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "ps2epsi creates insecure temporary files when calling ghostscript, which allows local attackers to overwrite arbitrary files."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gs-common:gs-common:0.3.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 2.1
},
"severity" : "LOW",
"exploitabilityScore" : 3.9,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-05-05T04:00Z",
"lastModifiedDate" : "2008-09-10T19:18Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0208",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securiteam.com/securitynews/5XP0B0U9PE.html",
"name" : "http://www.securiteam.com/securitynews/5XP0B0U9PE.html",
"refsource" : "MISC",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.macromedia.com/support/flash/ts/documents/clicktag_security.htm",
"name" : "http://www.macromedia.com/support/flash/ts/documents/clicktag_security.htm",
"refsource" : "CONFIRM",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-April/004514.html",
"name" : "20030413 Misuse of Macromedia Flash Ads clickTAG Option May Lead to Privacy Breach",
"refsource" : "FULLDISC",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105033712615013&w=2",
"name" : "20030413 Misuse of Macromedia Flash Ads clickTAG Option May Lead to Privacy Breach",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in Macromedia Flash ad user tracking capability allows remote attackers to insert arbitrary Javascript via the clickTAG field."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:macromedia:flash:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-05-05T04:00Z",
"lastModifiedDate" : "2016-10-18T02:30Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0209",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.kb.cert.org/vuls/id/139129",
"name" : "VU#139129",
"refsource" : "CERT-VN",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.securityfocus.com/bid/7178",
"name" : "7178",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-297",
"name" : "DSA-297",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.cert.org/advisories/CA-2003-13.html",
"name" : "CA-2003-13",
"refsource" : "CERT",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://www.coresecurity.com/common/showdoc.php?idx=313&idxseccion=10",
"name" : "http://www.coresecurity.com/common/showdoc.php?idx=313&idxseccion=10",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:052",
"name" : "MDKSA-2003:052",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105154530427824&w=2",
"name" : "20030428 GLSA: snort (200304-06)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105043563016235&w=2",
"name" : "20030415 CORE-2003-0307: Snort TCP Stream Reassembly Integer Overflow Vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105111217731583&w=2",
"name" : "20030423 Snort <=1.9.1 exploit",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105172790914107&w=2",
"name" : "ESA-20030430-013",
"refsource" : "ENGARDE",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105103586927007&w=2",
"name" : "20030422 GLSA: snort (200304-05)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Integer overflow in the TCP stream reassembly module (stream4) for Snort 2.0 and earlier allows remote attackers to execute arbitrary code via large sequence numbers in packets, which enable a heap-based buffer overflow."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sourcefire:snort:1.8.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sourcefire:snort:1.8.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:smoothwall:smoothwall:2.0_beta_4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sourcefire:snort:1.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sourcefire:snort:1.8.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sourcefire:snort:1.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sourcefire:snort:1.8.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sourcefire:snort:1.8.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sourcefire:snort:1.9.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sourcefire:snort:1.8.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sourcefire:snort:1.8.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-05-05T04:00Z",
"lastModifiedDate" : "2016-10-18T02:30Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0210",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.cisco.com/warp/public/707/cisco-sa-20030423-ACS.shtml",
"name" : "20030423 Cisco Secure Access Control Server for Windows Admin Buffer Overflow Vulnerability",
"refsource" : "CISCO",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/697049",
"name" : "VU#697049",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105120066126196&w=2",
"name" : "20030424 NSFOCUS SA2003-04 : Remote Buffer Overflow Vulnerability in Web Management Interface of Cisco Secure ACS",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=ntbugtraq&m=105118056332344&w=2",
"name" : "20030424 NSFOCUS SA2003-04 : Remote Buffer Overflow Vulnerability in Web Management Interface of Cisco Secure ACS",
"refsource" : "NTBUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in the administration service (CSAdmin) for Cisco Secure ACS before 3.1.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long user parameter to port 2002."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cisco:secure_access_control_server:2.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cisco:secure_access_control_server:2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cisco:secure_access_control_server:3.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cisco:secure_access_control_server:2.6.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cisco:secure_access_control_server:2.6.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cisco:secure_access_control_server:2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cisco:secure_access_control_server:2.6.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cisco:secure_access_control_server:3.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cisco:secure_access_control_server:2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cisco:secure_access_control_server:2.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cisco:secure_access_control_server:3.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cisco:secure_access_control_server:3.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-05-12T04:00Z",
"lastModifiedDate" : "2016-10-18T02:30Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0211",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=88537",
"name" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=88537",
"refsource" : "CONFIRM",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-160.html",
"name" : "RHSA-2003:160",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000782",
"name" : "CLA-2003:782",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:056",
"name" : "MDKSA-2003:056",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105068673220605&w=2",
"name" : "20030418 Xinetd 2.3.10 Memory Leaks",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A657",
"name" : "oval:org.mitre.oval:def:657",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Memory leak in xinetd 2.3.10 allows remote attackers to cause a denial of service (memory consumption) via a large number of rejected connections."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xinetd:xinetd:2.3.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xinetd:xinetd:2.3.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xinetd:xinetd:2.3.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xinetd:xinetd:2.3.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xinetd:xinetd:2.3.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xinetd:xinetd:2.3.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xinetd:xinetd:2.3.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xinetd:xinetd:2.3.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xinetd:xinetd:2.3.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xinetd:xinetd:2.3.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xinetd:xinetd:2.3.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-05-05T04:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0212",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-289",
"name" : "DSA-289",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105059298502830&w=2",
"name" : "20030417 Vulnerability in rinetd",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "handleAccept in rinetd before 0.62 does not properly resize the connection list when it becomes full and sets an array index incorrectly, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large number of connections."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:rinetd:rinetd:0.52:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:rinetd:rinetd:0.61:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-05-12T04:00Z",
"lastModifiedDate" : "2016-10-18T02:30Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0213",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/317995",
"name" : "20030409 PoPToP PPTP server remotely exploitable buffer overflow",
"refsource" : "BUGTRAQ",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-295",
"name" : "DSA-295",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7316",
"name" : "7316",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.novell.com/linux/security/advisories/2003_029.html",
"name" : "SuSE-SA:2003:029",
"refsource" : "SUSE",
"tags" : [ ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/673993",
"name" : "VU#673993",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://www.securityfocus.com/archive/1/319428",
"name" : "20030422 Re: Exploit for PoPToP PPTP server - Linux version",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://sourceforge.net/project/shownotes.php?release_id=138437",
"name" : "http://sourceforge.net/project/shownotes.php?release_id=138437",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105068728421160&w=2",
"name" : "20030418 Exploit for PoPToP PPTP server",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105154539727967&w=2",
"name" : "20030428 GLSA: pptpd (200304-08)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "ctrlpacket.c in PoPToP PPTP server before 1.1.4-b3 allows remote attackers to cause a denial of service via a length field of 0 or 1, which causes a negative value to be fed into a read operation, leading to a buffer overflow."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:poptop:pptp_server:1.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:poptop:pptp_server:1.1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:poptop:pptp_server:1.1.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:poptop:pptp_server:1.1.3_2002-10-09:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:poptop:pptp_server:1.1.4b1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:poptop:pptp_server:1.1.4b2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-05-12T04:00Z",
"lastModifiedDate" : "2016-10-18T02:30Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0214",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-292",
"name" : "DSA-292",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "run-mailcap in mime-support 3.22 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:debian:mime-support:3.14:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:debian:mime-support:3.15:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:debian:mime-support:3.16:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:debian:mime-support:3.17:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:debian:mime-support:3.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:debian:mime-support:3.13:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:debian:mime-support:3.18:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:debian:mime-support:3.20:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:debian:mime-support:3.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:debian:mime-support:3.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:debian:mime-support:3.12:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:debian:mime-support:3.21:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:debian:mime-support:3.19:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-05-12T04:00Z",
"lastModifiedDate" : "2008-09-05T20:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0215",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.battleaxesoftware.com/forums/forum.asp?forumid=36&select=1812",
"name" : "http://www.battleaxesoftware.com/forums/forum.asp?forumid=36&select=1812",
"refsource" : "CONFIRM",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://securitytracker.com/id?1006632",
"name" : "1006632",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105120052725940&w=2",
"name" : "20030424 SQL injection in BttlxeForum",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "SQL injection vulnerability in bttlxeForum 2.0 beta 3 and earlier allows remote attackers to bypass authentication via the (1) username and (2) password fields, and possibly other fields."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:battleaxe_software:bttlxeforum:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "2.0_beta_3",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-05-12T04:00Z",
"lastModifiedDate" : "2016-10-18T02:30Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0216",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-287"
}, {
"lang" : "en",
"value" : "NVD-CWE-noinfo"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.cisco.com/warp/public/707/cisco-sa-20030424-catos.shtml.",
"name" : "20030424 Cisco Security Advisory: Cisco Catalyst Enable Password Bypass Vulnerability",
"refsource" : "CISCO",
"tags" : [ ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/443257",
"name" : "VU#443257",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unknown vulnerability in Cisco Catalyst 7.5(1) allows local users to bypass authentication and gain access to the enable mode without a password."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:catos:7.5\\(1\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 9.3
},
"severity" : "HIGH",
"exploitabilityScore" : 8.6,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-05-12T04:00Z",
"lastModifiedDate" : "2008-09-10T19:18Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0217",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=105283833617480&w=2",
"name" : "20030513 XSS In Neoteris IVE Allows Session Hijacking",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in Neoteris Instant Virtual Extranet (IVE) 3.01 and earlier allows remote attackers to insert arbitrary web script and bypass authentication via a certain CGI script."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:neoteris:instant_virtual_extranet:3.01:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 6.8
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-16T04:00Z",
"lastModifiedDate" : "2016-10-18T02:30Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0218",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-119"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0029.html",
"name" : "20030420 Monkey HTTPd Remote Buffer Overflow",
"refsource" : "VULNWATCH",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7202",
"name" : "7202",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://monkeyd.sourceforge.net/Changelog.txt",
"name" : "http://monkeyd.sourceforge.net/Changelog.txt",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105094204204166&w=2",
"name" : "20030420 Monkey HTTPd Remote Buffer Overflow",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105154473526898&w=2",
"name" : "20030428 GLSA: monkeyd (200304-07.1)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in PostMethod() function for Monkey HTTP Daemon (monkeyd) 0.6.1 and earlier allows remote attackers to execute arbitrary code via a POST request with a large body."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:monkey-project:monkey:0.6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:monkey-project:monkey:0.5.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:monkey-project:monkey:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "0.6.1",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:monkey-project:monkey:0.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-05-12T04:00Z",
"lastModifiedDate" : "2020-03-26T14:23Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0219",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.coresecurity.com/common/showdoc.php?idx=314&idxseccion=10",
"name" : "http://www.coresecurity.com/common/showdoc.php?idx=314&idxseccion=10",
"refsource" : "MISC",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/641012",
"name" : "VU#641012",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://www.securityfocus.com/bid/7179",
"name" : "7179",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105155734411836&w=2",
"name" : "20030428 CORE-2003-0305-02: Vulnerabilities in Kerio Personal Firewall",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote attackers to execute administrator commands by sniffing packets from a valid session and replaying them against the remote administration server."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:kerio:personal_firewall_2:2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:kerio:personal_firewall_2:2.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:kerio:personal_firewall_2:2.1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:kerio:personal_firewall_2:2.1.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:kerio:personal_firewall_2:2.1.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-05-12T04:00Z",
"lastModifiedDate" : "2016-10-18T02:30Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0220",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.coresecurity.com/common/showdoc.php?idx=314&idxseccion=10",
"name" : "http://www.coresecurity.com/common/showdoc.php?idx=314&idxseccion=10",
"refsource" : "MISC",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/454716",
"name" : "VU#454716",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://www.securityfocus.com/bid/7180",
"name" : "7180",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105155734411836&w=2",
"name" : "20030428 CORE-2003-0305-02: Vulnerabilities in Kerio Personal Firewall",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in the administrator authentication process for Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote attackers to execute arbitrary code via a handshake packet."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:kerio:personal_firewall_2:2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:kerio:personal_firewall_2:2.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:kerio:personal_firewall_2:2.1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:kerio:personal_firewall_2:2.1.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:kerio:personal_firewall_2:2.1.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-05-12T04:00Z",
"lastModifiedDate" : "2016-10-18T02:30Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0221",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.ciac.org/ciac/bulletins/n-086.shtml",
"name" : "SSRT3471",
"refsource" : "HP",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/7452",
"name" : "7452",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11892",
"name" : "tru64-dupatch-setld-symlink(11892)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The (1) dupatch and (2) setld utilities in HP Tru64 UNIX 5.1B PK1 and earlier allows local users to overwrite files and possibly gain root privileges via a symlink attack."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:tru64:*:pk1:*:*:*:*:*:*",
"versionEndIncluding" : "5.1b",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-05-12T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0222",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-119"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://otn.oracle.com/deploy/security/pdf/2003alert54.pdf",
"name" : "http://otn.oracle.com/deploy/security/pdf/2003alert54.pdf",
"refsource" : "CONFIRM",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7453",
"name" : "7453",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.ciac.org/ciac/bulletins/n-085.shtml",
"name" : "N-085",
"refsource" : "CIAC",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105162831008176&w=2",
"name" : "20030429 Oracle Database Server Buffer Overflow Vulnerability (#NISR29042003)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=ntbugtraq&m=105163376015735&w=2",
"name" : "20030429 Oracle Database Server Buffer Overflow Vulnerability (#NISR29042003)",
"refsource" : "NTBUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11885",
"name" : "oracle-database-link-bo(11885)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Stack-based buffer overflow in Oracle Net Services for Oracle Database Server 9i release 2 and earlier allows attackers to execute arbitrary code via a \"CREATE DATABASE LINK\" query containing a connect string with a long USING parameter."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:database_server:7.3.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:database_server:7.3.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:database_server:8.0.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:database_server:8.1.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:database_server:8.1.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle8i:8.1.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle8i:8.1.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:9.0.1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:9.0.1.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:database_server:8.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:database_server:8.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:database_server:8.0.5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle8i:8.0x:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:9.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:9.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle8i:8.0.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:database_server:8.1.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:9.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:database_server:9.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:9.2.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:9.2.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle8i:8.1x:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:database_server:8.0.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle8i:8.1.7.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle8i:8.1.7.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle8i:8.1.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:database_server:8.0.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle8i:8.0.6.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:database_server:8.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:database_server:9.2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:9.0.1.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "SINGLE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 9.0
},
"severity" : "HIGH",
"exploitabilityScore" : 8.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-05-12T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0223",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A66",
"name" : "oval:org.mitre.oval:def:66",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-018",
"name" : "MS03-018",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting vulnerability (XSS) in the ASP function responsible for redirection in Microsoft Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to embed a URL containing script in a redirection message."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_information_server:4.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 6.8
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : true
}
},
"publishedDate" : "2003-06-09T04:00Z",
"lastModifiedDate" : "2020-11-23T19:49Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0224",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=ntbugtraq&m=105431767100944&w=2",
"name" : "20030530 NSFOCUS SA2003-05: Microsoft IIS ssinc.dll Over-long Filename Buffer Overflow Vulnerability",
"refsource" : "NTBUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A483",
"name" : "oval:org.mitre.oval:def:483",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-018",
"name" : "MS03-018",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in ssinc.dll for Microsoft Internet Information Services (IIS) 5.0 allows local users to execute arbitrary code via a web page with a Server Side Include (SSI) directive with a long filename, aka \"Server Side Include Web Pages Buffer Overrun.\""
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-09T04:00Z",
"lastModifiedDate" : "2018-10-30T16:25Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0225",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.aqtronix.com/Advisories/AQ-2003-01.txt",
"name" : "http://www.aqtronix.com/Advisories/AQ-2003-01.txt",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=ntbugtraq&m=105110606122772&w=2",
"name" : "20030418 Microsoft Active Server Pages DoS",
"refsource" : "NTBUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A373",
"name" : "oval:org.mitre.oval:def:373",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-018",
"name" : "MS03-018",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The ASP function Response.AddHeader in Microsoft Internet Information Server (IIS) 4.0 and 5.0 does not limit memory requests when constructing headers, which allow remote attackers to generate a large header to cause a denial of service (memory consumption) with an ASP page."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_information_server:4.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-09T04:00Z",
"lastModifiedDate" : "2018-10-30T16:25Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0226",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-05/0308.html",
"name" : "20030528 Internet Information Services 5.0 Denial of service",
"refsource" : "BUGTRAQ",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.spidynamics.com/iis_alert.html",
"name" : "http://www.spidynamics.com/iis_alert.html",
"refsource" : "MISC",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105427362724860&w=2",
"name" : "20030529 IIS WEBDAV Denial of Service attacks",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=ntbugtraq&m=105421243732552&w=2",
"name" : "20030528 Internet Information Services 5.0 Denial of service",
"refsource" : "NTBUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A933",
"name" : "oval:org.mitre.oval:def:933",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-018",
"name" : "MS03-018",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Microsoft Internet Information Services (IIS) 5.0 and 5.1 allows remote attackers to cause a denial of service via a long WebDAV request with a (1) PROPFIND or (2) SEARCH method, which generates an error condition that is not properly handled."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-09T04:00Z",
"lastModifiedDate" : "2020-11-23T19:49Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0227",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-119"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=ntbugtraq&m=105421127531558&w=2",
"name" : "20030528 Re: Alert: MS03-019, Microsoft... wrong, again.",
"refsource" : "NTBUGTRAQ",
"tags" : [ "Issue Tracking", "Third Party Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105427615626177&w=2",
"name" : "20030528 RE: Alert: MS03-019, Microsoft... wrong, again.",
"refsource" : "BUGTRAQ",
"tags" : [ "Issue Tracking", "Third Party Advisory" ]
}, {
"url" : "http://marc.info/?l=ntbugtraq&m=105421176432011&w=2",
"name" : "20030528 MS03-019: DoS or Code of Choice",
"refsource" : "NTBUGTRAQ",
"tags" : [ "Issue Tracking", "Third Party Advisory" ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A966",
"name" : "oval:org.mitre.oval:def:966",
"refsource" : "OVAL",
"tags" : [ "Third Party Advisory" ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A936",
"name" : "oval:org.mitre.oval:def:936",
"refsource" : "OVAL",
"tags" : [ "Third Party Advisory" ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-019",
"name" : "MS03-019",
"refsource" : "MS",
"tags" : [ "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The logging capability for unicast and multicast transmissions in the ISAPI extension for Microsoft Windows Media Services in Microsoft Windows NT 4.0 and 2000, nsiislog.dll, allows remote attackers to cause a denial of service in Internet Information Server (IIS) and execute arbitrary code via a certain network request."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:-:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-09T04:00Z",
"lastModifiedDate" : "2020-11-13T16:30Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0228",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/7517",
"name" : "7517",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/384932",
"name" : "VU#384932",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105240528419389&w=2",
"name" : "20030508 why i love xs4all + mediaplayer thingie",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105232913516488&w=2",
"name" : "20030507 Windows Media Player directory traversal vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=ntbugtraq&m=105233960728901&w=2",
"name" : "20030507 Windows Media Player directory traversal vulnerability",
"refsource" : "NTBUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11953",
"name" : "mediaplayer-skin-code-execution(11953)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A321",
"name" : "oval:org.mitre.oval:def:321",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-017",
"name" : "MS03-017",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Directory traversal vulnerability in Microsoft Windows Media Player 7.1 and Windows Media Player for Windows XP allows remote attackers to execute arbitrary code via a skins file with a URL containing hex-encoded backslash characters (%5C) that causes an executable to be placed in an arbitrary location."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:windows_media_player:7.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:windows_media_player:-:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-05-27T04:00Z",
"lastModifiedDate" : "2018-10-30T16:25Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0230",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-264"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.kb.cert.org/vuls/id/556356",
"name" : "VU#556356",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A235",
"name" : "oval:org.mitre.oval:def:235",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-031",
"name" : "MS03-031",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Microsoft SQL Server 7, 2000, and MSDE allows local users to gain privileges by hijacking a named pipe during the authentication of another user, aka the \"Named Pipe Hijacking\" vulnerability."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:sql_server:2000:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:sql_server:2000:*:desktop_engine:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:sql_server:7.0:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:sql_server:7.0:sp4:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:sql_server:2000:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:sql_server:2000:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:sql_server:2000:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:sql_server:2000:sp3a:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:sql_server:7.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:data_engine:1.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:sql_server:7.0:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:sql_server:7.0:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2018-10-12T21:32Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0231",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.atstake.com/research/advisories/2003/a072303-2.txt",
"name" : "A072303-2",
"refsource" : "ATSTAKE",
"tags" : [ ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/918652",
"name" : "VU#918652",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A299",
"name" : "oval:org.mitre.oval:def:299",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-031",
"name" : "MS03-031",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenticated users to cause a denial of service (crash or hang) via a long request to a named pipe."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:sql_server:2000:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:sql_server:2000:sp3a:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:data_engine:1.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:sql_server:7.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:sql_server:7.0:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:sql_server:2000:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:sql_server:2000:*:desktop_engine:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:sql_server:7.0:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:sql_server:7.0:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:sql_server:2000:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:sql_server:2000:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:sql_server:7.0:sp4:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2018-10-12T21:32Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0232",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.atstake.com/research/advisories/2003/a072303-3.txt",
"name" : "A072303-3",
"refsource" : "ATSTAKE",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/584868",
"name" : "VU#584868",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A303",
"name" : "oval:org.mitre.oval:def:303",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-031",
"name" : "MS03-031",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Microsoft SQL Server 7, 2000, and MSDE allows local users to execute arbitrary code via a certain request to the Local Procedure Calls (LPC) port that leads to a buffer overflow."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:data_engine:1.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:sql_server:2000:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:sql_server:2000:*:desktop_engine:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:sql_server:2000:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:sql_server:2000:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:sql_server:7.0:sp4:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:sql_server:7.0:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:sql_server:7.0:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:sql_server:2000:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:sql_server:2000:sp3a:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:sql_server:7.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:sql_server:7.0:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2018-10-12T21:32Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0233",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.iss.net/security_center/static/11854.php",
"name" : "ie-plugin-load-bo(11854)",
"refsource" : "XF",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105120164927952&w=2",
"name" : "20030424 Internet Explorer Plugin.ocx heap overflow (#NISR24042003)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1094",
"name" : "oval:org.mitre.oval:def:1094",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-015",
"name" : "MS03-015",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Heap-based buffer overflow in plugin.ocx for Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via the Load() method, a different vulnerability than CVE-2003-0115."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-05-12T04:00Z",
"lastModifiedDate" : "2018-10-12T21:32Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0235",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.coresecurity.com/common/showdoc.php?idx=315&idxseccion=10",
"name" : "http://www.coresecurity.com/common/showdoc.php?idx=315&idxseccion=10",
"refsource" : "MISC",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7461",
"name" : "7461",
"refsource" : "BID",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0051.html",
"name" : "20030505 CORE-2003-0303: Multiple Vulnerabilities in Mirabilis ICQ client",
"refsource" : "VULNWATCH",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105216842131995&w=2",
"name" : "20030505 CORE-2003-0303: Multiple Vulnerabilities in Mirabilis ICQ client",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11938",
"name" : "icq-pop3-format-string(11938)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Format string vulnerability in POP3 client for Mirabilis ICQ Pro 2003a allows remote malicious servers to execute arbitrary code via format strings in the response to a UIDL command."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2001b_build3638:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2001b_build3659:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2002a_build3722:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2001a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2001b_build3636:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mirabilis:icq:99a_2.15build1701:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mirabilis:icq:99a_2.21build1800:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2002a_build3727:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2003a_build3777:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2000.0a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2000.0b_build3278:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2003a_build3799:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2003a_build3800:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-05-27T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0236",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.coresecurity.com/common/showdoc.php?idx=315&idxseccion=10",
"name" : "http://www.coresecurity.com/common/showdoc.php?idx=315&idxseccion=10",
"refsource" : "MISC",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7462",
"name" : "7462",
"refsource" : "BID",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7463",
"name" : "7463",
"refsource" : "BID",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0051.html",
"name" : "20030505 CORE-2003-0303: Multiple Vulnerabilities in Mirabilis ICQ client",
"refsource" : "VULNWATCH",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105216842131995&w=2",
"name" : "20030505 CORE-2003-0303: Multiple Vulnerabilities in Mirabilis ICQ client",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11939",
"name" : "icq-pop3-email-bo(11939)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Integer signedness errors in the POP3 client for Mirabilis ICQ Pro 2003a allow remote attackers to execute arbitrary code via the (1) Subject or (2) Date headers."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2000.0a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2002a_build3727:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2003a_build3777:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2001b_build3659:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2002a_build3722:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2000.0b_build3278:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2001a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2003a_build3799:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2003a_build3800:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2001b_build3636:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2001b_build3638:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mirabilis:icq:99a_2.21build1800:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mirabilis:icq:99a_2.15build1701:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-05-27T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0237",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.coresecurity.com/common/showdoc.php?idx=315&idxseccion=10",
"name" : "http://www.coresecurity.com/common/showdoc.php?idx=315&idxseccion=10",
"refsource" : "MISC",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7464",
"name" : "7464",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0051.html",
"name" : "20030505 CORE-2003-0303: Multiple Vulnerabilities in Mirabilis ICQ client",
"refsource" : "VULNWATCH",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105216842131995&w=2",
"name" : "20030505 CORE-2003-0303: Multiple Vulnerabilities in Mirabilis ICQ client",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11944",
"name" : "icq-features-no-auth(11944)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The \"ICQ Features on Demand\" functionality for Mirabilis ICQ Pro 2003a does not properly verify the authenticity of software upgrades, which allows remote attackers to install arbitrary software via a spoofing attack."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2001a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2001b_build3636:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2003a_build3800:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mirabilis:icq:99a_2.15build1701:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2000.0a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2000.0b_build3278:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2003a_build3777:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2003a_build3799:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2001b_build3638:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2001b_build3659:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mirabilis:icq:99a_2.21build1800:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2002a_build3722:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2002a_build3727:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-05-27T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0238",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.coresecurity.com/common/showdoc.php?idx=315&idxseccion=10",
"name" : "http://www.coresecurity.com/common/showdoc.php?idx=315&idxseccion=10",
"refsource" : "MISC",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7465",
"name" : "7465",
"refsource" : "BID",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0051.html",
"name" : "20030505 CORE-2003-0303: Multiple Vulnerabilities in Mirabilis ICQ client",
"refsource" : "VULNWATCH",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105216842131995&w=2",
"name" : "20030505 CORE-2003-0303: Multiple Vulnerabilities in Mirabilis ICQ client",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11947",
"name" : "icq-table-tag-dos(11947)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The Message Session window in Mirabilis ICQ Pro 2003a allows remote attackers to cause a denial of service (CPU consumption) by spoofing the address of an ADS server and sending HTML with a -1 width in a table tag."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2001b_build3638:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2001b_build3659:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2001a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2001b_build3636:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mirabilis:icq:99a_2.15build1701:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mirabilis:icq:99a_2.21build1800:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2002a_build3722:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2002a_build3727:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2000.0a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2000.0b_build3278:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2003a_build3777:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2003a_build3799:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2003a_build3800:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-05-27T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0239",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.coresecurity.com/common/showdoc.php?idx=315&idxseccion=10",
"name" : "http://www.coresecurity.com/common/showdoc.php?idx=315&idxseccion=10",
"refsource" : "MISC",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7466",
"name" : "7466",
"refsource" : "BID",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0051.html",
"name" : "20030505 CORE-2003-0303: Multiple Vulnerabilities in Mirabilis ICQ client",
"refsource" : "VULNWATCH",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105216842131995&w=2",
"name" : "20030505 CORE-2003-0303: Multiple Vulnerabilities in Mirabilis ICQ client",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11948",
"name" : "icq-gif89a-header-dos(11948)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "icqateimg32.dll parsing/rendering library in Mirabilis ICQ Pro 2003a allows remote attackers to cause a denial of service via malformed GIF89a headers that do not contain a GCT (Global Color Table) or an LCT (Local Color Table) after an Image Descriptor."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2000.0a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2002a_build3727:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2003a_build3777:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2001b_build3659:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2002a_build3722:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2000.0b_build3278:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2001a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2003a_build3799:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2003a_build3800:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2001b_build3636:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2001b_build3638:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mirabilis:icq:99a_2.21build1800:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mirabilis:icq:99a_2.15build1701:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-05-27T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0240",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.kb.cert.org/vuls/id/799060",
"name" : "VU#799060",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://www.securityfocus.com/bid/7652",
"name" : "7652",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://securitytracker.com/id?1006854",
"name" : "1006854",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/8876",
"name" : "8876",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://www.coresecurity.com/common/showdoc.php?idx=329&idxseccion=10",
"name" : "http://www.coresecurity.com/common/showdoc.php?idx=329&idxseccion=10",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/4804",
"name" : "4804",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105406374731579&w=2",
"name" : "20030527 CORE-2003-0403: Axis Network Camera HTTP Authentication Bypass",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12104",
"name" : "axis-admin-authentication-bypass(12104)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The web-based administration capability for various Axis Network Camera products allows remote attackers to bypass access restrictions and modify configuration via an HTTP request to the admin/admin.shtml containing a leading // (double slash)."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:axis:2110_network_camera:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "2.32",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:axis:2120_network_camera:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "2.32",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:axis:2100_network_camera:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "2.32",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:axis:250s_video_server:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "3.02",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:axis:2130_ptz_network_camera:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "2.32",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:axis:2400_video_server:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "2.32",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:axis:2401_video_server:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "2.32",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:axis:2420_network_camera:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "2.32",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:axis:2460_network_dvr:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "3.00",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-09T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0241",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0091.html",
"name" : "20030528 SECNAP Security Advisory: Invalid HTML processing in GoldMine(tm)",
"refsource" : "VULNWATCH",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.secnap.net/security/gm001.html",
"name" : "http://www.secnap.net/security/gm001.html",
"refsource" : "MISC",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "FrontRange GoldMine mail agent 5.70 and 6.00 before 30503 directly sends HTML to the default browser without setting its security zone or otherwise labeling it untrusted, which allows remote attackers to execute arbitrary code via a message that is rendered in IE using a less secure zone."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:frontrange:goldmine:5.70:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:frontrange:goldmine:6.00:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-09T04:00Z",
"lastModifiedDate" : "2008-09-05T20:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0242",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-noinfo"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://docs.info.apple.com/article.html?artnum=61798",
"name" : "http://docs.info.apple.com/article.html?artnum=61798",
"refsource" : "CONFIRM",
"tags" : [ "Broken Link" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/869548",
"name" : "VU#869548",
"refsource" : "CERT-VN",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.securityfocus.com/bid/7628",
"name" : "7628",
"refsource" : "BID",
"tags" : [ "Third Party Advisory", "VDB Entry" ]
}, {
"url" : "http://securitytracker.com/id?1006796",
"name" : "1006796",
"refsource" : "SECTRACK",
"tags" : [ "Third Party Advisory", "VDB Entry" ]
}, {
"url" : "http://secunia.com/advisories/8798",
"name" : "8798",
"refsource" : "SECUNIA",
"tags" : [ "Third Party Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12027",
"name" : "macos-ipsec-acl-bypass(12027)",
"refsource" : "XF",
"tags" : [ "Third Party Advisory", "VDB Entry" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "IPSec in Mac OS X before 10.2.6 does not properly handle certain incoming security policies that match by port, which could allow traffic that is not explicitly allowed by the policies."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"versionEndExcluding" : "10.2.6",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-09T04:00Z",
"lastModifiedDate" : "2020-12-09T15:06Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0243",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0058.html",
"name" : "20030507 Happymall E-Commerce Remote Command Execution",
"refsource" : "VULNWATCH",
"tags" : [ ]
}, {
"url" : "http://securitytracker.com/id?1006707",
"name" : "1006707",
"refsource" : "SECTRACK",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Happycgi.com Happymall 4.3 and 4.4 allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter for the (1) normal_html.cgi or (2) member_html.cgi scripts."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:happycgi:happymall:4.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:happycgi:happymall:4.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-05-27T04:00Z",
"lastModifiedDate" : "2008-09-10T19:18Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0244",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-145.html",
"name" : "RHSA-2003:145",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-311",
"name" : "DSA-311",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0073.html",
"name" : "20030517 Algorithmic Complexity Attacks and the Linux Networking Code",
"refsource" : "VULNWATCH",
"tags" : [ ]
}, {
"url" : "http://www.enyo.de/fw/security/notes/linux-dst-cache-dos.html",
"name" : "http://www.enyo.de/fw/security/notes/linux-dst-cache-dos.html",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-147.html",
"name" : "RHSA-2003:147",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-172.html",
"name" : "RHSA-2003:172",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-312",
"name" : "DSA-312",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-332",
"name" : "DSA-332",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-336",
"name" : "DSA-336",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2004/dsa-442",
"name" : "DSA-442",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/7601",
"name" : "7601",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.secunia.com/advisories/8786/",
"name" : "8786",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:066",
"name" : "MDKSA-2003:066",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:074",
"name" : "MDKSA-2003:074",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=linux-kernel&m=104956079213417",
"name" : "http://marc.info/?l=linux-kernel&m=104956079213417",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105595901923063&w=2",
"name" : "20030618 [slackware-security] 2.4.21 kernels available (SSA:2003-168-01)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105301461726555&w=2",
"name" : "ESA-20030515-017",
"refsource" : "ENGARDE",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15382",
"name" : "data-algorithmic-complexity-dos(15382)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A261",
"name" : "oval:org.mitre.oval:def:261",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The route cache implementation in Linux 2.4, and the Netfilter IP conntrack module, allows remote attackers to cause a denial of service (CPU consumption) via packets with forged source addresses that cause a large number of hash table collisions."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-05-27T04:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0245",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.apache.org/dist/httpd/Announcement2.html",
"name" : "http://www.apache.org/dist/httpd/Announcement2.html",
"refsource" : "CONFIRM",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-186.html",
"name" : "RHSA-2003:186",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/757612",
"name" : "VU#757612",
"refsource" : "CERT-VN",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0095.html",
"name" : "20030530 iDEFENSE Security Advisory 05.30.03: Apache Portable Runtime Denial of Service and Arbitrary Code Execution Vulnerability",
"refsource" : "VULNWATCH",
"tags" : [ ]
}, {
"url" : "http://www.idefense.com/advisory/05.30.03.txt",
"name" : "http://www.idefense.com/advisory/05.30.03.txt",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/7723",
"name" : "7723",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000661",
"name" : "CLA-2003:661",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:063",
"name" : "MDKSA-2003:063",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105418115512559&w=2",
"name" : "20030528 [SECURITY] [ANNOUNCE] Apache 2.0.46 released",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12090",
"name" : "apache-aprpsprintf-code-execution(12090)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r7035b7c9091c4b665a3b7205364775410646f12125d48e74e395f2ce@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1888194 [2/13] - /httpd/site/trunk/content/security/json/",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/re028d61fe612b0908595d658b9b39e74bca56f2a1ed3c5f06b5ab571@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073139 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/raa117ef183f0da9b3f46efbeaa66f7622bd68868a450cae4fd8ed594@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073149 [3/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/",
"refsource" : "MLIST",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.40:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.41:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.38:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.39:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.42:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.43:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.37:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.44:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.45:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-09T04:00Z",
"lastModifiedDate" : "2021-06-06T11:15Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0246",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-172.html",
"name" : "RHSA-2003:172",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-311",
"name" : "DSA-311",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-147.html",
"name" : "RHSA-2003:147",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-312",
"name" : "DSA-312",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-332",
"name" : "DSA-332",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-336",
"name" : "DSA-336",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2004/dsa-442",
"name" : "DSA-442",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.turbolinux.com/security/TLSA-2003-41.txt",
"name" : "TLSA-2003-41",
"refsource" : "TURBO",
"tags" : [ ]
}, {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0076.html",
"name" : "20030520 Linux 2.4 kernel ioperm vuln",
"refsource" : "VULNWATCH",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:066",
"name" : "MDKSA-2003:066",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:074",
"name" : "MDKSA-2003:074",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105301461726555&w=2",
"name" : "ESA-20030515-017",
"refsource" : "ENGARDE",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A278",
"name" : "oval:org.mitre.oval:def:278",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The ioperm system call in Linux kernel 2.4.20 and earlier does not properly restrict privileges, which allows local users to gain read or write access to certain I/O ports."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.19:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.13:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.16:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.17:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.20:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.12:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.35:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.12:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.27:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.13:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.34:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.65:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.59:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.42:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.58:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.36:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.43:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.28:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.50:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.66:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.15:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.29:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.54:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.68:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.21:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.47:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.62:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.51:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.14:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.67:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.24:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.17:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.16:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.23:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.39:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.30:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.60:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.45:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.22:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.25:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.19:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.61:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.46:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.14:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.52:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.18:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.44:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.37:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.15:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.38:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.31:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.53:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.20:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.69:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.40:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.64:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.48:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.32:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.56:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.55:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.41:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.33:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.57:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.26:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.63:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.49:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 3.6
},
"severity" : "LOW",
"exploitabilityScore" : 3.9,
"impactScore" : 4.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-16T04:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0247",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-187.html",
"name" : "RHSA-2003:187",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-311",
"name" : "DSA-311",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-195.html",
"name" : "RHSA-2003:195",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-198.html",
"name" : "RHSA-2003:198",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-312",
"name" : "DSA-312",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-332",
"name" : "DSA-332",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-336",
"name" : "DSA-336",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2004/dsa-442",
"name" : "DSA-442",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.turbolinux.com/security/TLSA-2003-41.txt",
"name" : "TLSA-2003-41",
"refsource" : "TURBO",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:066",
"name" : "MDKSA-2003:066",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:074",
"name" : "MDKSA-2003:074",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A284",
"name" : "oval:org.mitre.oval:def:284",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unknown vulnerability in the TTY layer of the Linux kernel 2.4 allows attackers to cause a denial of service (\"kernel oops\")."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:linux:7.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:linux:8.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:linux:9.0:*:i386:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-16T04:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0248",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-187.html",
"name" : "RHSA-2003:187",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-311",
"name" : "DSA-311",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-195.html",
"name" : "RHSA-2003:195",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-312",
"name" : "DSA-312",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-332",
"name" : "DSA-332",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-336",
"name" : "DSA-336",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2004/dsa-442",
"name" : "DSA-442",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.turbolinux.com/security/TLSA-2003-41.txt",
"name" : "TLSA-2003-41",
"refsource" : "TURBO",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:066",
"name" : "MDKSA-2003:066",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:074",
"name" : "MDKSA-2003:074",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A292",
"name" : "oval:org.mitre.oval:def:292",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU state registers via a malformed address."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:linux:8.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:linux:9.0:*:i386:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:linux:7.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-16T04:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0249",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=97",
"name" : "20030625 PHP/Apache .htaccess Authentication Bypass Vulnerability",
"refsource" : "IDEFENSE",
"tags" : [ "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "** DISPUTED ** PHP treats unknown methods such as \"PoSt\" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying \"It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report.\""
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php:php:4.4.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0251",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-173.html",
"name" : "RHSA-2003:173",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F55600&zone_32=category%3Asecurity",
"name" : "55600",
"refsource" : "SUNALERT",
"tags" : [ ]
}, {
"url" : "http://www.turbolinux.com/security/TLSA-2003-43.txt",
"name" : "TLSA-2003-43",
"refsource" : "TURBO",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/8031",
"name" : "8031",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://securitytracker.com/id?1016517",
"name" : "1016517",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/21112",
"name" : "21112",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-201.html",
"name" : "RHSA-2003:201",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:072",
"name" : "MDKSA-2003:072",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://www.vupen.com/english/advisories/2006/2873",
"name" : "ADV-2006-2873",
"refsource" : "VUPEN",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A667",
"name" : "oval:org.mitre.oval:def:667",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/440454/100/0/threaded",
"name" : "HPSBTU02132",
"refsource" : "HP",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "ypserv NIS server before 2.7 allows remote attackers to cause a denial of service via a TCP client request that does not respond to the server, which causes ypserv to block."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:nis:ypserv_nis_server:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "2.7",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-07-24T04:00Z",
"lastModifiedDate" : "2018-10-19T15:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0252",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0023.html",
"name" : "20030714 Linux nfs-utils xlog() off-by-one bug",
"refsource" : "VULNWATCH",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0024.html",
"name" : "20030714 Reality of the rpc.mountd bug",
"refsource" : "VULNWATCH",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://isec.pl/vulnerabilities/isec-0010-linux-nfs-utils.txt",
"name" : "http://isec.pl/vulnerabilities/isec-0010-linux-nfs-utils.txt",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-349",
"name" : "DSA-349",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-206.html",
"name" : "RHSA-2003:206",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-207.html",
"name" : "RHSA-2003:207",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.novell.com/linux/security/advisories/2003_031_nfs_utils.html",
"name" : "SuSE-SA:2003:031",
"refsource" : "SUSE",
"tags" : [ ]
}, {
"url" : "http://www.turbolinux.com/security/TLSA-2003-44.txt",
"name" : "TLSA-2003-44",
"refsource" : "TURBO",
"tags" : [ ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/258564",
"name" : "VU#258564",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://www.securityfocus.com/bid/8179",
"name" : "8179",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://securitytracker.com/id?1007187",
"name" : "1007187",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/9259",
"name" : "9259",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:076",
"name" : "MDKSA-2003:076",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1001262.1-1",
"name" : "1001262",
"refsource" : "SUNALERT",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105839032403325&w=2",
"name" : "20030716 Immunix Secured OS 7+ nfs-utils update -- bugtraq",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105830921519513&w=2",
"name" : "20030715 [slackware-security] nfs-utils packages replaced (SSA:2003-195-01b)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105820223707191&w=2",
"name" : "20030714 Linux nfs-utils xlog() off-by-one bug",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12600",
"name" : "nfs-utils-offbyone-bo(12600)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A443",
"name" : "oval:org.mitre.oval:def:443",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Off-by-one error in the xlog function of mountd in the Linux NFS utils package (nfs-utils) before 1.0.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain RPC requests to mountd that do not contain newlines."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:nfs:nfs-utils:0.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:nfs:nfs-utils:0.3.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:nfs:nfs-utils:1.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:nfs:nfs-utils:1.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:nfs:nfs-utils:0.3.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:nfs:nfs-utils:1.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:nfs:nfs-utils:0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-18T04:00Z",
"lastModifiedDate" : "2018-05-03T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0253",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-240.html",
"name" : "RHSA-2003:240",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:075",
"name" : "MDKSA-2003:075",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105776593602600&w=2",
"name" : "20030709 [ANNOUNCE][SECURITY] Apache 2.0.47 released",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A173",
"name" : "oval:org.mitre.oval:def:173",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/re028d61fe612b0908595d658b9b39e74bca56f2a1ed3c5f06b5ab571@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073139 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r7035b7c9091c4b665a3b7205364775410646f12125d48e74e395f2ce@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1888194 [2/13] - /httpd/site/trunk/content/security/json/",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/raa117ef183f0da9b3f46efbeaa66f7622bd68868a450cae4fd8ed594@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073149 [3/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/",
"refsource" : "MLIST",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.28:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.32:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.42:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.43:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.37:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.38:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.39:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.46:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.35:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.36:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.44:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.41:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.45:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.40:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-18T04:00Z",
"lastModifiedDate" : "2021-06-06T11:15Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0254",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-240.html",
"name" : "RHSA-2003:240",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:075",
"name" : "MDKSA-2003:075",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105776593602600&w=2",
"name" : "20030709 [ANNOUNCE][SECURITY] Apache 2.0.47 released",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A183",
"name" : "oval:org.mitre.oval:def:183",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/re028d61fe612b0908595d658b9b39e74bca56f2a1ed3c5f06b5ab571@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073139 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r7035b7c9091c4b665a3b7205364775410646f12125d48e74e395f2ce@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1888194 [2/13] - /httpd/site/trunk/content/security/json/",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/raa117ef183f0da9b3f46efbeaa66f7622bd68868a450cae4fd8ed594@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073149 [3/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/",
"refsource" : "MLIST",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers to cause a denial of service (CPU consumption by infinite loop) when the FTP proxy server fails to create an IPv6 socket."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.32:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.35:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.42:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.43:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.38:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.39:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.36:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.37:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.44:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.45:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.46:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.41:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.40:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.28:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-18T04:00Z",
"lastModifiedDate" : "2021-06-06T11:15Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0255",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-175.html",
"name" : "RHSA-2003:175",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-176.html",
"name" : "RHSA-2003:176",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/397604",
"name" : "VU#397604",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://www.securityfocus.com/bid/7497",
"name" : "7497",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/4947",
"name" : "4947",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://www.turbolinux.com/security/TLSA-2003-34.txt",
"name" : "TLSA200334",
"refsource" : "TURBO",
"tags" : [ ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000694",
"name" : "CLA-2003:694",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://www.linuxsecurity.com/advisories/gentoo_advisory-3266.html",
"name" : "http://www.linuxsecurity.com/advisories/gentoo_advisory-3266.html",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.linuxsecurity.com/advisories/engarde_advisory-3258.html",
"name" : "20030515-016",
"refsource" : "ENGARDE",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:061",
"name" : "MDKSA-2003:061",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105301357425157&w=2",
"name" : "ESA-20030515-016",
"refsource" : "ENGARDE",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105311804129104&w=2",
"name" : "20030516 [OpenPKG-SA-2003.029] OpenPKG Security Advisory (gnupg)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105215110111174&w=2",
"name" : "20030504 Key validity bug in GnuPG 1.2.1 and earlier",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105362224514081&w=2",
"name" : "20030522 [slackware-security] GnuPG key validation fix (SSA:2003-141-04)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11930",
"name" : "gnupg-invalid-key-acceptance(11930)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A135",
"name" : "oval:org.mitre.oval:def:135",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The key validation code in GnuPG before 1.2.2 does not properly determine the validity of keys with multiple user IDs and assigns the greatest validity of the most valid user ID, which prevents GnuPG from warning the encrypting user when a user ID does not have a trusted path."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:privacy_guard:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "1.2.1",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-05-27T04:00Z",
"lastModifiedDate" : "2018-05-03T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0256",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000665",
"name" : "CLA-2003:665",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://kopete.kde.org/index.php?page=newsstory&news=Kopete_releases_version_0.6.2",
"name" : "http://kopete.kde.org/index.php?page=newsstory&news=Kopete_releases_version_0.6.2",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:055",
"name" : "MDKSA-2003:055",
"refsource" : "MANDRAKE",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The GnuPG plugin in kopete before 0.6.2 does not properly cleanse the command line when executing gpg, which allows remote attackers to execute arbitrary commands."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:kde:kopete:0.6.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-05-27T04:00Z",
"lastModifiedDate" : "2008-09-10T19:18Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0257",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www-1.ibm.com/services/continuity/recover1.nsf/MSS/MSS-OAR-E01-2003.0660.1",
"name" : "MSS-OAR-E01-2003:0660.1",
"refsource" : "IBM",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12000",
"name" : "aix-print-format-string(12000)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Format string vulnerability in the printer capability for IBM AIX .3, 5.1, and 5.2 allows local users to gain printq or root privileges."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:ibm:aix:4.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:ibm:aix:4.3.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:ibm:aix:5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:ibm:aix:4.3.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:ibm:aix:4.3.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-04-15T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0258",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.cisco.com/warp/public/707/cisco-sa-20030507-vpn3k.shtml",
"name" : "20030507 Cisco VPN 3000 Concentrator Vulnerabilities",
"refsource" : "CISCO",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/727780",
"name" : "VU#727780",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11954",
"name" : "cisco-vpn-unauth-access(11954)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 3.5.x through 4.0.REL, when enabling IPSec over TCP for a port on the concentrator, allow remote attackers to reach the private network without authentication."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "AND",
"children" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:cisco:vpn_3015_concentrator:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:cisco:vpn_3030_concentator:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7.a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7.b:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5\\(rel\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:4.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:cisco:vpn_3060_concentrator:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:cisco:vpn_3080_concentrator:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7.c:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7d:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:vpn_3005_concentrator_software:4.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7.d:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cisco:vpn_3002_hardware_client:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ],
"cpe_match" : [ ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-05-27T04:00Z",
"lastModifiedDate" : "2018-10-30T16:26Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0259",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.cisco.com/warp/public/707/cisco-sa-20030507-vpn3k.shtml",
"name" : "20030507 Cisco VPN 3000 Concentrator Vulnerabilities",
"refsource" : "CISCO",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/317348",
"name" : "VU#317348",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11955",
"name" : "cisco-vpn-ssh-dos(11955)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 2.x.x through 3.6.7 allows remote attackers to cause a denial of service (reload) via a malformed SSH initialization packet."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "AND",
"children" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.5.2.c:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.5.2.d:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.1\\(rel\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7.a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7.b:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:cisco:vpn_3060_concentrator:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:cisco:vpn_3080_concentrator:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.0.3.a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:cisco:vpn_3015_concentrator:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:cisco:vpn_3030_concentator:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.5.2.b:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.5.2.f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7.c:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7d:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.1.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5\\(rel\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.5.2.a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.0.3.b:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7.d:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.0.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cisco:vpn_3002_hardware_client:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ],
"cpe_match" : [ ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-05-27T04:00Z",
"lastModifiedDate" : "2018-10-30T16:26Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0260",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.cisco.com/warp/public/707/cisco-sa-20030507-vpn3k.shtml",
"name" : "20030507 Cisco VPN 3000 Concentrator Vulnerabilities",
"refsource" : "CISCO",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/221164",
"name" : "VU#221164",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11956",
"name" : "cisco-vpn-icmp-dos(11956)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 2.x.x through 3.6.7A allow remote attackers to cause a denial of service (slowdown and possibly reload) via a flood of malformed ICMP packets."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "AND",
"children" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:cisco:vpn_3060_concentrator:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:cisco:vpn_3080_concentrator:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.0.3.a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5\\(rel\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:cisco:vpn_3015_concentrator:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:cisco:vpn_3030_concentator:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.5.2.d:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.5.2.b:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.5.2.c:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.5.2.f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.5.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.1\\(rel\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.1.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:2.5.2.a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.0.3.b:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.0.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:vpn_3000_concentrator_series_software:3.6.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cisco:vpn_3002_hardware_client:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ],
"cpe_match" : [ ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-05-27T04:00Z",
"lastModifiedDate" : "2018-10-30T16:26Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0261",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-302",
"name" : "DSA-302",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "fuzz 0.6 and earlier creates temporary files insecurely, which could allow local users to gain root privileges."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fuzz:fuzz:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "0.6",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-05-27T04:00Z",
"lastModifiedDate" : "2008-09-10T19:18Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0262",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-299",
"name" : "DSA-299",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7505",
"name" : "7505",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11945",
"name" : "kataxwr-gain-privileges(11945)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "leksbot 1.2.3 in Debian GNU/Linux installs the KATAXWR as setuid root, which allows local users to gain root privileges by exploiting unknown vulnerabilities related to the escalated privileges, which KATAXWR is not designed to have."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:leksbot:leksbot:1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-05-27T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0263",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/7506",
"name" : "7506",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7508",
"name" : "7508",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0052.html",
"name" : "20030506 Multiple Buffer Overflow Vulnerabilities Found in FTGate Pro Mail Server v. 1.22 (1328)",
"refsource" : "VULNWATCH",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105223471822836&w=2",
"name" : "20030506 Multiple Buffer Overflow Vulnerabilities Found in FTGate Pro Mail Server v. 1.22 (1328)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11951",
"name" : "ftgate-mailfrom-rcptto-bo(11951)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple buffer overflows in Floosietek FTGate Pro Mail Server (FTGatePro) 1.22 allow remote attackers to execute arbitrary code via long (1) MAIL FROM or (2) RCPT TO commands."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:floosietek:ftgatepro:1.22_1328:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-05-27T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0264",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.nextgenss.com/advisories/slmail-vulns.txt",
"name" : "http://www.nextgenss.com/advisories/slmail-vulns.txt",
"refsource" : "MISC",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105232506011335&w=2",
"name" : "20030507 Multiple Buffer Overflow Vulnerabilities in SLMail (#NISR07052003A)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=ntbugtraq&m=105233360321895&w=2",
"name" : "20030507 Multiple Buffer Overflow Vulnerabilities in SLMail (#NISR07052003A)",
"refsource" : "NTBUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://packetstormsecurity.com/files/161526/SLMail-5.1.0.4420-Remote-Code-Execution.html",
"name" : "http://packetstormsecurity.com/files/161526/SLMail-5.1.0.4420-Remote-Code-Execution.html",
"refsource" : "MISC",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple buffer overflows in SLMail 5.1.0.4420 allows remote attackers to execute arbitrary code via (1) a long EHLO argument to slmail.exe, (2) a long XTRN argument to slmail.exe, (3) a long string to POPPASSWD, or (4) a long password to the POP3 server."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:seattle_lab_software:slmail:5.1.0.4420:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-05-27T04:00Z",
"lastModifiedDate" : "2021-02-24T17:15Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0265",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/7421",
"name" : "7421",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105232424810097&w=2",
"name" : "20030507 SAP database local root vulnerability during installation. (fwd)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Race condition in SDBINST for SAP database 7.3.0.29 creates critical files with world-writable permissions before initializing the setuid bits, which allows local attackers to gain root privileges by modifying the files before the permissions are changed."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sap:sap_db:7.4.3.7_beta:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sap:sap_db:7.3.29:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "HIGH",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 6.2
},
"severity" : "MEDIUM",
"exploitabilityScore" : 1.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-05-27T04:00Z",
"lastModifiedDate" : "2016-10-18T02:31Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0266",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.nextgenss.com/advisories/slwebmail-vulns.txt",
"name" : "http://www.nextgenss.com/advisories/slwebmail-vulns.txt",
"refsource" : "MISC",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=ntbugtraq&m=105233363721919&w=2",
"name" : "20030507 Multiple Vulnerabilities in SLWebmail",
"refsource" : "NTBUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105232436210273&w=2",
"name" : "20030507 Multiple Vulnerabilities in SLWebmail",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple buffer overflows in SLWebMail 3 on Windows systems allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a long Language parameter to showlogin.dll, (2) a long CompanyID parameter to recman.dll, (3) a long CompanyID parameter to admin.dll, or (4) a long CompanyID parameter to globallogin.dll."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bvrp_software:slwebmail:3.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-05-27T04:00Z",
"lastModifiedDate" : "2016-10-18T02:31Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0267",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.nextgenss.com/advisories/slwebmail-vulns.txt",
"name" : "http://www.nextgenss.com/advisories/slwebmail-vulns.txt",
"refsource" : "MISC",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=ntbugtraq&m=105233363721919&w=2",
"name" : "20030507 Multiple Vulnerabilities in SLWebmail",
"refsource" : "NTBUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105232436210273&w=2",
"name" : "20030507 Multiple Vulnerabilities in SLWebmail",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "ShowGodLog.dll in SLWebMail 3 on Windows systems allows remote attackers to read arbitrary files by directly calling ShowGodLog.dll with an argument specifying the full path of the target file."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bvrp_software:slwebmail:3.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-05-27T04:00Z",
"lastModifiedDate" : "2016-10-18T02:31Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0268",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.nextgenss.com/advisories/slwebmail-vulns.txt",
"name" : "http://www.nextgenss.com/advisories/slwebmail-vulns.txt",
"refsource" : "MISC",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=ntbugtraq&m=105233363721919&w=2",
"name" : "20030507 Multiple Vulnerabilities in SLWebmail",
"refsource" : "NTBUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105232436210273&w=2",
"name" : "20030507 Multiple Vulnerabilities in SLWebmail",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "SLWebMail 3 on Windows systems allows remote attackers to identify the full path of the server via invalid requests to DLLs such as WebMailReq.dll, which reveals the path in an error message."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bvrp_software:slwebmail:3.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-05-27T04:00Z",
"lastModifiedDate" : "2016-10-18T02:31Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0269",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/7503",
"name" : "7503",
"refsource" : "BID",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0053.html",
"name" : "20030506 youbin local root exploit + advisory",
"refsource" : "VULNWATCH",
"tags" : [ ]
}, {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-May/004892.html",
"name" : "20030506 youbin local root exploit + advisory",
"refsource" : "FULLDISC",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105223947528794&w=2",
"name" : "20030506 youbin local root exploit + advisory",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11949",
"name" : "youbin-home-bo(11949)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in youbin allows local users to gain privileges via a long HOME environment variable."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:youbin:youbin:3.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:youbin:youbin:2.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:youbin:youbin:3.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-05-27T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0270",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.atstake.com/research/advisories/2003/a051203-1.txt",
"name" : "A051203-1",
"refsource" : "ATSTAKE",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7554",
"name" : "7554",
"refsource" : "BID",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://securitytracker.com/id?1006742",
"name" : "1006742",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/8773",
"name" : "8773",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11980",
"name" : "airport-auth-credentials-disclosure(11980)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The administration capability for Apple AirPort 802.11 wireless access point devices uses weak encryption (XOR with a fixed key) for protecting authentication credentials, which could allow remote attackers to obtain administrative access via sniffing when the capability is available via Ethernet or non-WEP connections."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:apple:802.11n:7.3.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "HIGH",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.6
},
"severity" : "HIGH",
"exploitabilityScore" : 4.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-16T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0271",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/316958",
"name" : "20030331 Personal FTP Server",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://security.nnov.ru/search/document.asp?docid=4309",
"name" : "http://security.nnov.ru/search/document.asp?docid=4309",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105240469318622&w=2",
"name" : "20030508 Remote Stack Overflow exploit for Personal FTPD",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in Personal FTP Server allows remote attackers to execute arbitrary code via a long USER argument."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cooolsoft:personal_ftp_server:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-05-27T04:00Z",
"lastModifiedDate" : "2016-10-18T02:31Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0272",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.frog-man.org/tutos/miniPortail.txt",
"name" : "http://www.frog-man.org/tutos/miniPortail.txt",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105240907024660&w=2",
"name" : "20030508 miniPortail (PHP) : Admin Access",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "admin.php in miniPortail allows remote attackers to gain administrative privileges by setting the miniPortailAdmin cookie to an \"adminok\" value."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:miniportal:miniportal:2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:miniportal:miniportal:1.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:miniportal:miniportal:2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:miniportal:miniportal:2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-05-27T04:00Z",
"lastModifiedDate" : "2016-10-18T02:31Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0273",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://lists.fsck.com/pipermail/rt-announce/2003-May/000071.html",
"name" : "http://lists.fsck.com/pipermail/rt-announce/2003-May/000071.html",
"refsource" : "CONFIRM",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105240947225275&w=2",
"name" : "20030508 Fw: [rt-users] [rt-announce] RT 1.0.7 vulnerable to Cross Site Scripting attacks",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in the web interface for Request Tracker (RT) 1.0 through 1.0.7 allows remote attackers to execute script via message bodies."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:best_practical_solutions:request_tracker:1.0.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:best_practical_solutions:request_tracker:1.0.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:best_practical_solutions:request_tracker:1.0.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:best_practical_solutions:request_tracker:1.0.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:best_practical_solutions:request_tracker:1.0.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:best_practical_solutions:request_tracker:1.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:best_practical_solutions:request_tracker:1.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:best_practical_solutions:request_tracker:1.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 6.8
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-05-27T04:00Z",
"lastModifiedDate" : "2016-10-18T02:31Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0274",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=105241224228693&w=2",
"name" : "20030508 SRT2003-05-08-1137 - ListProc mailing list ULISTPROC_UMASK overflow",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in catmail for ListProc 8.2.09 and earlier allows remote attackers to execute arbitrary code via a long ULISTPROC_UMASK value."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cren:listproc:8.2.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-05-27T04:00Z",
"lastModifiedDate" : "2016-10-18T02:31Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0275",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=105249980809988&w=2",
"name" : "20030509 II-Labs Advisory: Remote code execution in YaBBse 1.5.2 (php version)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "SSI.php in YaBB SE 1.5.2 allows remote attackers to execute arbitrary PHP code by modifying the sourcedir parameter to reference a URL on a remote web server that contains the code."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:yabb:yabb:1.5.2:*:second_edition:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "HIGH",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.1
},
"severity" : "MEDIUM",
"exploitabilityScore" : 4.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-16T04:00Z",
"lastModifiedDate" : "2016-10-18T02:31Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0276",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/7555",
"name" : "7555",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105275789410250&w=2",
"name" : "20030512 Unix Version of the Pi3web DoS",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105155818012718&w=2",
"name" : "20030428 Pi3Web 2.0.1 DoS",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11889",
"name" : "pi3web-get-request-bo(11889)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in Pi3Web 2.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a GET request with a large number of / characters."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:pi3:pi3web:2.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-16T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0277",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/7559",
"name" : "7559",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105276130814262&w=2",
"name" : "20030512 One more flaw in Happymall",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11987",
"name" : "happymall-dotdot-directory-traversal(11987)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Directory traversal vulnerability in normal_html.cgi in Happycgi.com Happymall 4.3 and 4.4 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the file parameter."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:happycgi:happymall:4.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:happycgi:happymall:4.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-16T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0278",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/7557",
"name" : "7557",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105276130814262&w=2",
"name" : "20030512 One more flaw in Happymall",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11988",
"name" : "happymall-normalhtml-xss(11988)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in normal_html.cgi in Happycgi.com Happymall 4.3 and 4.4 allows remote attackers to insert arbitrary web script via the file parameter."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:happycgi.com:happymall:4.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:happycgi.com:happymall:4.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 6.8
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-16T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0279",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/7558",
"name" : "7558",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-05/0147.html",
"name" : "20030513 More and More SQL injection on PHP-Nuke 6.5.",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/7588",
"name" : "7588",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105276019312980&w=2",
"name" : "20030512 Lot of SQL injection on PHP-Nuke 6.5 (secure weblog!)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11984",
"name" : "phpnuke-web-sql-injection(11984)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple SQL injection vulnerabilities in the Web_Links module for PHP-Nuke 5.x through 6.5 allows remote attackers to steal sensitive information via numeric fields, as demonstrated using (1) the viewlink function and cid parameter, or (2) index.php."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:francisco_burzi:php-nuke:5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:francisco_burzi:php-nuke:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "HIGH",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 2.6
},
"severity" : "LOW",
"exploitabilityScore" : 4.9,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-16T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0280",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0062.html",
"name" : "20030510 Multiple Buffer Overflow Vulnerabilities Found in CMailServer 4.0",
"refsource" : "VULNWATCH",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/7547",
"name" : "7547",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/7548",
"name" : "7548",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105258772101349&w=2",
"name" : "20030510 Multiple Buffer Overflow Vulnerabilities Found in CMailServer 4.0",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11975",
"name" : "cmailserver-smtp-bo(11975)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple buffer overflows in the SMTP Service for ESMTP CMailServer 4.0.2003.03.27 allow remote attackers to execute arbitrary code via long (1) MAIL FROM or (2) RCPT TO commands."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:youngzsoft:cmailserver:4.0.2003.23.27:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-16T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0281",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://seclists.org/lists/bugtraq/2002/Jun/0212.html",
"name" : "20020617 Interbase 6.0 malloc() issues",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://security.gentoo.org/glsa/glsa-200405-18.xml",
"name" : "GLSA-200405-18",
"refsource" : "GENTOO",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/7546",
"name" : "7546",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/8758",
"name" : "8758",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105259012802997&w=2",
"name" : "20030509 Firebird Local exploit",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11977",
"name" : "firebird-interbase-bo(11977)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in Firebird 1.0.2 and other versions before 1.5, and possibly other products that use the InterBase codebase, allows local users to execute arbitrary code via a long INTERBASE environment variable when calling (1) gds_inet_server, (2) gds_lock_mgr, or (3) gds_drop."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:firebirdsql:firebird:1.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-16T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0282",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/7550",
"name" : "7550",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-199.html",
"name" : "RHSA-2003:199",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-200.html",
"name" : "RHSA-2003:200",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://download.immunix.org/ImmunixOS/7+/Updates/errata/IMNX-2003-7+-017-01",
"name" : "IMNX-2003-7+-017-01",
"refsource" : "IMMUNIX",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-344",
"name" : "DSA-344",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.turbolinux.com/security/TLSA-2003-42.txt",
"name" : "TLSA-2003-42",
"refsource" : "TURBO",
"tags" : [ ]
}, {
"url" : "http://www.ciac.org/ciac/bulletins/n-111.shtml",
"name" : "N-111",
"refsource" : "CIAC",
"tags" : [ ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000672",
"name" : "CLA-2003:672",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:073",
"name" : "MDKSA-2003:073",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-031.0.txt",
"name" : "CSSA-2003-031.0",
"refsource" : "CALDERA",
"tags" : [ ]
}, {
"url" : "http://www.info-zip.org/FAQ.html",
"name" : "http://www.info-zip.org/FAQ.html",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105259038503175&w=2",
"name" : "20030509 unzip directory traversal revisited",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105786446329347&w=2",
"name" : "20030710 [OpenPKG-SA-2003.033] OpenPKG Security Advisory (infozip)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12004",
"name" : "unzip-dotdot-directory-traversal(12004)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A619",
"name" : "oval:org.mitre.oval:def:619",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Directory traversal vulnerability in UnZip 5.50 allows attackers to overwrite arbitrary files via invalid characters between two . (dot) characters, which are filtered and result in a \"..\" sequence."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:info-zip:unzip:5.50:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sco:openlinux_workstation:3.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sco:openlinux_server:3.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "HIGH",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 2.6
},
"severity" : "LOW",
"exploitabilityScore" : 4.9,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : true
}
},
"publishedDate" : "2003-06-16T04:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0283",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/7545",
"name" : "7545",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105251043821533&w=2",
"name" : "20030509 A Phorum's bug...",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105251421925394&w=2",
"name" : "20030509 Re: A Phorum's bug...",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11974",
"name" : "phorum-message-html-injection(11974)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in Phorum before 3.4.3 allows remote attackers to inject arbitrary web script and HTML tags via a message with a \"<<\" before a tag name in the (1) subject, (2) author's name, or (3) author's e-mail."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phorum:phorum:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "3.4.3",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 6.8
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-16T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0284",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.adobe.com/support/downloads/detail.jsp?ftpID=2121",
"name" : "http://www.adobe.com/support/downloads/detail.jsp?ftpID=2121",
"refsource" : "CONFIRM",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/184820",
"name" : "VU#184820",
"refsource" : "CERT-VN",
"tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Adobe Acrobat 5 does not properly validate JavaScript in PDF files, which allows remote attackers to write arbitrary files into the Plug-ins folder that spread to other PDF documents, as demonstrated by the W32.Yourde virus."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:adobe:acrobat:5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-16T04:00Z",
"lastModifiedDate" : "2008-09-05T20:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0285",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://security.sdsc.edu/advisories/2003.05.13-AIX-sendmail.txt",
"name" : "http://security.sdsc.edu/advisories/2003.05.13-AIX-sendmail.txt",
"refsource" : "MISC",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/814617",
"name" : "VU#814617",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://www.securityfocus.com/bid/7580",
"name" : "7580",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105284689228961&w=2",
"name" : "20030513 AIX sendmail open relay",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11993",
"name" : "aix-sendmail-mail-relay(11993)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "IBM AIX 5.2 and earlier distributes Sendmail with a configuration file (sendmail.cf) with the (1) promiscuous_relay, (2) accept_unresolvable_domains, and (3) accept_unqualified_senders features enabled, which allows Sendmail to be used as an open mail relay for sending spam e-mail."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:ibm:aix:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "5.2",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-16T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0286",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-89"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0067.html",
"name" : "20030512 Snitz Forum 3.3.03 Remote Command Execution",
"refsource" : "VULNWATCH",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/7549",
"name" : "7549",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch" ]
}, {
"url" : "http://packetstormsecurity.org/0305-exploits/snitz_exec.txt",
"name" : "http://packetstormsecurity.org/0305-exploits/snitz_exec.txt",
"refsource" : "MISC",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/35764",
"name" : "35764",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch" ]
}, {
"url" : "http://secunia.com/advisories/35733",
"name" : "35733",
"refsource" : "SECUNIA",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://osvdb.org/56166",
"name" : "56166",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105277599131134&w=2",
"name" : "20030513 Snitz Forum 3.3.03 Remote Command Execution",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11981",
"name" : "snitz-register-sql-injection(11981)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "SQL injection vulnerability in register.asp in Snitz Forums 2000 before 3.4.03, and possibly 3.4.07 and earlier, allows remote attackers to execute arbitrary stored procedures via the Email variable."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:snitz_communications:snitz_forums_2000:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "3.3.03",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-16T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0287",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/7560",
"name" : "7560",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105284589927655&w=2",
"name" : "20030513 Re: CSS found in Movable Type -- Nope",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105276879622636&w=2",
"name" : "20030512 CSS found in Movable Type",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105277690132079&w=2",
"name" : "20030512 Re: CSS found in Movable Type",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12003",
"name" : "movable-type-comment-xss(12003)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in Movable Type before 2.6, and possibly other versions including 2.63, allows remote attackers to insert arbitrary web script or HTML via the Name textbox, possibly when the \"Allow HTML in comments?\" option is enabled."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:six_apart:movable_type:2.63:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:six_apart:movable_type:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "2.6",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 6.8
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-16T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0288",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.lac.co.jp/security/english/snsadv_e/64_e.html",
"name" : "http://www.lac.co.jp/security/english/snsadv_e/64_e.html",
"refsource" : "MISC",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7566",
"name" : "7566",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105283843417610&w=2",
"name" : "20030513 [SNS Advisory No.64] IP Messenger for Win Buffer Overflow Vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11986",
"name" : "ip-messenger-filename-bo(11986)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in the file & folder transfer mechanism for IP Messenger for Win 2.00 through 2.02 allows remote attackers to execute arbitrary code via file with a long filename, which triggers the overflow when the user saves the file."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hiroaki_shirouzu:ip_messenger:2.00:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-16T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0289",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/7565",
"name" : "7565",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "ftp://ftp.berlios.de/pub/cdrecord/alpha/cdrtools-2.01a14.tar.gz",
"name" : "ftp://ftp.berlios.de/pub/cdrecord/alpha/cdrtools-2.01a14.tar.gz",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.securiteam.com/exploits/5ZP0C2AAAC.html",
"name" : "http://www.securiteam.com/exploits/5ZP0C2AAAC.html",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://forums.gentoo.org/viewtopic.php?t=54904",
"name" : "200305-06",
"refsource" : "GENTOO",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:058",
"name" : "MDKSA-2003:058",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105286031812533&w=2",
"name" : "20030513 Cdrecord_local_root_exploit.",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105285564307225&w=2",
"name" : "20030513 cdrtools2.0 Format String Vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12007",
"name" : "cdrtools-scsiopen-format-string(12007)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Format string vulnerability in scsiopen.c of the cdrecord program in cdrtools 2.0 allows local users to gain privileges via format string specifiers in the dev parameter."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cdrtools:cdrecord:2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cdrtools:cdrecord:1.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-16T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0290",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0064.html",
"name" : "20030511 eServ Memory Leak Enables Denial of Service Attacks",
"refsource" : "VULNWATCH",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/7552",
"name" : "7552",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105284631428187&w=2",
"name" : "20030513 eServ Memory Leak Solution",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105284630228137&w=2",
"name" : "20030511 eServ Memory Leak Enables Denial of Service Attacks",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11973",
"name" : "eserv-multiple-connections-dos(11973)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Memory leak in eServ 2.9x allows remote attackers to cause a denial of service (memory exhaustion) via a large number of connections, whose memory is not freed when the connection is terminated."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:etype:eserv:2.9x:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-16T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0291",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://nautopia.coolfreepages.com/vulnerabilidades/3com812_dhcp_leak.htm",
"name" : "http://nautopia.coolfreepages.com/vulnerabilidades/3com812_dhcp_leak.htm",
"refsource" : "MISC",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7592",
"name" : "7592",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105292451702516&w=2",
"name" : "20030514 Memory leak in 3COM 812 DSL routers",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105301488426951&w=2",
"name" : "20030515 RE : Memory leak in 3COM DSL routers",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11999",
"name" : "3com-officeconnect-memory-leak(11999)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "3com OfficeConnect Remote 812 ADSL Router 1.1.7 does not properly clear memory from DHCP responses, which allows remote attackers to identify the contents of previous HTTP requests by sniffing DHCP packets."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:3com:3cp4144:1.1.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-16T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0292",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/7596",
"name" : "7596",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105292750807005&w=2",
"name" : "20030514 Inktomi Traffic-Server XSS: man-in-the-middle XSS !",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in Inktomi Traffic-Server 5.5.1 allows remote attackers to insert arbitrary web script or HTML into an error page that appears to come from the domain that the client is visiting, aka \"Man-in-the-Middle\" XSS."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:inktomi:inktomi_traffic-server:5.5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 6.8
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-16T04:00Z",
"lastModifiedDate" : "2016-10-18T02:31Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0293",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=105293128612131&w=2",
"name" : "20030514 PalmOS ICMP flood DoS.",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "PalmOS allows remote attackers to cause a denial of service (CPU consumption) via a flood of ICMP echo request (ping) packets."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:palm:palmos:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-16T04:00Z",
"lastModifiedDate" : "2016-10-18T02:31Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0294",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=105293834421549&w=2",
"name" : "20030514 php-proxima Remote File Access Vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "autohtml.php in php-proxima 6.0 and earlier allows remote attackers to read arbitrary files via the name parameter in a modload operation."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php-proxima:php-proxima:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "6.0",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-16T04:00Z",
"lastModifiedDate" : "2016-10-18T02:31Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0295",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=105292832607981&w=2",
"name" : "20030514 VBulletin Preview Message - XSS Vuln",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105293890422210&w=2",
"name" : "20030514 Re: VBulletin Preview Message - XSS Vuln",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in private.php for vBulletin 3.0.0 Beta 2 allows remote attackers to inject arbitrary web script and HTML via the \"Preview Message\" capability."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:jelsoft:vbulletin:3.0.0_beta_2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 6.8
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-16T04:00Z",
"lastModifiedDate" : "2016-10-18T02:31Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0296",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=105294024124163&w=2",
"name" : "20030514 Buffer overflows in multiple IMAP clients",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The IMAP Client for Evolution 1.2.4 allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large literal size values that cause either integer signedness errors or integer overflow errors."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ximian:evolution:1.2.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-16T04:00Z",
"lastModifiedDate" : "2016-10-18T02:32Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0297",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.redhat.com/support/errata/RHSA-2005-015.html",
"name" : "RHSA-2005:015",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2005-114.html",
"name" : "RHSA-2005:114",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105294024124163&w=2",
"name" : "20030514 Buffer overflows in multiple IMAP clients",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/430302/100/0/threaded",
"name" : "FLSA:184074",
"refsource" : "FEDORA",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "c-client IMAP Client, as used in imap-2002b and Pine 4.53, allows remote malicious IMAP servers to cause a denial of service (crash) and possibly execute arbitrary code via certain large (1) literal and (2) mailbox size values that cause either integer signedness errors or integer overflow errors."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:university_of_washington:pine:4.53:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:university_of_washington:c-client:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:university_of_washington:imap-2002b:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-16T04:00Z",
"lastModifiedDate" : "2018-10-19T15:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0298",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=105294024124163&w=2",
"name" : "20030514 Buffer overflows in multiple IMAP clients",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The IMAP Client for Mozilla 1.3 and 1.4a allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large (1) literal and possibly (2) mailbox size values that cause either integer signedness errors or integer overflow errors."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-16T04:00Z",
"lastModifiedDate" : "2016-10-18T02:32Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0299",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=105294024124163&w=2",
"name" : "20030514 Buffer overflows in multiple IMAP clients",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The IMAP Client, as used in mutt 1.4.1 and Balsa 2.0.10, allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large mailbox size values that cause either integer signedness errors or integer overflow errors."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mutt:mutt:1.4.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:stuart_parmenter:balsa:2.0.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-16T04:00Z",
"lastModifiedDate" : "2016-10-18T02:32Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0300",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=105294024124163&w=2",
"name" : "20030514 Buffer overflows in multiple IMAP clients",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:outlook_express:6.00.2800.1106:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:university_of_washington:pine:4.53:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ximian:evolution:1.2.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mutt:mutt:1.4.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:qualcomm:eudora:5.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:stuart_parmenter:balsa:2.0.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sylpheed:sylpheed_email_client:0.8.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-16T04:00Z",
"lastModifiedDate" : "2016-10-18T02:32Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0301",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=105294024124163&w=2",
"name" : "20030514 Buffer overflows in multiple IMAP clients",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The IMAP Client for Outlook Express 6.00.2800.1106 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:outlook_express:6.00.2800.1106:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-16T04:00Z",
"lastModifiedDate" : "2016-10-18T02:32Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0302",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=105294024124163&w=2",
"name" : "20030514 Buffer overflows in multiple IMAP clients",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The IMAP Client for Eudora 5.2.1 allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large literal size values that cause either integer signedness errors or integer overflow errors."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:qualcomm:eudora:5.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-16T04:00Z",
"lastModifiedDate" : "2016-10-18T02:32Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0303",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0070.html",
"name" : "20030515 OneOrZero Security Problems (PHP)",
"refsource" : "VULNWATCH",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7609",
"name" : "7609",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105302025601231&w=2",
"name" : "20030515 OneOrZero Security Problems (PHP)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "SQL injection vulnerability in one||zero (aka One or Zero) Helpdesk 1.4 rc4 allows remote attackers to modify arbitrary ticket number descriptions via the sg parameter."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oneorzero:oneorzero_helpdesk:1.4_rc4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-09T04:00Z",
"lastModifiedDate" : "2016-10-18T02:32Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0304",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0070.html",
"name" : "20030515 OneOrZero Security Problems (PHP)",
"refsource" : "VULNWATCH",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105302025601231&w=2",
"name" : "20030515 OneOrZero Security Problems (PHP)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "one||zero (aka One or Zero) Helpdesk 1.4 rc4 allows remote attackers to create administrator accounts by directly calling the install.php Helpdesk Installation script."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oneorzero:oneorzero_helpdesk:1.4_rc4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-09T04:00Z",
"lastModifiedDate" : "2016-10-18T02:32Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0305",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.cisco.com/warp/public/707/cisco-sa-20030515-saa.shtml",
"name" : "20030515 Cisco Security Advisory: Cisco IOS Software Processing of SAA Packets",
"refsource" : "CISCO",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5608",
"name" : "oval:org.mitre.oval:def:5608",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The Service Assurance Agent (SAA) in Cisco IOS 12.0 through 12.2, aka Response Time Reporter (RTR), allows remote attackers to cause a denial of service (crash) via malformed RTR packets to port 1967."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(15\\)s:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(15\\)sc:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(18\\)s:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(18\\)sl:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(21\\)sl:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(21\\)sx:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1\\(11\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1\\(11.5\\)e:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(17\\)s:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(17\\)sl:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(20\\)sp:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(6.8a\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1\\(10\\)e:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1\\(11a\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(9.4\\)da:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(7\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(15\\)sl:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1\\(12b\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(19\\)sl:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(10.5\\)s:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(16\\)s:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1\\(10\\)ey:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(21\\)s:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(19\\)s:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1\\(10a\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1\\(13\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1\\(11b\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1\\(12a\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(7\\)da:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1\\(10\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1\\(10.5\\)ec:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1\\(14\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1\\(12c\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(7b\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(16\\)st:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(20\\)sl:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1\\(9\\)ea:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(9\\)s:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1\\(14.5\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(19\\)sp:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1\\(10\\)ec:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1\\(10\\)ex:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(7c\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1\\(8\\)ea:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(7a\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1\\(11b\\)e:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1\\(12\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(16\\)sc:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-09T04:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0306",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=vuln-dev&m=105241032526289&w=2",
"name" : "20030507 Buffer overflow in Explorer.exe",
"refsource" : "VULN-DEV",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105284486526310&w=2",
"name" : "20030511 Detailed analysis: Buffer overflow in Explorer.exe on Windows XP SP1",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105301349925036&w=2",
"name" : "20030515 Re[2]: EXPLOIT: Buffer overflow in Explorer.exe on Windows XP SP1",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3095",
"name" : "oval:org.mitre.oval:def:3095",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-027",
"name" : "MS03-027",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in EXPLORER.EXE on Windows XP allows attackers to execute arbitrary code as the XP user via a desktop.ini file with a long .ShellClassInfo parameter."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:gold:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-09T04:00Z",
"lastModifiedDate" : "2018-10-12T21:32Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0307",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=105295155004969&w=2",
"name" : "20030514 [VULNERABILITY] PHP 'poster version.two'",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Poster version.two allows remote authenticated users to gain administrative privileges by appending the \"|\" field separator and an \"admin\" value into the email address field."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:poster:poster:version.two:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-09T04:00Z",
"lastModifiedDate" : "2016-10-18T02:32Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0308",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-305",
"name" : "DSA-305",
"refsource" : "DEBIAN",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.openwall.com/lists/oss-security/2008/10/30/2",
"name" : "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "http://dev.gentoo.org/~rbu/security/debiantemp/sendmail-base",
"name" : "http://dev.gentoo.org/~rbu/security/debiantemp/sendmail-base",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "https://bugs.gentoo.org/show_bug.cgi?id=235770",
"name" : "https://bugs.gentoo.org/show_bug.cgi?id=235770",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://bugs.debian.org/496408",
"name" : "http://bugs.debian.org/496408",
"refsource" : "CONFIRM",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The Sendmail 8.12.3 package in Debian GNU/Linux 3.0 does not securely create temporary files, which could allow local users to gain additional privileges via (1) expn, (2) checksendmail, or (3) doublebounce.pl."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.9.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-05-15T04:00Z",
"lastModifiedDate" : "2008-11-11T05:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0309",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.kb.cert.org/vuls/id/251788",
"name" : "VU#251788",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://www.securityfocus.com/bid/7539",
"name" : "7539",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/8807",
"name" : "8807",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105249399103214&w=2",
"name" : "20030508 Flooding Internet Explorer 6.0.2800 (6.x?) security zones ! [CRITICAL]",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105294081325040&w=2",
"name" : "20030513 Flooding Internet Explorer 6.0.2800 (6.x?) security zones ! - UPDATED",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=ntbugtraq&m=105294162726096&w=2",
"name" : "20030513 Flooding Internet Explorer 6.0.2800 (6.x?) security zones ! - UPDATED",
"refsource" : "NTBUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12019",
"name" : "ie-frame-restrictions-bypass(12019)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A948",
"name" : "oval:org.mitre.oval:def:948",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-020",
"name" : "MS03-020",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to bypass security zone restrictions and execute arbitrary programs via a web document with a large number of duplicate file:// or other requests that point to the program and open multiple file download dialogs, which eventually cause Internet Explorer to execute the program, as demonstrated using a large number of FRAME or IFRAME tags, aka the \"File Download Dialog Vulnerability.\""
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0.2800:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-09T04:00Z",
"lastModifiedDate" : "2018-10-12T21:32Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0310",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-79"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=105310013606680&w=2",
"name" : "20030516 EzPublish Directory XSS Vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in articleview.php for eZ publish 2.2 allows remote attackers to insert arbitrary web script."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ez:ez_publish:2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 6.8
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-16T04:00Z",
"lastModifiedDate" : "2016-10-18T02:32Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0312",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=105311719128173&w=2",
"name" : "20030516 Snowblind Web Server: multiple issues",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Directory traversal vulnerability in Snowblind Web Server 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP request."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:snowblind.net:snowblind_web_server:1.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 6.4
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 4.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-16T04:00Z",
"lastModifiedDate" : "2016-10-18T02:32Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0313",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=105311719128173&w=2",
"name" : "20030516 Snowblind Web Server: multiple issues",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Directory traversal vulnerability in Snowblind Web Server 1.0 allows remote attackers to list arbitrary directory contents via a ... (triple dot) in an HTTP request."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:snowblind.net:snowblind_web_server:1.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 6.4
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 4.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-16T04:00Z",
"lastModifiedDate" : "2016-10-18T02:32Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0314",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=105311719128173&w=2",
"name" : "20030516 Snowblind Web Server: multiple issues",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Snowblind Web Server 1.0 allows remote attackers to cause a denial of service (crash) via a URL that ends in a \"</\" sequence."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:snowblind.net:snowblind_web_server:1.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 6.4
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 4.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-16T04:00Z",
"lastModifiedDate" : "2016-10-18T02:32Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0315",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=105311719128173&w=2",
"name" : "20030516 Snowblind Web Server: multiple issues",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Snowblind Web Server 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP request, which may trigger a buffer overflow."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:snowblind.net:snowblind_web_server:1.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-16T04:00Z",
"lastModifiedDate" : "2016-10-18T02:32Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0316",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-05/0188.html",
"name" : "20030516 Venturi Client 2.1 confirmed as open relay [Verizon Wireless Mobile Office]",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.venturiwireless.com/tech_support/Q_and_A/Q_A_09.htm",
"name" : "http://www.venturiwireless.com/tech_support/Q_and_A/Q_A_09.htm",
"refsource" : "MISC",
"tags" : [ "Patch" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Venturi Client before 2.2, as used in certain Fourelle and Venturi Wireless products, can be used as an open proxy for various protocols, including an open relay for SMTP, which allows it to be abused by spammers."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fourelle_venturi_wireless:venturi_client:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "2.2",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-16T04:00Z",
"lastModifiedDate" : "2008-09-05T20:34Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0317",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=25",
"name" : "20030522 Authentication Bypass in iisPROTECT",
"refsource" : "IDEFENSE",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "iisPROTECT 2.1 and 2.2 allows remote attackers to bypass authentication via an HTTP request containing URL-encoded characters."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:iisprotect:iisprotect:2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:iisprotect:iisprotect:2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-10-03T04:20Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0318",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=105319538308834&w=2",
"name" : "20030517 PHP-Nuke code injection in Yearly Stats at Statistics module",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in the Statistics module for PHP-Nuke 6.0 and earlier allows remote attackers to insert arbitrary web script via the year parameter."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:francisco_burzi:php-nuke:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "6.0",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-09T04:00Z",
"lastModifiedDate" : "2016-10-18T02:32Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0319",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0072.html",
"name" : "20030517 Buffer overflow vulnerability found in MailMax version 5",
"refsource" : "VULNWATCH",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105319299407291&w=2",
"name" : "20030517 Buffer overflow vulnerability found in MailMax version 5",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in the IMAP server (IMAPMax) for SmartMax MailMax 5.0.10.8 and earlier allows remote authenticated users to execute arbitrary code via a long SELECT command."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:smartmax_software:mailmax:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "5.0.10.8",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-09T04:00Z",
"lastModifiedDate" : "2016-10-18T02:32Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0320",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=105320172212990&w=2",
"name" : "20030517 Remote code execution in ttCMS <=v2.3",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "header.php in ttCMS 2.3 and earlier allows remote attackers to inject arbitrary PHP code by setting the ttcms_user_admin parameter to \"1\" and modifying the admin_root parameter to point to a URL that contains a Trojan horse header.inc.php script."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:andy_prevost:ttcms:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "2.3",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-09T04:00Z",
"lastModifiedDate" : "2016-10-18T02:32Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0321",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-306",
"name" : "DSA-306",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://security.debian.org/pool/updates/main/i/ircii-pana/ircii-pana_1.0-0c16-2.1.diff.gz",
"name" : "http://security.debian.org/pool/updates/main/i/ircii-pana/ircii-pana_1.0-0c16-2.1.diff.gz",
"refsource" : "MISC",
"tags" : [ "Patch" ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000655",
"name" : "CLA-2003:655",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/7096",
"name" : "7096",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/7097",
"name" : "7097",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/7099",
"name" : "7099",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/7100",
"name" : "7100",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104766521328322&w=2",
"name" : "20030313 Buffer overflows in ircII-based clients",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104852615211913&w=2",
"name" : "20030324 GLSA: bitchx (200303-21)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple buffer overflows in BitchX IRC client 1.0-0c19 and earlier allow remote malicious IRC servers to cause a denial of service (crash) and possibly execute arbitrary code via long hostnames, nicknames, or channel names, which are not properly handled by the functions (1) send_ctcp, (2) cannot_join_channel, (3) cluster, (4) BX_compress_modes, (5) handle_oper_vision, and (6) ban_it."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:colten_edwards:bitchx:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "1.0.0c19",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-09T04:00Z",
"lastModifiedDate" : "2016-10-18T02:32Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0322",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-306",
"name" : "DSA-306",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://security.debian.org/pool/updates/main/i/ircii-pana/ircii-pana_1.0-0c16-2.1.diff.gz",
"name" : "http://security.debian.org/pool/updates/main/i/ircii-pana/ircii-pana_1.0-0c16-2.1.diff.gz",
"refsource" : "MISC",
"tags" : [ "Patch" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Integer overflow in BitchX IRC client 1.0-0c19 and earlier allows remote malicious IRC servers to cause a denial of service (crash)."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:colten_edwards:bitchx:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "1.0.0c19",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-09T04:00Z",
"lastModifiedDate" : "2008-09-05T20:34Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0323",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-291",
"name" : "DSA-291",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-298",
"name" : "DSA-298",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/7098",
"name" : "7098",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104808915402926&w=2",
"name" : "20030319 [OpenPKG-SA-2003.024] OpenPKG Security Advisory (ircii)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104766521328322&w=2",
"name" : "20030313 Buffer overflows in ircII-based clients",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple buffer overflows in ircII 20020912 allows remote malicious IRC servers to cause a denial of service (crash) and possibly execute arbitrary code via responses that are not properly fed to the my_strcat function by (1) ctcp_buffer, (2) cannot_join_channel, (3) status_make_printable for Statusbar drawing, (4) create_server_list, and possibly other functions."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:michael_sandrof:ircii:2002-09-12:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-09T04:00Z",
"lastModifiedDate" : "2016-10-18T02:32Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0324",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-287",
"name" : "DSA-287",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7091",
"name" : "7091",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104766521328322&w=2",
"name" : "20030313 Buffer overflows in ircII-based clients",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflows in EPIC IRC Client (EPIC4) 1.0.1 allows remote malicious IRC servers to cause a denial of service (crash) and possibly execute arbitrary code via long replies that are not properly handled by the (1) userhost_cmd_returned function, or (2) Statusbar capability."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:epic:epic4:1.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-09T04:00Z",
"lastModifiedDate" : "2016-10-18T02:32Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0325",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=105344501331344&w=2",
"name" : "20030519 Maelstrom exploit",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105346309123217&w=2",
"name" : "20030520 Maelstrom Local Buffer Overflow Exploit, FreeBSD 4.8 edition",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105337792703887&w=2",
"name" : "20030518 Maelstrom Buffer Overflow",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in Maelstrom 3.0.6, 3.0.5, and earlier allows local users to execute arbitrary code via a long -server command line argument."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ambrosia_software:maelstrom:3.0.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ambrosia_software:maelstrom:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "3.0.5",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-09T04:00Z",
"lastModifiedDate" : "2016-10-18T02:32Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0326",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/7629",
"name" : "7629",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105337692202626&w=2",
"name" : "20030519 bazarr slocate",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Integer overflow in parse_decode_path() of slocate may allow attackers to execute arbitrary code via a LOCATE_PATH with a large number of \":\" (colon) characters, whose count is used in a call to malloc."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:slocate:slocate:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-09T04:00Z",
"lastModifiedDate" : "2016-10-18T02:32Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0327",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.rapid7.com/advisories/R7-0016.html",
"name" : "http://www.rapid7.com/advisories/R7-0016.html",
"refsource" : "MISC",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106936096103805&w=2",
"name" : "20031120 R7-0016: Sybase ASE 12.5 Remote Password Array Denial of Service",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13800",
"name" : "sybase-passwordarray-bo(13800)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Sybase Adaptive Server Enterprise (ASE) 12.5 allows remote attackers to cause a denial of service (hang) via a remote password array with an invalid length, which triggers a heap-based buffer overflow."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sybase:adaptive_server_enterprise:12.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-15T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0328",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "ftp://ftp.prbh.org/pub/epic/patches/alloca_underrun-patch-1",
"name" : "ftp://ftp.prbh.org/pub/epic/patches/alloca_underrun-patch-1",
"refsource" : "CONFIRM",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-306",
"name" : "DSA-306",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-399",
"name" : "DSA-399",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-342.html",
"name" : "RHSA-2003:342",
"refsource" : "REDHAT",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "EPIC IRC Client (EPIC4) pre2.002, pre2.003, and possibly later versions, allows remote malicious IRC servers to cause a denial of service (crash) and possibly execute arbitrary code via a CTCP request from a large nickname, which causes an incorrect length calculation."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:epic:epic4:pre2.002:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:epic:epic4:pre2.003:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-09T04:00Z",
"lastModifiedDate" : "2008-09-05T20:34Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0329",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0074.html",
"name" : "20030520 Plaintext Password in Settings.ini of CesarFTP",
"refsource" : "VULNWATCH",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105344578100315&w=2",
"name" : "20030520 Plaintext Password in Settings.ini of CesarFTP",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "CesarFTP 0.99g stores user names and passwords in plaintext in the settings.ini file, which could allow local users to gain privileges."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:aclogic:cesarftp:0.99g:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-09T04:00Z",
"lastModifiedDate" : "2016-10-18T02:32Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0330",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securitytracker.com/id?1008832",
"name" : "1008832",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105344891005369&w=2",
"name" : "20030520 Maelstrom Local Buffer Overflow Exploit",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in unknown versions of Maelstrom allows local users to execute arbitrary code via a long -player command line argument."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ambrosia_software:maelstrom:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-09T04:00Z",
"lastModifiedDate" : "2016-10-18T02:32Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0331",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=105345273210334&w=2",
"name" : "20030520 More vulnerabilities in ttForum/ttCMS -> SQL injection",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "SQL injection vulnerability in ttForum allows remote attackers to execute arbitrary SQL and gain ttForum Administrator privileges via the Ignorelist-Textfield argument in the Preferences page."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ttcms:ttforum:4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-09T04:00Z",
"lastModifiedDate" : "2016-10-18T02:32Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0332",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0075.html",
"name" : "20030520 BadBlue Remote Administrative Interface Access Vulnerability",
"refsource" : "VULNWATCH",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105346382524169&w=2",
"name" : "20030520 BadBlue Remote Administrative Interface Access Vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The ISAPI extension in BadBlue 1.7 through 2.2, and possibly earlier versions, modifies the first two letters of a filename extension after performing a security check, which allows remote attackers to bypass authentication via a filename with a .ats extension instead of a .hts extension."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:working_resources_inc.:badblue:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "2.2",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "HIGH",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.6
},
"severity" : "HIGH",
"exploitabilityScore" : 4.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-09T04:00Z",
"lastModifiedDate" : "2016-10-18T02:32Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0333",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/hp/current/0044.html",
"name" : "HPSBUX0305-259",
"refsource" : "HP",
"tags" : [ ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/971364",
"name" : "VU#971364",
"refsource" : "CERT-VN",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.securityfocus.com/bid/7627",
"name" : "7627",
"refsource" : "BID",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105190667523456&w=2",
"name" : "20030502 Re: from bugtraq: HP-UX 11.0 /usr/bin/kermit (fwd)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105189670912220&w=2",
"name" : "20030502 HP-UX 11.0 /usr/bin/kermit",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11929",
"name" : "hp-ckermit-bo(11929)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple buffer overflows in kermit in HP-UX 10.20 and 11.00 (C-Kermit 6.0.192 and possibly other versions before 8.0) allow local users to gain privileges via long arguments to (1) ask, (2) askq, (3) define, (4) assign, and (5) getc, some of which may share the same underlying function \"doask,\" a different vulnerability than CVE-2001-0085."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.20:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-05-19T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0334",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000655",
"name" : "CLA-2003:655",
"refsource" : "CONECTIVA",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7551",
"name" : "7551",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:069",
"name" : "MDKSA-2003:069",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105259643606984&w=2",
"name" : "20030510 BitchX: Crash when channel modes change",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12008",
"name" : "bitchx-mode-change-dos(12008)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "BitchX IRC client 1.0c20cvs and earlier allows attackers to cause a denial of service (core dump) via certain channel mode changes that are not properly handled in names.c."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:colten_edwards:bitchx:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "1.0c20cvs",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 2.1
},
"severity" : "LOW",
"exploitabilityScore" : 3.9,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-05-10T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0335",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=105361968110719&w=2",
"name" : "20030522 [slackware-security] quotacheck security fix in rc.M (SSA:2003-141-06)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "rc.M in Slackware 9.0 calls quotacheck with the -M option, which causes the filesystem to be remounted and possibly reset security-relevant mount flags such as nosuid, nodev, and noexec."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:slackware:slackware_linux:9.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-05-22T04:00Z",
"lastModifiedDate" : "2016-10-18T02:32Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0336",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=105362278914731&w=2",
"name" : "20030522 Eudora 5.2.1 attachment spoof",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Qualcomm Eudora 5.2.1 allows remote attackers to read arbitrary files via an email message with a carriage return (CR) character in a spoofed \"Attachment Converted:\" string, which is not properly handled by Eudora."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:qualcomm:eudora:5.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-05-22T04:00Z",
"lastModifiedDate" : "2016-10-18T02:32Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0337",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=105361879109409&w=2",
"name" : "20030522 Security advisory: LSF 5.1 local root exploit",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The ckconfig command in lsadmin for Load Sharing Facility (LSF) 5.1 allows local users to execute arbitrary programs by modifying the LSF_ENVDIR environment variable to reference an alternate lsf.conf file, then modifying LSF_SERVERDIR to point to a malicious lim program, which lsadmin then executes."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:platform:lsadmin:5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-05-22T04:00Z",
"lastModifiedDate" : "2016-10-18T02:32Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0338",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0077.html",
"name" : "20030521 [INetCop Security Advisory] WsMP3d Directory Traversing Vulnerability",
"refsource" : "VULNWATCH",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105353168619211&w=2",
"name" : "20030521 [INetCop Security Advisory] WsMP3d Directory Traversing Vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Directory traversal vulnerability in WsMp3 daemon (WsMp3d) 0.0.10 and earlier allows remote attackers to read and execute arbitrary files via .. (dot dot) sequences in HTTP GET or POST requests."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:wsmp3:wsmp3_daemon:0.0.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:wsmp3:wsmp3_daemon:0.0.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:wsmp3:wsmp3_web_server:0.0.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:wsmp3:wsmp3_daemon:0.0.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:wsmp3:wsmp3_web_server:0.0.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:wsmp3:wsmp3_web_server:0.0.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:wsmp3:wsmp3_web_server:0.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:wsmp3:wsmp3_web_server:0.0.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:wsmp3:wsmp3_web_server:0.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:wsmp3:wsmp3_web_server:0.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-05-21T04:00Z",
"lastModifiedDate" : "2016-10-18T02:32Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0339",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=105361764807746&w=2",
"name" : "20030522 WsMp3d remote exploit.",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105353178019353&w=2",
"name" : "20030521 Remote Heap Corruption Overflow vulnerability in WsMp3d.",
"refsource" : "VULNWATCH",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple heap-based buffer overflows in WsMp3 daemon (WsMp3d) 0.0.10 and earlier allow remote attackers to execute arbitrary code via long HTTP requests."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:wsmp3:wsmp3_daemon:0.0.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:wsmp3:wsmp3_web_server:0.0.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:wsmp3:wsmp3_daemon:0.0.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:wsmp3:wsmp3_daemon:0.0.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-05-22T04:00Z",
"lastModifiedDate" : "2016-10-18T02:32Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0340",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-05/0230.html",
"name" : "20030521 Demarc Puresecure v1.6 - Plaintext password issue -",
"refsource" : "BUGTRAQ",
"tags" : [ "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Demarc Puresecure 1.6 stores authentication information for the logging server in plaintext, which allows attackers to steal login names and passwords to gain privileges."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:demarc_security:puresecure:1.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-05-21T04:00Z",
"lastModifiedDate" : "2008-09-05T20:34Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0341",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=105353266220520&w=2",
"name" : "20030521 [AP] Owl Intranet Engine CSS Bug",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in Owl Intranet Engine 0.71 and earlier allows remote attackers to insert arbitrary script via the Search field."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:owl:owl_intranet_engine:0.71:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:owl:owl_intranet_engine:0.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 6.8
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-05-21T04:00Z",
"lastModifiedDate" : "2016-10-18T02:32Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0342",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=105353283720837&w=2",
"name" : "20030520 [[ TH 026 Inc. ]] SA #4 - Blackmoon FTP Server cleartext passwords and User enumeration",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "BlackMoon FTP Server 2.6 Free Edition, and possibly other distributions and versions, stores user names and passwords in plaintext in the blackmoon.mdb file, which can allow local users to gain privileges."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:selom_ofori:blackmoon_ftp_server:2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-05-20T04:00Z",
"lastModifiedDate" : "2016-10-18T02:32Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0343",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=105353283720837&w=2",
"name" : "20030520 [[ TH 026 Inc. ]] SA #4 - Blackmoon FTP Server cleartext passwords and User enumeration",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "BlackMoon FTP Server 2.6 Free Edition, and possibly other distributions and versions, generates an \"Account does not exist\" error message when an invalid username is entered, which makes it easier for remote attackers to conduct brute force attacks."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:selom_ofori:blackmoon_ftp_server:2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-05-21T04:00Z",
"lastModifiedDate" : "2016-10-18T02:32Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0344",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.eeye.com/html/Research/Advisories/AD20030604.html",
"name" : "AD20030604",
"refsource" : "EEYE",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006401.html",
"name" : "20030709 IE Object Type Overflow Exploit",
"refsource" : "FULLDISC",
"tags" : [ ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/679556",
"name" : "VU#679556",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://secunia.com/advisories/8943",
"name" : "8943",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105476381609135&w=2",
"name" : "20030604 Internet Explorer Object Type Property Overflow",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A922",
"name" : "oval:org.mitre.oval:def:922",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-020",
"name" : "MS03-020",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code via / (slash) characters in the Type property of an Object tag in a web page."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:*:windows_server_2003:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.01:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-16T04:00Z",
"lastModifiedDate" : "2018-10-12T21:32Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0345",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/8152",
"name" : "8152",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/337764",
"name" : "VU#337764",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://securitytracker.com/id?1007154",
"name" : "1007154",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/9225",
"name" : "9225",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12544",
"name" : "win-smb-bo(12544)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3391",
"name" : "oval:org.mitre.oval:def:3391",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A146",
"name" : "oval:org.mitre.oval:def:146",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A118",
"name" : "oval:org.mitre.oval:def:118",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-024",
"name" : "MS03-024",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, and NT allows remote attackers to cause a denial of service and possibly execute arbitrary code via an SMB packet that specifies a smaller buffer length than is required."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:terminal_server_alpha:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-18T04:00Z",
"lastModifiedDate" : "2019-04-30T14:27Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0346",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.cert.org/advisories/CA-2003-18.html",
"name" : "CA-2003-18",
"refsource" : "CERT",
"tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/561284",
"name" : "VU#561284",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/265232",
"name" : "VU#265232",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105899759824008&w=2",
"name" : "20030723 EEYE: Windows MIDI Decoder (QUARTZ.DLL) Heap Corruption",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A218",
"name" : "oval:org.mitre.oval:def:218",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1104",
"name" : "oval:org.mitre.oval:def:1104",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1095",
"name" : "oval:org.mitre.oval:def:1095",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-030",
"name" : "MS03-030",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple integer overflows in a Microsoft Windows DirectX MIDI library (QUARTZ.DLL) allow remote attackers to execute arbitrary code via a MIDI (.mid) file with (1) large length for a Text or Copyright string, or (2) a large number of tracks, which leads to a heap-based buffer overflow."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:directx:5.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:directx:6.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:directx:9.0a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:directx:7.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:directx:7.0a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:directx:8.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2018-10-12T21:32Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0347",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/8534",
"name" : "8534",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0093.html",
"name" : "20030903 EEYE: VBE Document Property Buffer Overflow",
"refsource" : "VULNWATCH",
"tags" : [ ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/804780",
"name" : "VU#804780",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://secunia.com/advisories/9666",
"name" : "9666",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106262077829157&w=2",
"name" : "20030903 EEYE: VBE Document Property Buffer Overflow",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-037",
"name" : "MS03-037",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Heap-based buffer overflow in VBE.DLL and VBE6.DLL of Microsoft Visual Basic for Applications (VBA) SDK 5.0 through 6.3 allows remote attackers to execute arbitrary code via a document with a long ID parameter."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:office:xp:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:visual_basic:6.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:visual_basic:6.2:*:sdk:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:office:2000:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:office:2000:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:visio:2002:*:professional:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:visual_basic:5.0:*:sdk:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:project:2000:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:project:2002:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:office:xp:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:visual_basic:6.3:*:sdk:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:office:xp:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-20T04:00Z",
"lastModifiedDate" : "2018-10-12T21:32Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0348",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.kb.cert.org/vuls/id/320516",
"name" : "VU#320516",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://www.securityfocus.com/bid/8034",
"name" : "8034",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12440",
"name" : "mediaplayer-activex-obtain-information(12440)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-021",
"name" : "MS03-021",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "A certain Microsoft Windows Media Player 9 Series ActiveX control allows remote attackers to view and manipulate the Media Library on the local system via HTML script."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:windows_media_player:9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 6.4
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 4.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-07-24T04:00Z",
"lastModifiedDate" : "2018-10-12T21:32Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0349",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0306&L=NTBUGTRAQ&P=R4563",
"name" : "20030626 Windows Media Services Remote Command Execution #2",
"refsource" : "NTBUGTRAQ",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/113716",
"name" : "VU#113716",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://securitytracker.com/id?1007059",
"name" : "1007059",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/9115",
"name" : "9115",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105665030925504&w=2",
"name" : "20030626 Windows Media Services Remote Command Execution #2",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A938",
"name" : "oval:org.mitre.oval:def:938",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-022",
"name" : "MS03-022",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in the streaming media component for logging multicast requests in the ISAPI for the logging capability of Microsoft Windows Media Services (nsiislog.dll), as installed in IIS 5.0, allows remote attackers to execute arbitrary code via a large POST request to nsiislog.dll."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-07-24T04:00Z",
"lastModifiedDate" : "2018-10-12T21:32Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0350",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0015.html",
"name" : "20030709 Microsoft Utility Manager Local Privilege Escalation",
"refsource" : "VULNWATCH",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.ngssoftware.com/advisories/utilitymanager.txt",
"name" : "http://www.ngssoftware.com/advisories/utilitymanager.txt",
"refsource" : "MISC",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/8154",
"name" : "8154",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105777681615939&w=2",
"name" : "20030709 Microsoft Utility Manager Local Privilege Escalation",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12543",
"name" : "win2k-accessibility-gain-privileges(12543)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A451",
"name" : "oval:org.mitre.oval:def:451",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-025",
"name" : "MS03-025",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The control for listing accessibility options in the Accessibility Utility Manager on Windows 2000 (ListView) does not properly handle Windows messages, which allows local users to execute arbitrary code via a \"Shatter\" style message to the Utility Manager that references a user-controlled callback function."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-18T04:00Z",
"lastModifiedDate" : "2019-04-30T14:27Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0351",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ ]
} ]
},
"references" : {
"reference_data" : [ ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2003-0306. Reason: This candidate is a reservation duplicate of CVE-2003-0306. Notes: All CVE users should reference CVE-2003-0306 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ ]
},
"impact" : { },
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-10T19:18Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0352",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/8205",
"name" : "8205",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/007079.html",
"name" : "20030726 Re: The French BUGTRAQ (New Win RPC Exploit)",
"refsource" : "FULLDISC",
"tags" : [ ]
}, {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/007357.html",
"name" : "20030730 rpcdcom Universal offsets",
"refsource" : "FULLDISC",
"tags" : [ ]
}, {
"url" : "http://www.xfocus.org/documents/200307/2.html",
"name" : "http://www.xfocus.org/documents/200307/2.html",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.cert.org/advisories/CA-2003-16.html",
"name" : "CA-2003-16",
"refsource" : "CERT",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://www.cert.org/advisories/CA-2003-19.html",
"name" : "CA-2003-19",
"refsource" : "CERT",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/568148",
"name" : "VU#568148",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105838687731618&w=2",
"name" : "20030716 [LSD] Critical security vulnerability in Microsoft Operating Systems",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105914789527294&w=2",
"name" : "20030725 The Analysis of LSD's Buffer Overrun in Windows RPC Interface(code revised )",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12629",
"name" : "win-rpc-dcom-bo(12629)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A296",
"name" : "oval:org.mitre.oval:def:296",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2343",
"name" : "oval:org.mitre.oval:def:2343",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A194",
"name" : "oval:org.mitre.oval:def:194",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-026",
"name" : "MS03-026",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message, as exploited by the Blaster/MSblast/LovSAN and Nachi/Welchia worms."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:r2:*:64-bit:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-18T04:00Z",
"lastModifiedDate" : "2019-04-30T14:27Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0353",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/8455",
"name" : "8455",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=ntbugtraq&m=106251069107953&w=2",
"name" : "20030821 AppSecInc Security Alert: Buffer Overflow in UDP broadcasts for Microsoft SQL Server client utilities",
"refsource" : "NTBUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106149556627778&w=2",
"name" : "20030821 AppSecInc Security Alert: Buffer Overflow in UDP broadcasts for Microsoft SQL Server client utilities",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A962",
"name" : "oval:org.mitre.oval:def:962",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A961",
"name" : "oval:org.mitre.oval:def:961",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6954",
"name" : "oval:org.mitre.oval:def:6954",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1039",
"name" : "oval:org.mitre.oval:def:1039",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-033",
"name" : "MS03-033",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in a component of SQL-DMO for Microsoft Data Access Components (MDAC) 2.5 through 2.7 allows remote attackers to execute arbitrary code via a long response to a broadcast request to UDP port 1434."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:data_access_components:2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:data_access_components:2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:data_access_components:2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:data_access_components:2.6:gold:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:data_access_components:2.1.1.3711.11:ga:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:data_access_components:2.12.4202.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:data_access_components:2.6:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:data_access_components:2.6:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:data_access_components:1.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:data_access_components:2.5:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:data_access_components:2.5:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:data_access_components:2.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:data_access_components:2.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:data_access_components:2.7:gold:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:data_access_components:2.5:gold:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2018-10-12T21:32Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0354",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-181.html",
"name" : "RHSA-2003:181",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-182.html",
"name" : "RHSA-2003:182",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:065",
"name" : "MDKSA-2003:065",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105465818929172&w=2",
"name" : "20030603 [OpenPKG-SA-2003.030] OpenPKG Security Advisory (ghostscript)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A133",
"name" : "oval:org.mitre.oval:def:133",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unknown vulnerability in GNU Ghostscript before 7.07 allows attackers to execute arbitrary commands, even when -dSAFER is enabled, via a PostScript file that causes the commands to be executed from a malicious print job."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:linux:8.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:linux:9.0:*:i386:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:linux:7.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-16T04:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0355",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/320707",
"name" : "20030507 Problem: Multiple Web Browsers do not do not validate CN on certificates.",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Safari 1.0 Beta 2 (v73) and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:kde:konqueror_embedded:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apple:safari:1.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-09T04:00Z",
"lastModifiedDate" : "2008-09-05T20:34Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0356",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.ethereal.com/appnotes/enpa-sa-00009.html",
"name" : "http://www.ethereal.com/appnotes/enpa-sa-00009.html",
"refsource" : "CONFIRM",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-313",
"name" : "DSA-313",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/641013",
"name" : "VU#641013",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-077.html",
"name" : "RHSA-2003:077",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:067",
"name" : "MDKSA-2003:067",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A69",
"name" : "oval:org.mitre.oval:def:69",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple off-by-one vulnerabilities in Ethereal 0.9.11 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) AIM, (2) GIOP Gryphon, (3) OSPF, (4) PPTP, (5) Quake, (6) Quake2, (7) Quake3, (8) Rsync, (9) SMB, (10) SMPP, and (11) TSP dissectors, which do not properly use the tvb_get_nstringz and tvb_get_nstringz0 functions."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "0.9.11",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-09T04:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0357",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.ethereal.com/appnotes/enpa-sa-00009.html",
"name" : "http://www.ethereal.com/appnotes/enpa-sa-00009.html",
"refsource" : "CONFIRM",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-313",
"name" : "DSA-313",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/232164",
"name" : "VU#232164",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/361700",
"name" : "VU#361700",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://rhn.redhat.com/errata/RHSA-2003-077.html",
"name" : "RHSA-2003:077",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/7494",
"name" : "7494",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/7495",
"name" : "7495",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:067",
"name" : "MDKSA-2003:067",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A73",
"name" : "oval:org.mitre.oval:def:73",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple integer overflow vulnerabilities in Ethereal 0.9.11 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) Mount and (2) PPP dissectors."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "0.9.11",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-09T04:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0358",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-120"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/311172/2003-02-08/2003-02-14/0",
"name" : "20030209 #!ICadv-02.09.03: nethack 3.4.0 local buffer overflow",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ]
}, {
"url" : "http://nethack.sourceforge.net/v340/bugmore/secpatch.txt",
"name" : "http://nethack.sourceforge.net/v340/bugmore/secpatch.txt",
"refsource" : "CONFIRM",
"tags" : [ "Patch", "Third Party Advisory" ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-316",
"name" : "DSA-316",
"refsource" : "DEBIAN",
"tags" : [ "Third Party Advisory" ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-350",
"name" : "DSA-350",
"refsource" : "DEBIAN",
"tags" : [ "Third Party Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/6806",
"name" : "6806",
"refsource" : "BID",
"tags" : [ "Third Party Advisory", "VDB Entry" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11283",
"name" : "nethack-s-command-bo(11283)",
"refsource" : "XF",
"tags" : [ "Third Party Advisory", "VDB Entry" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in (1) nethack 3.4.0 and earlier, and (2) falconseye 1.9.3 and earlier, which is based on nethack, allows local users to gain privileges via a long -s command line option."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:falconseye_project:falconseye:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "1.9.3",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:nethack:nethack:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "3.4.0",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:debian:debian_linux:2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-09T04:00Z",
"lastModifiedDate" : "2020-12-09T15:15Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0359",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-316",
"name" : "DSA-316",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "nethack 3.4.0 and earlier installs certain setgid binaries with insecure permissions, which allows local users to gain privileges by replacing the original binaries with malicious code."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:stichting_mathematisch_centrum:nethack:3.4.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-07-24T04:00Z",
"lastModifiedDate" : "2008-09-05T20:34Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0360",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-307",
"name" : "DSA-307",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://gps.seul.org/changelog.html",
"name" : "http://gps.seul.org/changelog.html",
"refsource" : "CONFIRM",
"tags" : [ "Patch" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple buffer overflows in gPS before 1.0.0 allow attackers to cause a denial of service and possibly execute arbitrary code."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:debian:debian_linux:0.9.2:*:woody_gps_package:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:debian:debian_linux:0.9.3:*:woody_gps_package:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:debian:debian_linux:0.9.4:*:woody_gps_package:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:debian:debian_linux:0.9.1:*:woody_gps_package:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-09T04:00Z",
"lastModifiedDate" : "2008-09-05T20:34Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0361",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-307",
"name" : "DSA-307",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://gps.seul.org/changelog.html",
"name" : "http://gps.seul.org/changelog.html",
"refsource" : "CONFIRM",
"tags" : [ "Patch" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "gPS before 1.1.0 does not properly follow the rgpsp connection source acceptation policy as specified in the rgpsp.conf file, which could allow unauthorized remote attackers to connect to rgpsp."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:debian:debian_linux:0.9.2:*:woody_gps_package:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:debian:debian_linux:0.9.4:*:woody_gps_package:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:debian:debian_linux:0.9.1:*:woody_gps_package:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:debian:debian_linux:0.9.3:*:woody_gps_package:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-09T04:00Z",
"lastModifiedDate" : "2008-09-05T20:34Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0362",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-307",
"name" : "DSA-307",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://gps.seul.org/changelog.html",
"name" : "http://gps.seul.org/changelog.html",
"refsource" : "CONFIRM",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in gPS before 0.10.2 may allow local users to cause a denial of service (SIGSEGV) in rgpsp via long command lines."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:debian:debian_linux:0.9.4:*:woody_gps_package:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:debian:debian_linux:0.9.1:*:woody_gps_package:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:debian:debian_linux:0.9.2:*:woody_gps_package:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:debian:debian_linux:0.9.3:*:woody_gps_package:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-09T04:00Z",
"lastModifiedDate" : "2008-09-05T20:34Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0363",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://csdl.computer.org/comp/proceedings/hicss/2004/2056/09/205690277.pdf",
"name" : "http://csdl.computer.org/comp/proceedings/hicss/2004/2056/09/205690277.pdf",
"refsource" : "MISC",
"tags" : [ "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Format string vulnerability in LICQ 1.2.6, 1.0.3 and possibly other versions allows remote attackers to perform unknown actions via format string specifiers."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:licq:licq:1.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:licq:licq:1.2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:34Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0364",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-187.html",
"name" : "RHSA-2003:187",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-311",
"name" : "DSA-311",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.turbolinux.com/security/TLSA-2003-41.txt",
"name" : "TLSA-2003-41",
"refsource" : "TURBO",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-195.html",
"name" : "RHSA-2003:195",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-198.html",
"name" : "RHSA-2003:198",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-312",
"name" : "DSA-312",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-332",
"name" : "DSA-332",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-336",
"name" : "DSA-336",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2004/dsa-442",
"name" : "DSA-442",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A295",
"name" : "oval:org.mitre.oval:def:295",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The TCP/IP fragment reassembly handling in the Linux kernel 2.4 allows remote attackers to cause a denial of service (CPU consumption) via certain packets that cause a large number of hash table collisions."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:linux:7.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:linux:8.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:linux:9.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-16T04:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0365",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=105427404625027&w=2",
"name" : "20030529 ICQLite executable trojaning",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "ICQLite 2003a creates the ICQ Lite directory with an ACE for \"Full Control\" privileges for Interactive Users, which allows local users to gain privileges as other users by replacing the executables with malicious programs."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:icq_inc:icqlite:2003a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-16T04:00Z",
"lastModifiedDate" : "2016-10-18T02:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0366",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-318",
"name" : "DSA-318",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "lyskom-server 2.0.7 and earlier allows unauthenticated users to cause a denial of service (CPU consumption) via a large query."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:lysator:lyskom-server:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "2.0.7",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-07-24T04:00Z",
"lastModifiedDate" : "2008-09-05T20:34Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0367",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-20"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-308",
"name" : "DSA-308",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Third Party Advisory" ]
}, {
"url" : "http://www.openpkg.org/security/OpenPKG-SA-2003.031-gzip.html",
"name" : "http://www.openpkg.org/security/OpenPKG-SA-2003.031-gzip.html",
"refsource" : "CONFIRM",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.turbolinux.com/security/TLSA-2003-38.txt",
"name" : "TLSA-2003-38",
"refsource" : "TURBO",
"tags" : [ "Patch", "Third Party Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7872",
"name" : "7872",
"refsource" : "BID",
"tags" : [ "Third Party Advisory", "VDB Entry" ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:068",
"name" : "MDKSA-2003:068",
"refsource" : "MANDRAKE",
"tags" : [ "Third Party Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "znew in the gzip package allows local users to overwrite arbitrary files via a symlink attack on temporary files."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:gzip:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "1.3.5",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:debian:debian_linux:2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 2.1
},
"severity" : "LOW",
"exploitabilityScore" : 3.9,
"impactScore" : 2.9,
"acInsufInfo" : false,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-07-02T04:00Z",
"lastModifiedDate" : "2019-05-23T14:04Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0368",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-20"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.kb.cert.org/vuls/id/924812",
"name" : "VU#924812",
"refsource" : "CERT-VN",
"tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.securityfocus.com/bid/7854",
"name" : "7854",
"refsource" : "BID",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.atstake.com/research/advisories/2003/a060903-1.txt",
"name" : "A060903-1",
"refsource" : "ATSTAKE",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12221",
"name" : "nokia-ggsn-ip-dos(12221)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Nokia Gateway GPRS support node (GGSN) allows remote attackers to cause a denial of service (kernel panic) via a malformed IP packet with a 0xFF TCP option."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:nokia:ggsn:release_1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-02-03T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0370",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.kde.org/info/security/advisory-20030602-1.txt",
"name" : "http://www.kde.org/info/security/advisory-20030602-1.txt",
"refsource" : "CONFIRM",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/archive/1/320707",
"name" : "20030507 Problem: Multiple Web Browsers do not do not validate CN on certificates.",
"refsource" : "BUGTRAQ",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-192.html",
"name" : "RHSA-2003:192",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.turbolinux.com/security/TLSA-2003-36.txt",
"name" : "TLSA-2003-36",
"refsource" : "TURBO",
"tags" : [ ]
}, {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-May/004983.html",
"name" : "20030510 [forward]Apple Safari and Konqueror Embedded Common Name Verification Vulnerability",
"refsource" : "FULLDISC",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-193.html",
"name" : "RHSA-2003:193",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-361",
"name" : "DSA-361",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/7520",
"name" : "7520",
"refsource" : "BID",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apple:safari:1.0:beta:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:kde:konqueror_embedded:0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apple:safari:1.0:beta2:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:turbolinux:turbolinux_server:8.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:turbolinux:turbolinux_workstation:8.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:linux:7.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:turbolinux:turbolinux_server:7.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:turbolinux:turbolinux_workstation:7.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:kde:kde:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "2.2.2",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-16T04:00Z",
"lastModifiedDate" : "2008-09-10T19:18Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0371",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=105370592729044&w=2",
"name" : "20030522 Prishtina FTP v.1.*: remote DoS",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in Prishtina FTP client 1.x allows remote FTP servers to cause a denial of service (crash) and possibly execute arbitrary code via a long FTP banner."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:prishtina_soft:prishtina_ftp:v.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-16T04:00Z",
"lastModifiedDate" : "2016-10-18T02:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0372",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-189"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/7664",
"name" : "7664",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105364059803427&w=2",
"name" : "20030522 Potential security vulnerability in Nessus",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105369506714849&w=2",
"name" : "20030523 nessus NASL scripting engine security issues",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Signed integer vulnerability in libnasl in Nessus before 2.0.6 allows local users with plugin upload privileges to cause a denial of service (core dump) and possibly execute arbitrary code by causing a negative argument to be provided to the insstr function as used in a NASL script."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:nessus:nessus:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "2.0.5",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-16T04:00Z",
"lastModifiedDate" : "2016-10-18T02:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0373",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-119"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/7664",
"name" : "7664",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105364059803427&w=2",
"name" : "20030522 Potential security vulnerability in Nessus",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105369506714849&w=2",
"name" : "20030523 nessus NASL scripting engine security issues",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple buffer overflows in libnasl in Nessus before 2.0.6 allow local users with plugin upload privileges to cause a denial of service (core dump) and possibly execute arbitrary code via (1) a long proto argument to the scanner_add_port function, (2) a long user argument to the ftp_log_in function, (3) a long pass argument to the ftp_log_in function."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:nessus:nessus:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "2.0.5",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.4
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.4,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-16T04:00Z",
"lastModifiedDate" : "2016-10-18T02:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0374",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-noinfo"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/7664",
"name" : "7664",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105364059803427&w=2",
"name" : "20030522 Potential security vulnerability in Nessus",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple unknown vulnerabilities in Nessus before 2.0.6, in libnessus and possibly libnasl, a different set of vulnerabilities than those identified by CVE-2003-0372 and CVE-2003-0373, aka \"similar issues in other nasl functions as well as in libnessus.\""
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:nessus:nessus:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "2.0.5",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"acInsufInfo" : true,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-16T04:00Z",
"lastModifiedDate" : "2016-10-18T02:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0375",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/7662",
"name" : "7662",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://forums.xmbforum.com/viewthread.php?tid=773046",
"name" : "http://forums.xmbforum.com/viewthread.php?tid=773046",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105363936402228&w=2",
"name" : "20030522 XMB 1.8 Partagium cross site scripting vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://docs.xmbforum2.com/index.php?title=Security_Issue_History",
"name" : "https://docs.xmbforum2.com/index.php?title=Security_Issue_History",
"refsource" : "MISC",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in member.php of XMBforum XMB 1.8.x (aka Partagium) allows remote attackers to insert arbitrary HTML and web script via the \"member\" parameter."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xmb_forum:xmb:1.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xmb_forum:xmb:1.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xmb_forum:xmb:1.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-16T04:00Z",
"lastModifiedDate" : "2021-04-29T15:15Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0376",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=105370625529452&w=2",
"name" : "20030523 Eudora 5.2.1 buffer overflow DoS",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in Eudora 5.2.1 allows remote attackers to cause a denial of service (crash and failed restart) and possibly execute arbitrary code via an Attachment Converted argument with a large number of . (dot) characters."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:qualcomm:eudora:5.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-16T04:00Z",
"lastModifiedDate" : "2016-10-18T02:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0377",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=105370528728225&w=2",
"name" : "20030523 iisPROTECT SQL injection in admin interface",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "SQL injection vulnerability in the web-based administration interface for iisPROTECT 2.2-r4, and possibly earlier versions, allows remote attackers to insert arbitrary SQL and execute code via certain variables, as demonstrated using the GroupName variable in SiteAdmin.ASP."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:iisprotect:iisprotect:2.2_r4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-16T04:00Z",
"lastModifiedDate" : "2016-10-18T02:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0378",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.kb.cert.org/vuls/id/467828",
"name" : "VU#467828",
"refsource" : "CERT-VN",
"tags" : [ "Exploit", "Patch", "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://docs.info.apple.com/article.html?artnum=107579",
"name" : "http://docs.info.apple.com/article.html?artnum=107579",
"refsource" : "CONFIRM",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The Kerberos login authentication feature in Mac OS X, when used with an LDAPv3 server and LDAP bind authentication, may send cleartext passwords to the LDAP server when the AuthenticationAuthority attribute is not set."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "10.2",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-16T04:00Z",
"lastModifiedDate" : "2008-09-05T20:34Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0379",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://lists.apple.com/mhonarc/security-announce/msg00030.html",
"name" : "http://lists.apple.com/mhonarc/security-announce/msg00030.html",
"refsource" : "CONFIRM",
"tags" : [ "Patch", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unknown vulnerability in Apple File Service (AFP Server) for Mac OS X Server, when sharing files on a UFS or re-shared NFS volume, allows remote attackers to overwrite arbitrary files."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apple:afp_server:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-07-24T04:00Z",
"lastModifiedDate" : "2011-03-08T02:12Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0380",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/82/323886/2003-06-02/2003-06-08/0",
"name" : "20030604 possible remote buffer overflow in atftpd",
"refsource" : "VULN-DEV",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-06/0056.html",
"name" : "20030606 atftpd bug",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-314",
"name" : "DSA-314",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in atftp daemon (atftpd) 0.6.1 and earlier, and possibly later versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long filename."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:atftpd:atftpd:0.6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:atftpd:atftpd:0.6.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-07-02T04:00Z",
"lastModifiedDate" : "2008-09-05T20:34Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0381",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-323",
"name" : "DSA-323",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple vulnerabilities in noweb 2.9 and earlier creates temporary files insecurely, which allows local users to overwrite arbitrary files via multiple vectors including the noroff script."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:norman_ramsey:noweb:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "2.9",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 2.1
},
"severity" : "LOW",
"exploitabilityScore" : 3.9,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-07-24T04:00Z",
"lastModifiedDate" : "2008-09-05T20:34Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0382",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-309",
"name" : "DSA-309",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7708",
"name" : "7708",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105427580626001&w=2",
"name" : "20030509 BAZARR CODE NINER PINK TEAM GO GO GO",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in Eterm 0.9.2 allows local users to gain privileges via a long ETERMPATH environment variable."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:michael_jennings:eterm:0.9.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:michael_jennings:eterm:0.9.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:debian:debian_linux:2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-07-02T04:00Z",
"lastModifiedDate" : "2016-10-18T02:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0385",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-310",
"name" : "DSA-310",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105491469815197&w=2",
"name" : "20030605 BAZARR LOCAL ROOT AGAIN. HI GUYS. DONT READ THIS",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in xaos 3.0-23 and earlier, when running setuid, allows local users to gain root privileges via a long -language option."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:debian:debian_linux:3.0.23:*:woody:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:debian:debian_linux:3.0.18:*:potato:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-07-02T04:00Z",
"lastModifiedDate" : "2016-10-18T02:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0386",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/324016/2003-06-03/2003-06-09/0",
"name" : "20030605 OpenSSH remote clent address restriction circumvention",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/978316",
"name" : "VU#978316",
"refsource" : "CERT-VN",
"tags" : [ "Exploit", "Patch", "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://lists.apple.com/mhonarc/security-announce/msg00038.html",
"name" : "http://lists.apple.com/mhonarc/security-announce/msg00038.html",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0298.html",
"name" : "RHSA-2006:0298",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/7831",
"name" : "7831",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/21129",
"name" : "21129",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc",
"name" : "20060703-01-P",
"refsource" : "SGI",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/21262",
"name" : "21262",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-174.htm",
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-174.htm",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/21724",
"name" : "21724",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0698.html",
"name" : "RHSA-2006:0698",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/22196",
"name" : "22196",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html",
"name" : "http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html",
"name" : "http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/23680",
"name" : "23680",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9894",
"name" : "oval:org.mitre.oval:def:9894",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP addresses and with VerifyReverseMapping disabled, allows remote attackers to bypass \"from=\" and \"user@host\" address restrictions by connecting to a host from a system whose reverse DNS hostname contains the numeric IP address."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openbsd:openssh:3.6.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-07-02T04:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0388",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.idefense.com/advisory/06.16.03.txt",
"name" : "http://www.idefense.com/advisory/06.16.03.txt",
"refsource" : "MISC",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2004-304.html",
"name" : "RHSA-2004:304",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105577915506761&w=2",
"name" : "20030616 FW: iDEFENSE Security Advisory 06.16.03: Linux-PAM getlogin() Spoofing",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "pam_wheel in Linux-PAM 0.78, with the trust option enabled and the use_uid option disabled, allows local users to spoof log entries and gain privileges by causing getlogin() to return a spoofed user name."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:andrew_morgan:linux_pam:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "0.77",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-07-24T04:00Z",
"lastModifiedDate" : "2016-10-18T02:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0389",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0112.html",
"name" : "20030619 R7-0014: RSA SecurID ACE Agent Cross Site Scripting",
"refsource" : "VULNWATCH",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.rapid7.com/advisories/R7-0014.html",
"name" : "http://www.rapid7.com/advisories/R7-0014.html",
"refsource" : "MISC",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in the secure redirect function of RSA ACE/Agent 5.0 for Windows, and 5.x for Web, allows remote attackers to insert arbitrary web script and possibly cause users to enter a passphrase via a GET request containing the script."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:rsa:ace_agent:5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-07-24T04:00Z",
"lastModifiedDate" : "2008-09-05T20:34Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0390",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://nis-www.lanl.gov/~jt/Software/opt/opt-3.19.tar.gz",
"name" : "http://nis-www.lanl.gov/~jt/Software/opt/opt-3.19.tar.gz",
"refsource" : "CONFIRM",
"tags" : [ "Patch" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105121918523320&w=2",
"name" : "20030424 SRT2003-04-24-1532 - Options Parsing Tool library buffer overflows.",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105371246204866&w=2",
"name" : "20030523 Re: Options Parsing Tool library buffer overflows.",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple buffer overflows in Options Parsing Tool (OPT) shared library 3.18 and earlier, when used in setuid programs, may allow local users to execute arbitrary code via long command line options that are fed into macros such as opt_warn_2, as used in functions such as opt_atoi."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:james_theiler:opt:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "3.18",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-07-02T04:00Z",
"lastModifiedDate" : "2016-10-18T02:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0391",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.magicwinmail.net/changelog.asp",
"name" : "http://www.magicwinmail.net/changelog.asp",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105370528428222&w=2",
"name" : "20030523 Magic Winmail Server",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Format string vulnerability in Magic WinMail Server 2.3, and possibly other 2.x versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the PASS command."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:amax_information_technologies:magic_winmail_server:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "2.3",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-07-02T04:00Z",
"lastModifiedDate" : "2016-10-18T02:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0392",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=105372353017778&w=2",
"name" : "20030523 ST FTP Service v3.0: directory traversal",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Directory traversal vulnerability in ST FTP Service 3.0 allows remote attackers to list arbitrary directories via a CD command with a DoS drive letter argument (e.g. E:)."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:st:ftp_service:3.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 6.4
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 4.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-07-02T04:00Z",
"lastModifiedDate" : "2016-10-18T02:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0393",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/7700",
"name" : "7700",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105380229532320&w=2",
"name" : "20030524 Some problems in Privatefirewall 3.0",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Privacyware Privatefirewall 3.0 does not block certain incoming packets when in \"Filter Internet Traffic\" or Deny Internet Traffic\" modes, which allows remote attackers to identify running services via FIN scans or Xmas scans."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:privacyware:privatefirewall:3.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-07-02T04:00Z",
"lastModifiedDate" : "2016-10-18T02:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0394",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/7677",
"name" : "7677",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105379530927567&w=2",
"name" : "20030524 PHP source code injection in BLNews",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "objects.inc.php4 in BLNews 2.1.3 allows remote attackers to execute arbitrary PHP code via a Server[path] parameter that points to malicious code on an attacker-controlled web site."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:blnews:blnews:2.1.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-07-02T04:00Z",
"lastModifiedDate" : "2016-10-18T02:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0395",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://f0kp.iplus.ru/bz/024.en.txt",
"name" : "http://f0kp.iplus.ru/bz/024.en.txt",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105379741528925&w=2",
"name" : "20030524 UPB: Discussion Board/Web-Site Takeover",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Ultimate PHP Board (UPB) 1.9 allows remote attackers to execute arbitrary PHP code with UPB administrator privileges via an HTTP request containing the code in the User-Agent header, which is executed when the administrator executes admin_iplog.php."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php_outburst:ultimate_php_board_upb:1.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-07-02T04:00Z",
"lastModifiedDate" : "2016-10-18T02:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0396",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securiteam.com/exploits/5EP0M1P9PO.html",
"name" : "http://www.securiteam.com/exploits/5EP0M1P9PO.html",
"refsource" : "MISC",
"tags" : [ "Exploit" ]
}, {
"url" : "http://sourceforge.net/project/shownotes.php?release_id=156242",
"name" : "http://sourceforge.net/project/shownotes.php?release_id=156242",
"refsource" : "MISC",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.securityfocus.com/bid/7437",
"name" : "7437",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105154433926396&w=2",
"name" : "20030428 ATM on Linux Exploit Code Release (les, local)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105405560021979&w=2",
"name" : "20030524 ATM on linux Exploit(les,local)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11903",
"name" : "atmonlinux-les-command-bo(11903)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in les for ATM on Linux (linux-atm) before 2.4.1, if used setuid, allows local users to gain privileges via a long -f command line argument."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:linux-atm:linux-atm:2.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-07-02T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0397",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.iss.net/security_center/static/12086.php",
"name" : "fastrack-packet-0-bo(12086)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/7680",
"name" : "7680",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105405708923565&w=2",
"name" : "20030526 The PACKET 0' DEATH FastTrack network vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in FastTrack (FT) network code, as used in Kazaa 2.0.2 and possibly other versions and products, allows remote attackers to execute arbitrary code via a packet containing a large list of supernodes, aka \"Packet 0' death.\""
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sharman_networks:kazaa:v2.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-07-02T04:00Z",
"lastModifiedDate" : "2016-10-18T02:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0398",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.s21sec.com/es/avisos/s21sec-016-en.txt",
"name" : "http://www.s21sec.com/es/avisos/s21sec-016-en.txt",
"refsource" : "MISC",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.iss.net/security_center/static/12077.php",
"name" : "vignette-ssi-command-execution(12077)",
"refsource" : "XF",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7685",
"name" : "7685",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105405734223874&w=2",
"name" : "20030526 S21SEC-016 - Vignette SSI Injection",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Vignette StoryServer 4 and 5, and Vignette V/5 and V/6, with the SSI EXEC feature enabled, allows remote attackers to execute arbitrary code via a text variable to a Vignette Application that is later displayed."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:vignette:vignette:5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:vignette:storyserver:4.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:vignette:storyserver:4.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:vignette:storyserver:5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:vignette:content_suite:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:vignette:content_suite:7.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-07-02T04:00Z",
"lastModifiedDate" : "2016-10-18T02:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0399",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.s21sec.com/es/avisos/s21sec-017-en.txt",
"name" : "http://www.s21sec.com/es/avisos/s21sec-017-en.txt",
"refsource" : "MISC",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.iss.net/security_center/static/12076.php",
"name" : "vignette-save-obtain-information(12076)",
"refsource" : "XF",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7683",
"name" : "7683",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105405874325673&w=2",
"name" : "20030526 S21SEC-017 - Vignette /vgn/legacy/save SQL access",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Vignette StoryServer 4 and 5, Vignette V/5, and possibly other versions allows remote attackers to perform unauthorized SELECT queries by setting the vgn_creds cookie to an arbitrary value and directly accessing the save template."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:vignette:content_suite:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:vignette:content_suite:7.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:vignette:storyserver:5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:vignette:vignette:5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:vignette:storyserver:4.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:vignette:storyserver:4.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 6.4
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 4.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-07-02T04:00Z",
"lastModifiedDate" : "2016-10-18T02:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0400",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.s21sec.com/es/avisos/s21sec-018-en.txt",
"name" : "http://www.s21sec.com/es/avisos/s21sec-018-en.txt",
"refsource" : "MISC",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.iss.net/security_center/static/12075.php",
"name" : "vignette-memory-leak(12075)",
"refsource" : "XF",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7684",
"name" : "7684",
"refsource" : "BID",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105405985126857&w=2",
"name" : "20030526 S21SEC-018 - Vignette memory leak AIX Platform",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Vignette StoryServer and Vignette V/5 does not properly calculate the size of text variables, which causes Vignette to return unauthorized portions of memory, as demonstrated using the \"-->\" string in a CookieName argument to the login template, referred to as a \"memory leak\" in some reports."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:vignette:content_suite:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:vignette:storyserver:4.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:vignette:storyserver:4.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:vignette:vignette:5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:vignette:storyserver:4.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:vignette:storyserver:5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-30T04:00Z",
"lastModifiedDate" : "2016-10-18T02:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0401",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.s21sec.com/es/avisos/s21sec-019-en.txt",
"name" : "http://www.s21sec.com/es/avisos/s21sec-019-en.txt",
"refsource" : "MISC",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.iss.net/security_center/static/12074.php",
"name" : "vignette-style-info-disclosure(12074)",
"refsource" : "XF",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7688",
"name" : "7688",
"refsource" : "BID",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105405793324661&w=2",
"name" : "20030526 S21SEC-019 - Vignette /vgn/style internal information leak",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Vignette StoryServer and Vignette V/5 allows remote attackers to obtain sensitive information via a request for the /vgn/style template."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:vignette:content_suite:5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:vignette:content_suite:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:vignette:content_suite:7.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:vignette:storyserver:4.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:vignette:storyserver:4.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:vignette:storyserver:5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:vignette:vignette:5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-30T04:00Z",
"lastModifiedDate" : "2016-10-18T02:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0402",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.s21sec.com/en/avisos/s21sec-020-en.txt",
"name" : "http://www.s21sec.com/en/avisos/s21sec-020-en.txt",
"refsource" : "MISC",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.iss.net/security_center/static/12073.php",
"name" : "vignette-login-account-bruteforce(12073)",
"refsource" : "XF",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7691",
"name" : "7691",
"refsource" : "BID",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105405880325755&w=2",
"name" : "20030526 S21SEC-020 - Vignette user enumeration",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The default login template (/vgn/login) in Vignette StoryServer 5 and Vignette V/5 generates different responses whether a user exists or not, which allows remote attackers to identify valid usernames via brute force attacks."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:vignette:content_suite:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:vignette:content_suite:7.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:vignette:storyserver:4.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:vignette:storyserver:4.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:vignette:content_suite:5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:vignette:storyserver:5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:vignette:vignette:5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-30T04:00Z",
"lastModifiedDate" : "2016-10-18T02:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0403",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.s21sec.com/es/avisos/s21sec-021-en.txt",
"name" : "http://www.s21sec.com/es/avisos/s21sec-021-en.txt",
"refsource" : "MISC",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.iss.net/security_center/static/12072.php",
"name" : "vignette-license-modification(12072)",
"refsource" : "XF",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7694",
"name" : "7694",
"refsource" : "BID",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105405789924612&w=2",
"name" : "20030526 S21SEC-021 - Vignette License access and modification",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Vignette StoryServer 5 and Vignette V/5 allows remote attackers to read and modify license information, and cause a denial of service (service halt) by directly accessing the /vgn/license template."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:vignette:content_suite:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:vignette:content_suite:7.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:vignette:storyserver:4.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:vignette:storyserver:4.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:vignette:content_suite:5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:vignette:storyserver:5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:vignette:vignette:5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-30T04:00Z",
"lastModifiedDate" : "2016-10-18T02:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0404",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.s21sec.com/es/avisos/s21sec-023-en.txt",
"name" : "http://www.s21sec.com/es/avisos/s21sec-023-en.txt",
"refsource" : "MISC",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.iss.net/security_center/static/12071.php",
"name" : "vignette-multiple-xss(12071)",
"refsource" : "XF",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7687",
"name" : "7687",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105406028027360&w=2",
"name" : "20030526 S21SEC-023 - Vignette multiple Cross Site Scripting vulnerabilities",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple Cross Site Scripting (XSS) vulnerabilities in Vignette StoryServer 4 and 5, and Vignette V/5 and V/6, allow remote attackers to insert arbitrary HTML and script via text variables, as demonstrated using the errInfo parameter of the default login template."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:vignette:content_suite:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:vignette:content_suite:7.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:vignette:storyserver:4.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:vignette:storyserver:4.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:vignette:storyserver:5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:vignette:content_suite:5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:vignette:vignette:5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-30T04:00Z",
"lastModifiedDate" : "2016-10-18T02:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0405",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.s21sec.com/es/avisos/s21sec-024-en.txt",
"name" : "http://www.s21sec.com/es/avisos/s21sec-024-en.txt",
"refsource" : "MISC",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.iss.net/security_center/static/12070.php",
"name" : "vignette-tcl-code-execution(12070)",
"refsource" : "XF",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7690",
"name" : "7690",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7692",
"name" : "7692",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105405922826197&w=2",
"name" : "20030526 S21SEC-024 - Vignette TCL Injection",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Vignette StoryServer 5 and Vignette V/6 allows remote attackers to execute arbitrary TCL code via (1) an HTTP query or cookie which is processed in the NEEDS command, or (2) an HTTP Referrer that is processed in the VALID_PATHS command."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:vignette:content_suite:6.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:vignette:storyserver:5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:vignette:content_suite:5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:vignette:content_suite:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:vignette:content_suite:6.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:vignette:content_suite:6.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:vignette:vignette:5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-30T04:00Z",
"lastModifiedDate" : "2016-10-18T02:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0406",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.iss.net/security_center/static/12083.php",
"name" : "palmvnc-plaintext-passwords(12083)",
"refsource" : "XF",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7696",
"name" : "7696",
"refsource" : "BID",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105405691423389&w=2",
"name" : "20030526 PalmVNC 1.40 Insecure Records",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "PalmVNC 1.40 and earlier stores passwords in plaintext in the PalmVNCDB, which is backed up to PCs that the Palm is synchronized with, which could allow attackers to gain privileges."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:palmvnc:palmvnc:1.40:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-30T04:00Z",
"lastModifiedDate" : "2016-10-18T02:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0407",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.iss.net/security_center/static/12087.php",
"name" : "batalla-naval-bo(12087)",
"refsource" : "XF",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7699",
"name" : "7699",
"refsource" : "BID",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105405668423102&w=2",
"name" : "20030526 [Priv8security_Advisory]_Batalla_Naval_remote_overflow",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in gbnserver for Gnome Batalla Naval 1.0.4 allows remote attackers to execute arbitrary code via a long connection string."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnome:batalla_naval:1.0_4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-30T04:00Z",
"lastModifiedDate" : "2016-10-18T02:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0408",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.iss.net/security_center/static/12131.php",
"name" : "upclient-command-line-bo(12131)",
"refsource" : "XF",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7703",
"name" : "7703",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105405629622652&w=2",
"name" : "20030527 NuxAcid#002 - Buffer Overflow in UpClient",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in Uptime Client (UpClient) 5.0b7, and possibly other versions, allows local users to gain privileges via a long -p argument."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:the_uptimes_project:upclient:5.0b7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-30T04:00Z",
"lastModifiedDate" : "2016-10-18T02:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0409",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.iss.net/security_center/static/12107.php",
"name" : "webweaver-head-post-bo(12107)",
"refsource" : "XF",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7695",
"name" : "7695",
"refsource" : "BID",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105405836025160&w=2",
"name" : "20030527 BRS WebWeaver: POST and HEAD Overflaws",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in BRS WebWeaver 1.04 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP (1) POST or (2) HEAD request."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:brs:webweaver:1.0.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-30T04:00Z",
"lastModifiedDate" : "2016-10-18T02:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0410",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0082.html",
"name" : "20030526 NII Advisory - Buffer Overflow in Analogx Proxy",
"refsource" : "VULNWATCH",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.analogx.com/contents/download/network/proxy.htm",
"name" : "http://www.analogx.com/contents/download/network/proxy.htm",
"refsource" : "CONFIRM",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.iss.net/security_center/static/12068.php",
"name" : "analogx-proxy-url-bo(12068)",
"refsource" : "XF",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7681",
"name" : "7681",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105406759403978&w=2",
"name" : "20030526 NII Advisory - Buffer Overflow in Analogx Proxy",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in AnalogX Proxy 4.13 allows remote attackers to execute arbitrary code via a long URL to port 6588."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:analogx:proxy:4.13:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-30T04:00Z",
"lastModifiedDate" : "2016-10-18T02:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0411",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F55221&zone_32=category%3Asecurity",
"name" : "55221",
"refsource" : "SUNALERT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.ciac.org/ciac/bulletins/n-103.shtml",
"name" : "N-103",
"refsource" : "CIAC",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.iss.net/security_center/static/12093.php",
"name" : "sunone-jsp-source-disclosure(12093)",
"refsource" : "XF",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7709",
"name" : "7709",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.spidynamics.com/sunone_alert.html",
"name" : "http://www.spidynamics.com/sunone_alert.html",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000610.1-1",
"name" : "1000610",
"refsource" : "SUNALERT",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105409846029475&w=2",
"name" : "20030526 Multiple Vulnerabilities in Sun-One Application Server",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Sun ONE Application Server 7.0 for Windows 2000/XP allows remote attackers to obtain JSP source code via a request that uses the uppercase \".JSP\" extension instead of the lowercase .jsp extension."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:one_application_server:7.0:*:platform:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:one_application_server:7.0:*:standard:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-30T04:00Z",
"lastModifiedDate" : "2016-10-18T02:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0412",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F55221&zone_32=category%3Asecurity",
"name" : "55221",
"refsource" : "SUNALERT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.ciac.org/ciac/bulletins/n-103.shtml",
"name" : "N-103",
"refsource" : "CIAC",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7711",
"name" : "7711",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.spidynamics.com/sunone_alert.html",
"name" : "http://www.spidynamics.com/sunone_alert.html",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000610.1-1",
"name" : "1000610",
"refsource" : "SUNALERT",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105409846029475&w=2",
"name" : "20030526 Multiple Vulnerabilities in Sun-One Application Server",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Sun ONE Application Server 7.0 for Windows 2000/XP does not log the complete URI of a long HTTP request, which could allow remote attackers to hide malicious activities."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:one_application_server:7.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-30T04:00Z",
"lastModifiedDate" : "2016-10-18T02:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0413",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F55221&zone_32=category%3Asecurity",
"name" : "55221",
"refsource" : "SUNALERT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.ciac.org/ciac/bulletins/n-103.shtml",
"name" : "N-103",
"refsource" : "CIAC",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.iss.net/security_center/static/12095.php",
"name" : "sunone-http-error-xss(12095)",
"refsource" : "XF",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7710",
"name" : "7710",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.spidynamics.com/sunone_alert.html",
"name" : "http://www.spidynamics.com/sunone_alert.html",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57605",
"name" : "57605",
"refsource" : "SUNALERT",
"tags" : [ ]
}, {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201009-1",
"name" : "201009",
"refsource" : "SUNALERT",
"tags" : [ ]
}, {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000610.1-1",
"name" : "1000610",
"refsource" : "SUNALERT",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105409846029475&w=2",
"name" : "20030526 Multiple Vulnerabilities in Sun-One Application Server",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in the webapps-simple sample application for (1) Sun ONE Application Server 7.0 for Windows 2000/XP or (2) Sun Java System Web Server 6.1 allows remote attackers to insert arbitrary web script or HTML via an HTTP request that generates an \"Invalid JSP file\" error, which inserts the text in the resulting error message."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:one_application_server:7.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 6.8
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-30T04:00Z",
"lastModifiedDate" : "2016-10-18T02:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0414",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F55221&zone_32=category%3Asecurity",
"name" : "55221",
"refsource" : "SUNALERT",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.ciac.org/ciac/bulletins/n-103.shtml",
"name" : "N-103",
"refsource" : "CIAC",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.iss.net/security_center/static/12096.php",
"name" : "sunone-insecure-file-permissions(12096)",
"refsource" : "XF",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7712",
"name" : "7712",
"refsource" : "BID",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.spidynamics.com/sunone_alert.html",
"name" : "http://www.spidynamics.com/sunone_alert.html",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000610.1-1",
"name" : "1000610",
"refsource" : "SUNALERT",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105409846029475&w=2",
"name" : "20030526 Multiple Vulnerabilities in Sun-One Application Server",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The installation of Sun ONE Application Server 7.0 for Windows 2000/XP creates a statefile with world-readable permissions, which allows local users to gain privileges by reading a plaintext password in the statefile."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:one_application_server:7.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-30T04:00Z",
"lastModifiedDate" : "2016-10-18T02:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0415",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.ytech.co.il/advisories/rpca/rpcaccess.htm",
"name" : "http://www.ytech.co.il/advisories/rpca/rpcaccess.htm",
"refsource" : "MISC",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7698",
"name" : "7698",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105417988811698&w=2",
"name" : "20030528 Remote PC Access Server 2.2 Vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Remote PC Access Server 2.2 allows remote attackers to cause a denial of service (crash) by receiving packets from the server and sending them back to the server."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:access-remote-pc.com:remote_pc_access:2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-30T04:00Z",
"lastModifiedDate" : "2016-10-18T02:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0416",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.iss.net/security_center/static/12108.php",
"name" : "bandmin-index-xss(12108)",
"refsource" : "XF",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7729",
"name" : "7729",
"refsource" : "BID",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105418152212771&w=2",
"name" : "20030528 Bandmin 1.4 XSS Exploit",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in index.cgi for Bandmin 1.4 allows remote attackers to insert arbitrary HTML or script via (1) the year parameter in a showmonth action, (2) the month parameter in a showmonth action, or (3) the host parameter in a showhost action."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bandmin:bandmin:1.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 6.8
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-30T04:00Z",
"lastModifiedDate" : "2016-10-18T02:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0417",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.iss.net/security_center/static/12103.php",
"name" : "sonhserver-pipe-directory-traversal(12103)",
"refsource" : "XF",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7717",
"name" : "7717",
"refsource" : "BID",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105417983711685&w=2",
"name" : "20030529 Son hServer v0.2: directory traversal",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Directory traversal vulnerability in Son hServer 0.2 allows remote attackers to read arbitrary files via \".|.\" (modified dot-dot) sequences."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:super-m:son_hserver:0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-30T04:00Z",
"lastModifiedDate" : "2016-10-18T02:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0418",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.cartel-securite.fr/pbiondi/adv/CARTSA-20030314-icmpleak.txt",
"name" : "http://www.cartel-securite.fr/pbiondi/adv/CARTSA-20030314-icmpleak.txt",
"refsource" : "MISC",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/471084",
"name" : "VU#471084",
"refsource" : "CERT-VN",
"tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105519179005065&w=2",
"name" : "20030609 Linux 2.0 remote info leak from too big icmp citation",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The Linux 2.0 kernel IP stack does not properly calculate the size of an ICMP citation, which causes it to include portions of unauthorized memory in ICMP error responses."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.0.12:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.0.13:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.0.20:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.0.21:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.0.28:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.0.29:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.0.35:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.0.36:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.0.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.0.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.0.18:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.0.27:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.0.31:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.0.24:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.0.14:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.0.34:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.0.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.0.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.0.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.0.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.0.26:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.0.39:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.0.32:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.0.17:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.0.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.0.16:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.0.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.0.33:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.0.25:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.0.19:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.0.30:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.0.23:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.0.37:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.0.15:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.0.22:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.0.38:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-07-24T04:00Z",
"lastModifiedDate" : "2016-10-18T02:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0419",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.idefense.com/advisory/06.11.03.txt",
"name" : "http://www.idefense.com/advisory/06.11.03.txt",
"refsource" : "MISC",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "SMC Networks Barricade Wireless Cable/DSL Broadband Router SMC7004VWBR allows remote attackers to cause a denial of service via certain packets to PPTP port 1723 on the internal interface."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:smc_networks:barricade_wireless_cable_dsl_broadband_router:smc7004vwbr:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-07-24T04:00Z",
"lastModifiedDate" : "2008-09-05T20:34Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0420",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.kb.cert.org/vuls/id/JPLA-5NTL8E",
"name" : "http://www.kb.cert.org/vuls/id/JPLA-5NTL8E",
"refsource" : "MISC",
"tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.auscert.org.au/render.html?it=3165",
"name" : "ESB-2003.0415",
"refsource" : "AUSCERT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7894",
"name" : "7894",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://secunia.com/advisories/9025/",
"name" : "9025",
"refsource" : "SECUNIA",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12342",
"name" : "macos-dsimportexport-obtain-information(12342)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Information leak in dsimportexport for Apple Macintosh OS X Server 10.2.6 allows local users to obtain the username and password of the account running the tool."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-13T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0421",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0040.html",
"name" : "20030723 R7-0015: Multiple Vulnerabilities Apple QuickTime/Darwin Streaming Server",
"refsource" : "VULNWATCH",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.rapid7.com/advisories/R7-0015.html",
"name" : "http://www.rapid7.com/advisories/R7-0015.html",
"refsource" : "MISC",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to cause a denial of service (crash) via an MS-DOS device name (e.g. AUX) in a request to HTTP port 1220, a different vulnerability than CVE-2003-0502."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apple:darwin_streaming_server:4.1.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2008-09-05T20:34Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0422",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0040.html",
"name" : "20030723 R7-0015: Multiple Vulnerabilities Apple QuickTime/Darwin Streaming Server",
"refsource" : "VULNWATCH",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.rapid7.com/advisories/R7-0015.html",
"name" : "http://www.rapid7.com/advisories/R7-0015.html",
"refsource" : "MISC",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to cause a denial of service (crash) via a request to view_broadcast.cgi that does not contain the required parameters."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apple:darwin_streaming_server:4.1.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2008-09-10T19:18Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0423",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0040.html",
"name" : "20030723 R7-0015: Multiple Vulnerabilities Apple QuickTime/Darwin Streaming Server",
"refsource" : "VULNWATCH",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://www.rapid7.com/advisories/R7-0015.html",
"name" : "http://www.rapid7.com/advisories/R7-0015.html",
"refsource" : "MISC",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "parse_xml.cgi in Apple QuickTime / Darwin Streaming Server before 4.1.3g allows remote attackers to obtain the source code for parseable files via the filename parameter."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apple:darwin_streaming_server:4.1.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2008-09-10T19:18Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0424",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0040.html",
"name" : "20030723 R7-0015: Multiple Vulnerabilities Apple QuickTime/Darwin Streaming Server",
"refsource" : "VULNWATCH",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://www.rapid7.com/advisories/R7-0015.html",
"name" : "http://www.rapid7.com/advisories/R7-0015.html",
"refsource" : "MISC",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to obtain the source code for scripts by appending encoded space (%20) or . (%2e) characters to an HTTP request for the script, e.g. view_broadcast.cgi."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apple:darwin_streaming_server:4.1.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2008-09-10T19:18Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0425",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0040.html",
"name" : "20030723 R7-0015: Multiple Vulnerabilities Apple QuickTime/Darwin Streaming Server",
"refsource" : "VULNWATCH",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://www.rapid7.com/advisories/R7-0015.html",
"name" : "http://www.rapid7.com/advisories/R7-0015.html",
"refsource" : "MISC",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Directory traversal vulnerability in Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to read arbitrary files via a ... (triple dot) in an HTTP request."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apple:darwin_streaming_server:4.1.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2008-09-10T19:18Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0426",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0040.html",
"name" : "20030723 R7-0015: Multiple Vulnerabilities Apple QuickTime/Darwin Streaming Server",
"refsource" : "VULNWATCH",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://www.rapid7.com/advisories/R7-0015.html",
"name" : "http://www.rapid7.com/advisories/R7-0015.html",
"refsource" : "MISC",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The installation of Apple QuickTime / Darwin Streaming Server before 4.1.3f starts the administration server with a \"Setup Assistant\" page that allows remote attackers to set the administrator password and gain privileges before the real administrator."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apple:darwin_streaming_server:4.1.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2008-09-05T20:34Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0427",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-320",
"name" : "DSA-320",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2005-506.html",
"name" : "RHSA-2005:506",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A647",
"name" : "oval:org.mitre.oval:def:647",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10194",
"name" : "oval:org.mitre.oval:def:10194",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in mikmod 3.1.6 and earlier allows remote attackers to execute arbitrary code via an archive file that contains a file with a long filename."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:miod_vallat:mikmod:3.1.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-07-24T04:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0428",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.ethereal.com/appnotes/enpa-sa-00010.html",
"name" : "http://www.ethereal.com/appnotes/enpa-sa-00010.html",
"refsource" : "CONFIRM",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-324",
"name" : "DSA-324",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-030.0.txt",
"name" : "CSSA-2003-030.0",
"refsource" : "SCO",
"tags" : [ ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/542540",
"name" : "VU#542540",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://secunia.com/advisories/9007",
"name" : "9007",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000662",
"name" : "CLA-2003:662",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-077.html",
"name" : "RHSA-2003:077",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A75",
"name" : "oval:org.mitre.oval:def:75",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unknown vulnerability in the DCERPC (DCE/RPC) dissector in Ethereal 0.9.12 and earlier allows remote attackers to cause a denial of service (memory consumption) via a certain NDR string."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "0.9.12",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-07-24T04:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0429",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.ethereal.com/appnotes/enpa-sa-00010.html",
"name" : "http://www.ethereal.com/appnotes/enpa-sa-00010.html",
"refsource" : "CONFIRM",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-324",
"name" : "DSA-324",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-030.0.txt",
"name" : "CSSA-2003-030.0",
"refsource" : "SCO",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/9007",
"name" : "9007",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000662",
"name" : "CLA-2003:662",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-077.html",
"name" : "RHSA-2003:077",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A84",
"name" : "oval:org.mitre.oval:def:84",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The OSI dissector in Ethereal 0.9.12 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via invalid IPv4 or IPv6 prefix lengths, possibly triggering a buffer overflow."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "0.9.12",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-07-24T04:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0430",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.ethereal.com/appnotes/enpa-sa-00010.html",
"name" : "http://www.ethereal.com/appnotes/enpa-sa-00010.html",
"refsource" : "CONFIRM",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-030.0.txt",
"name" : "CSSA-2003-030.0",
"refsource" : "SCO",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/9007",
"name" : "9007",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000662",
"name" : "CLA-2003:662",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-077.html",
"name" : "RHSA-2003:077",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A88",
"name" : "oval:org.mitre.oval:def:88",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The SPNEGO dissector in Ethereal 0.9.12 and earlier allows remote attackers to cause a denial of service (crash) via an invalid ASN.1 value."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "0.9.12",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-07-24T04:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0431",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.ethereal.com/appnotes/enpa-sa-00010.html",
"name" : "http://www.ethereal.com/appnotes/enpa-sa-00010.html",
"refsource" : "CONFIRM",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-324",
"name" : "DSA-324",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-030.0.txt",
"name" : "CSSA-2003-030.0",
"refsource" : "SCO",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/9007",
"name" : "9007",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000662",
"name" : "CLA-2003:662",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-077.html",
"name" : "RHSA-2003:077",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A101",
"name" : "oval:org.mitre.oval:def:101",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The tvb_get_nstringz0 function in Ethereal 0.9.12 and earlier does not properly handle a zero-length buffer size, with unknown consequences."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "0.9.12",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-07-24T04:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0432",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.ethereal.com/appnotes/enpa-sa-00010.html",
"name" : "http://www.ethereal.com/appnotes/enpa-sa-00010.html",
"refsource" : "CONFIRM",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-324",
"name" : "DSA-324",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-030.0.txt",
"name" : "CSSA-2003-030.0",
"refsource" : "SCO",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/9007",
"name" : "9007",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000662",
"name" : "CLA-2003:662",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-077.html",
"name" : "RHSA-2003:077",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A106",
"name" : "oval:org.mitre.oval:def:106",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Ethereal 0.9.12 and earlier does not handle certain strings properly, with unknown consequences, in the (1) BGP, (2) WTP, (3) DNS, (4) 802.11, (5) ISAKMP, (6) WSP, (7) CLNP, (8) ISIS, and (9) RMI dissectors."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "0.9.12",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-07-24T04:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0433",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-315",
"name" : "DSA-315",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple buffer overflows in gnocatan 0.6.1 and earlier allow attackers to execute arbitrary code."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnocatan-develop:gnocatan:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "0.6.1",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-07-24T04:00Z",
"lastModifiedDate" : "2008-09-05T20:34Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0434",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-196.html",
"name" : "RHSA-2003:196",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-197.html",
"name" : "RHSA-2003:197",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/005719.html",
"name" : "20030613 -10Day CERT Advisory on PDF Files",
"refsource" : "FULLDISC",
"tags" : [ ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/200132",
"name" : "VU#200132",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://secunia.com/advisories/9037",
"name" : "9037",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/9038",
"name" : "9038",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:071",
"name" : "MDKSA-2003:071",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105777963019186&w=2",
"name" : "20030709 xpdf vulnerability - CAN-2003-0434",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A664",
"name" : "oval:org.mitre.oval:def:664",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded hyperlink."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:adobe:acrobat:5.0.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xpdf:xpdf:1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:linux:7.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:mandrakesoft:mandrake_linux:9.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:linux:8.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:linux:9.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:mandrakesoft:mandrake_linux:9.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-07-24T04:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0435",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-322",
"name" : "DSA-322",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105553002105111&w=2",
"name" : "20030612 BAZARR THUG LIFE , DONT READ OR VIRUS INFECT YOU",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in net_swapscore for typespeed 0.4.1 and earlier allows remote attackers to execute arbitrary code."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:typespeed:typespeed:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "0.4.1",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-07-24T04:00Z",
"lastModifiedDate" : "2016-10-18T02:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0436",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/7865",
"name" : "7865",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/005543.html",
"name" : "20030610 mnogosearch 3.1.20 and 3.2.10 buffer overflow",
"refsource" : "FULLDISC",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in search.cgi for mnoGoSearch 3.1.20 allows remote attackers to execute arbitrary code via a long ul parameter."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mnogosearch:mnogosearch:3.1.20:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-07-24T04:00Z",
"lastModifiedDate" : "2008-09-10T19:19Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0437",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/7866",
"name" : "7866",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/005543.html",
"name" : "20030610 mnogosearch 3.1.20 and 3.2.10 buffer overflow",
"refsource" : "FULLDISC",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in search.cgi for mnoGoSearch 3.2.10 allows remote attackers to execute arbitrary code via a long tmplt parameter."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mnogosearch:mnogosearch:3.2.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-07-24T04:00Z",
"lastModifiedDate" : "2008-09-10T19:19Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0438",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-325",
"name" : "DSA-325",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "eldav WebDAV client for Emacs, version 0.7.2 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on temporary files."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:yuuichi_teranishi:eldav:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "0.7.2",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:H/Au:N/C:N/I:P/A:N",
"accessVector" : "LOCAL",
"accessComplexity" : "HIGH",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 1.2
},
"severity" : "LOW",
"exploitabilityScore" : 1.9,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-07-24T04:00Z",
"lastModifiedDate" : "2008-09-05T20:34Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0439",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ ]
} ]
},
"references" : {
"reference_data" : [ ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ ]
},
"impact" : { },
"publishedDate" : "2017-05-11T14:29Z",
"lastModifiedDate" : "2017-05-11T14:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0440",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-339",
"name" : "DSA-339",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-234.html",
"name" : "RHSA-2003:234",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-231.html",
"name" : "RHSA-2003:231",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A569",
"name" : "oval:org.mitre.oval:def:569",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The (1) semi MIME library 1.14.5 and earlier, and (2) wemi 1.14.0 and possibly other versions, allows local users to overwrite arbitrary files via a symlink attack on temporary files."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:semi:semi:1.14.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-18T04:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0441",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-326",
"name" : "DSA-326",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7988",
"name" : "7988",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12381",
"name" : "orvillewrite-variables-bo(12381)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple buffer overflows in Orville Write (orville-write) 2.53 and earlier allow local users to gain privileges."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:orville-write:orville-write:2.53:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-03-03T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0442",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://shh.thathost.com/secadv/2003-05-11-php.txt",
"name" : "http://shh.thathost.com/secadv/2003-05-11-php.txt",
"refsource" : "MISC",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-204.html",
"name" : "RHSA-2003:204",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-351",
"name" : "DSA-351",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/7761",
"name" : "7761",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000691",
"name" : "CLSA-2003:691",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:082",
"name" : "MDKSA-2003:082",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://www.turbolinux.co.jp/security/2003/TLSA-2003-47j.txt",
"name" : "TLSA-2003-47",
"refsource" : "TURBO",
"tags" : [ ]
}, {
"url" : "http://www.ciac.org/ciac/bulletins/n-112.shtml",
"name" : "N-112",
"refsource" : "CIAC",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/4758",
"name" : "4758",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://www.securitytracker.com/id?1008653",
"name" : "1008653",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105760591228031&w=2",
"name" : "20030707 [OpenPKG-SA-2003.032] OpenPKG Security Advisory (php)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105449314612963&w=2",
"name" : "20030530 PHP Trans SID XSS (Was: New php release with security fixes)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12259",
"name" : "php-session-id-xss(12259)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A485",
"name" : "oval:org.mitre.oval:def:485",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in the transparent SID support capability for PHP before 4.3.2 (session.use_trans_sid) allows remote attackers to insert arbitrary script via the PHPSESSID parameter."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "4.3.1",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:linux:8.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:linux:9.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-07-24T04:00Z",
"lastModifiedDate" : "2018-05-03T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0444",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-337",
"name" : "DSA-337",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/8061",
"name" : "8061",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12462",
"name" : "gtksee-png-bo(12462)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Heap-based buffer overflow in GTKSee 0.5 and 0.5.1 allows remote attackers to execute arbitrary code via a PNG image of certain color depths."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gtksee:gtksee:0.5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gtksee:gtksee:0.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-03-29T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0445",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-328",
"name" : "DSA-328",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in webfs before 1.17.1 allows remote attackers to execute arbitrary code via an HTTP request with a long Request-URI."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:webfs:webfs:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "1.17",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-07-24T04:00Z",
"lastModifiedDate" : "2008-09-05T20:34Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0446",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://security.greymagic.com/adv/gm013-ie/",
"name" : "http://security.greymagic.com/adv/gm013-ie/",
"refsource" : "MISC",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/005762.html",
"name" : "20030617 Cross-Site Scripting in Unparsable XML Files (GM#013-IE)",
"refsource" : "FULLDISC",
"tags" : [ ]
}, {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-06/0120.html",
"name" : "20030617 Re: Cross-Site Scripting in Unparsable XML Files (GM#013-IE)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/7938",
"name" : "7938",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/3065",
"name" : "3065",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/9055",
"name" : "9055",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105595990924165&w=2",
"name" : "20030617 Re: [Full-Disclosure] Cross-Site Scripting in Unparsable XML Files",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105585986015421&w=2",
"name" : "20030617 Cross-Site Scripting in Unparsable XML Files (GM#013-IE)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=ntbugtraq&m=105585001905002&w=2",
"name" : "20030617 Cross-Site Scripting in Unparsable XML Files (GM#013-IE)",
"refsource" : "NTBUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12334",
"name" : "ie-msxml-xss(12334)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) in Internet Explorer 5.5 and 6.0, possibly in a component that is also used by other Microsoft products, allows remote attackers to insert arbitrary web script via an XML file that contains a parse error, which inserts the script in the resulting error message."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-07-24T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0447",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://security.greymagic.com/adv/gm014-ie/",
"name" : "http://security.greymagic.com/adv/gm014-ie/",
"refsource" : "MISC",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/005763.html",
"name" : "20030617 Script Injection to Custom HTTP Errors in Local Zone (GM#014-IE)",
"refsource" : "FULLDISC",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105585933614773&w=2",
"name" : "20030617 Script Injection to Custom HTTP Errors in Local Zone (GM#014-IE)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=ntbugtraq&m=105585142406147&w=2",
"name" : "20030617 Script Injection to Custom HTTP Errors in Local Zone (GM#014-IE)",
"refsource" : "NTBUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The Custom HTTP Errors capability in Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute script in the Local Zone via an argument to shdocvw.dll that causes a \"javascript:\" link to be generated."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.01:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "HIGH",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.1
},
"severity" : "MEDIUM",
"exploitabilityScore" : 4.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : true
}
},
"publishedDate" : "2003-07-24T04:00Z",
"lastModifiedDate" : "2016-10-18T02:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0448",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=105588111714856&w=2",
"name" : "20030618 Portmon file arbitrary read/write access vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Portmon 1.7 and possibly earlier versions allows local users to read and write arbitrary files via the (1) -c (host file) or (2) -l (log file) command line options."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:aboleo.net:portmon:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "1.7",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 3.6
},
"severity" : "LOW",
"exploitabilityScore" : 3.9,
"impactScore" : 4.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-07-24T04:00Z",
"lastModifiedDate" : "2016-10-18T02:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0449",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.secnetops.com/research/advisories/SRT2003-06-13-0945.txt",
"name" : "http://www.secnetops.com/research/advisories/SRT2003-06-13-0945.txt",
"refsource" : "MISC",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.secnetops.com/research/advisories/SRT2003-06-13-1009.txt",
"name" : "http://www.secnetops.com/research/advisories/SRT2003-06-13-1009.txt",
"refsource" : "MISC",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105561189625082&w=2",
"name" : "20030614 SRT2003-06-13-1009 - Progress _dbagent -installdir dlopen() issue",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105561134624665&w=2",
"name" : "20030614 SRT2003-06-13-0945 - Progress PATH based dlopen() issue",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Progress Database 9.1 to 9.1D06 trusts user input to find and load libraries using dlopen, which allows local users to gain privileges via (1) a PATH environment variable that points to malicious libraries, as demonstrated using libjutil.so in_proapsv, or (2) the -installdir command line parameter, as demonstrated using librocket_r.so in _dbagent."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:progress:database:9.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-07T04:00Z",
"lastModifiedDate" : "2016-10-18T02:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0450",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=196063",
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=196063",
"refsource" : "MISC",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-321",
"name" : "DSA-321",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.turbolinux.com/security/TLSA-2003-40.txt",
"name" : "TLSA-2003-40",
"refsource" : "TURBO",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.novell.com/linux/security/advisories/2003_030_radiusd_cistron.html",
"name" : "SuSE-SA:2003:030",
"refsource" : "SUSE",
"tags" : [ ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000664",
"name" : "CLA-2003:664",
"refsource" : "CONECTIVA",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cistron RADIUS daemon (radiusd-cistron) 1.6.6 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large value in an NAS-Port attribute, which is interpreted as a negative number and causes a buffer overflow."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cistron:radius_daemon:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "1.6.6",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-07T04:00Z",
"lastModifiedDate" : "2008-09-10T19:19Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0451",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-327",
"name" : "DSA-327",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple buffer overflows in xbl before 1.0k allow local users to gain privileges via certain long command line arguments."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xblockout:xbl:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "1.0j",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-07T04:00Z",
"lastModifiedDate" : "2008-09-05T20:34Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0452",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-329",
"name" : "DSA-329",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflows in osh before 1.7-11 allow local users to execute arbitrary code and bypass shell restrictions via (1) long environment variables or (2) long \"file redirections.\""
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gunnar_ritter:osh:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "1.7-10",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-07T04:00Z",
"lastModifiedDate" : "2008-09-05T20:34Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0453",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-348",
"name" : "DSA-348",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105613905425563&w=2",
"name" : "20030620 BAZARR FAREWELL",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "traceroute-nanog 6.1.1 allows local users to overwrite unauthorized memory and possibly execute arbitrary code via certain \"nprobes\" and \"max_ttl\" arguments that cause an integer overflow that is used when allocating memory, which leads to a buffer overflow."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ehud_gavron:traceroute-nanog:6.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-07T04:00Z",
"lastModifiedDate" : "2016-10-18T02:34Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0454",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-334",
"name" : "DSA-334",
"refsource" : "DEBIAN",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple buffer overflows in xgalaga 2.0.34 and earlier allow local users to gain privileges via a long HOME environment variable."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:joe_rumsey:xgalaga:2.0.34:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-07T04:00Z",
"lastModifiedDate" : "2008-09-05T20:34Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0455",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-331",
"name" : "DSA-331",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2004-494.html",
"name" : "RHSA-2004:494",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105786393628728&w=2",
"name" : "20030710 [OpenPKG-SA-2003.034] OpenPKG Security Advisory (imagemagick)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The imagemagick libmagick library 5.5 and earlier creates temporary files insecurely, which allows local users to create or overwrite arbitrary files."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:imagemagick:libmagick_library:5.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-07T04:00Z",
"lastModifiedDate" : "2016-10-18T02:34Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0456",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-200"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/8075",
"name" : "8075",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0002.html",
"name" : "20030701 VisNetic WebSite Path Disclosure Vulnerability",
"refsource" : "VULNWATCH",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.krusesecurity.dk/advisories/vis0103.txt",
"name" : "http://www.krusesecurity.dk/advisories/vis0103.txt",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105733894003737&w=2",
"name" : "20030701 VisNetic WebSite Path Disclosure Vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12483",
"name" : "visnetic-website-path-disclosure(12483)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "VisNetic WebSite 3.5 allows remote attackers to obtain the full pathname of the server via a request containing a folder that does not exist, which leaks the pathname in an error message, as demonstrated using _vti_bin/fpcount.exe."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:deerfield:visnetic_website:3.5.13:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:deerfield:visnetic_website:3.5.15:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:deerfield:visnetic_website:3.5.17:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-18T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0458",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/advisories/5545",
"name" : "SSRT3488",
"refsource" : "HP",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/8080",
"name" : "8080",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unknown vulnerability in HP NonStop Server D40.00 through D48.03, and G01.00 through G06.20, allows local users to gain additional privileges."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:d40.00:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:d41.00:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:d42.00:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:d42.01:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:d48.03:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:g01.00:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:g02.00:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:g03.00:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:g06.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:g06.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:g06.12:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:d45.00:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:g06.20:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:g06.13:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:d45.01:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:d48.00:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:g06.01:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:g06.05:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:d44.00:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:d44.02:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:g06.16:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:d44.01:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:g06.04:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:g05.01:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:d46.00:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:g04.00:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:g06.14:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:g06.09:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:d43.01:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:g06.03:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:g06.19:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:d48.02:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:g06.07:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:g05.00:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:g06.00:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:d47.00:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:d43.02:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:d48.01:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:d43.00:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:g06.15:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:g06.06:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:g06.17:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:g06.18:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:nonstop_seeview_server_gateway:g06.08:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-18T04:00Z",
"lastModifiedDate" : "2008-09-05T20:34Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0459",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-235.html",
"name" : "RHSA-2003:235",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-236.html",
"name" : "RHSA-2003:236",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.kde.org/info/security/advisory-20030729-1.txt",
"name" : "http://www.kde.org/info/security/advisory-20030729-1.txt",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/007300.html",
"name" : "20030729 KDE Security Advisory: Konqueror Referrer Authentication Leak",
"refsource" : "FULLDISC",
"tags" : [ ]
}, {
"url" : "http://www.turbolinux.com/security/TLSA-2003-45.txt",
"name" : "TLSA-2003-45",
"refsource" : "TURBO",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-361",
"name" : "DSA-361",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000747",
"name" : "CLA-2003:747",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:079",
"name" : "MDKSA-2003:079",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105986238428061&w=2",
"name" : "20030802 [slackware-security] KDE packages updated (SSA:2003-213-01)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A411",
"name" : "oval:org.mitre.oval:def:411",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the \"user:password@host\" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages that link to the sites."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:kde:konqueror:3.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:kde:konqueror:3.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:kde:konqueror_embedded:0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:analog_real-time_synthesizer:2.1.1-5:*:i386:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:kdelibs:3.0.0-10:*:i386:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:kdelibs:3.1-10:*:i386:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:kdelibs_sound:2.1.1-5:*:i386_sound:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:kdelibs_sound:2.2-11:*:i386_sound:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:kde:konqueror:3.0.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:kde:konqueror:3.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:kdebase:3.0.3-13:*:i386:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:kde:konqueror:3.1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:kdelibs:2.2-11:*:i386:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:kde:konqueror:3.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:kdelibs_devel:2.2-11:*:ia64_dev:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:kdelibs_sound_devel:2.2-11:*:i386_sound_dev:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:analog_real-time_synthesizer:2.2-11:*:ia64:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:kde:konqueror:2.2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:kdelibs_devel:3.1-10:*:i386_dev:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:kde:konqueror:3.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:kdelibs_sound_devel:2.2-11:*:ia64_sound_dev:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:analog_real-time_synthesizer:2.2-11:*:i386:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:kdebase:3.0.3-13:*:i386_dev:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:kde:konqueror:3.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:kdelibs_devel:3.0.0-10:*:i386_dev:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:kdelibs_devel:2.1.1-5:*:i386_dev:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:kdelibs:2.1.1-5:*:i386:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:kdelibs_sound_devel:2.1.1-5:*:i386_sound_dev:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:kdelibs_devel:2.2-11:*:i386_dev:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:kdelibs_devel:3.0.3-8:*:i386_dev:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:kdelibs:2.2-11:*:ia64:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:kde:konqueror:2.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:kdelibs_sound:2.2-11:*:ia64_sound:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0460",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.apache.org/dist/httpd/Announcement.html",
"name" : "http://www.apache.org/dist/httpd/Announcement.html",
"refsource" : "CONFIRM",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/694428",
"name" : "VU#694428",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/re028d61fe612b0908595d658b9b39e74bca56f2a1ed3c5f06b5ab571@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073139 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r7035b7c9091c4b665a3b7205364775410646f12125d48e74e395f2ce@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1888194 [2/13] - /httpd/site/trunk/content/security/json/",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/raa117ef183f0da9b3f46efbeaa66f7622bd68868a450cae4fd8ed594@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073149 [3/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 systems, does not properly ignore certain control characters that are received over the pipe, which could allow remote attackers to cause a denial of service."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "1.3.27",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2021-06-06T11:15Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0461",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-238.html",
"name" : "RHSA-2003:238",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.debian.org/security/2004/dsa-423",
"name" : "DSA-423",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://rsbac.dyndns.org/pipermail/rsbac/2002-May/000162.html",
"name" : "http://rsbac.dyndns.org/pipermail/rsbac/2002-May/000162.html",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2004-188.html",
"name" : "RHSA-2004:188",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2004/dsa-358",
"name" : "DSA-358",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A997",
"name" : "oval:org.mitre.oval:def:997",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9330",
"name" : "oval:org.mitre.oval:def:9330",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A304",
"name" : "oval:org.mitre.oval:def:304",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "/proc/tty/driver/serial in Linux 2.4.x reveals the exact number of characters used in serial links, which could allow local users to obtain potentially sensitive information such as the length of passwords."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:linux:7.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:linux:9.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:linux:8.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 2.1
},
"severity" : "LOW",
"exploitabilityScore" : 3.9,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0462",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-238.html",
"name" : "RHSA-2003:238",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.debian.org/security/2004/dsa-423",
"name" : "DSA-423",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-198.html",
"name" : "RHSA-2003:198",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2004/dsa-358",
"name" : "DSA-358",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-239.html",
"name" : "RHSA-2003:239",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A309",
"name" : "oval:org.mitre.oval:def:309",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "A race condition in the way env_start and env_end pointers are initialized in the execve system call and used in fs/proc/base.c on Linux 2.4 allows local users to cause a denial of service (crash)."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mandrakesoft:mandrake_multi_network_firewall:8.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.13:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.14:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.20:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.21:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:mandrakesoft:mandrake_linux:8.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:mandrakesoft:mandrake_linux:8.2:*:ppc:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.12:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.15:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.17:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:mandrakesoft:mandrake_linux:9.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.16:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.19:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:H/Au:N/C:N/I:N/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "HIGH",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 1.2
},
"severity" : "LOW",
"exploitabilityScore" : 1.9,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0463",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ ]
} ]
},
"references" : {
"reference_data" : [ ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ ]
},
"impact" : { },
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-10T19:19Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0464",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-238.html",
"name" : "RHSA-2003:238",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A311",
"name" : "oval:org.mitre.oval:def:311",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The RPC code in Linux kernel 2.4 sets the reuse flag when sockets are created, which could allow local users to bind to UDP ports that are used by privileged services such as nfsd."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:linux:7.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:linux:8.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:linux:9.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:linux:7.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2018-05-03T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0465",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.redhat.com/support/errata/RHSA-2004-188.html",
"name" : "RHSA-2004:188",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=linux-kernel&m=105796415223490&w=2",
"name" : "http://marc.info/?l=linux-kernel&m=105796415223490&w=2",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=linux-kernel&m=105796021120436&w=2",
"name" : "http://marc.info/?l=linux-kernel&m=105796021120436&w=2",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10285",
"name" : "oval:org.mitre.oval:def:10285",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The kernel strncpy function in Linux 2.4 and 2.5 does not %NUL pad the buffer on architectures other than x86, as opposed to the expected behavior of strncpy as implemented in libc, which could lead to information leaks."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-18T04:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0466",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/8315",
"name" : "8315",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0065.html",
"name" : "20030731 wu-ftpd fb_realpath() off-by-one bug",
"refsource" : "VULNWATCH",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/743092",
"name" : "VU#743092",
"refsource" : "CERT-VN",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://isec.pl/vulnerabilities/isec-0011-wu-ftpd.txt",
"name" : "http://isec.pl/vulnerabilities/isec-0011-wu-ftpd.txt",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-245.html",
"name" : "RHSA-2003:245",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-246.html",
"name" : "RHSA-2003:246",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.novell.com/linux/security/advisories/2003_032_wuftpd.html",
"name" : "SuSE-SA:2003:032",
"refsource" : "SUSE",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-357",
"name" : "DSA-357",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-011.txt.asc",
"name" : "NetBSD-SA2003-011.txt.asc",
"refsource" : "NETBSD",
"tags" : [ ]
}, {
"url" : "http://www.turbolinux.com/security/TLSA-2003-46.txt",
"name" : "TLSA-2003-46",
"refsource" : "TURBO",
"tags" : [ ]
}, {
"url" : "http://download.immunix.org/ImmunixOS/7+/Updates/errata/IMNX-2003-7+-019-01",
"name" : "IMNX-2003-7+-019-01",
"refsource" : "IMMUNIX",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/6602",
"name" : "6602",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://securitytracker.com/id?1007380",
"name" : "1007380",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/9423",
"name" : "9423",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/9446",
"name" : "9446",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/9447",
"name" : "9447",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/9535",
"name" : "9535",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/424852/100/0/threaded",
"name" : "20060213 Latest wu-ftpd exploit :-s",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/425061/100/0/threaded",
"name" : "20060214 Re: Latest wu-ftpd exploit :-s",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:080",
"name" : "MDKSA-2003:080",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1001257.1-1",
"name" : "1001257",
"refsource" : "SUNALERT",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106001702232325&w=2",
"name" : "20030804 wu-ftpd-2.6.2 off-by-one remote exploit.",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105967301604815&w=2",
"name" : "20030731 wu-ftpd fb_realpath() off-by-one bug",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106002488209129&w=2",
"name" : "20030804 Off-by-one Buffer Overflow Vulnerability in BSD libc realpath(3)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106001410028809&w=2",
"name" : "FreeBSD-SA-03:08",
"refsource" : "FREEBSD",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12785",
"name" : "libc-realpath-offbyone-bo(12785)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1970",
"name" : "oval:org.mitre.oval:def:1970",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:wu_ftpd:2.6.1-16:*:i386:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:wu_ftpd:2.6.1-16:*:powerpc:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.6.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.6.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:wu_ftpd:2.6.1-18:*:i386:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:wu_ftpd:2.6.1-18:*:ia64:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:wu_ftpd:2.6.2-5:*:i386:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:wu_ftpd:2.6.2-8:*:i386:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.1.1:release:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.1.1:stable:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.4:releng:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.6:stable:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:3.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.3:releng:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.5.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.4:stable:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.6:release:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.3:stable:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.7:stable:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:3.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.2:stable:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:3.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:2.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.5.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:2.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.7:release:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.6.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:2.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:2.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.5:stable:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.5:release:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.6.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.3:release:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:2.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.8:pre-release:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:3.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:5.0:alpha:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.0:alpha:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2018-05-03T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0467",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=105985703724758&w=2",
"name" : "20030802 [SECURITY] Netfilter Security Advisory: NAT Remote DOS (SACK mangle)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unknown vulnerability in ip_nat_sack_adjust of Netfilter in Linux kernels 2.4.20, and some 2.5.x, when CONFIG_IP_NF_NAT_FTP or CONFIG_IP_NF_NAT_IRC is enabled, or the ip_nat_ftp or ip_nat_irc modules are loaded, allows remote attackers to cause a denial of service (crash) in systems using NAT, possibly due to an integer signedness error."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.21:pre1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.21:pre4:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.21:pre7:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.20:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.21:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2016-10-18T02:34Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0468",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-363",
"name" : "DSA-363",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-251.html",
"name" : "RHSA-2003:251",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.novell.com/linux/security/advisories/2003_033_postfix.html",
"name" : "SuSE-SA:2003:033",
"refsource" : "SUSE",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/8333",
"name" : "8333",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/9433",
"name" : "9433",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000717",
"name" : "CLA-2003:717",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:081",
"name" : "MDKSA-2003:081",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106001525130257&w=2",
"name" : "20030804 Postfix 1.1.12 remote DoS / Postfix 1.1.11 bounce scanning",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A522",
"name" : "oval:org.mitre.oval:def:522",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Postfix 1.1.11 and earlier allows remote attackers to use Postfix to conduct \"bounce scans\" or DDos attacks of other hosts via an email address to the local host containing the target IP address and service name followed by a \"!\" string, which causes Postfix to attempt to use SMTP to communicate with the target on the associated port."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:wietse_venema:postfix:2000-02-28:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:wietse_venema:postfix:2001-11-15:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:conectiva:linux:7.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:conectiva:linux:8.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:wietse_venema:postfix:1999-09-06:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:wietse_venema:postfix:1999-12-31:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:wietse_venema:postfix:1.0.21:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:wietse_venema:postfix:1.1.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0469",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/006067.html",
"name" : "20030625 Re: Internet Explorer >=5.0 : Buffer overflow",
"refsource" : "FULLDISC",
"tags" : [ ]
}, {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006155.html",
"name" : "20030701 PoC for Internet Explorer >=5.0 buffer overflow (trivial exploit for hard case).",
"refsource" : "FULLDISC",
"tags" : [ ]
}, {
"url" : "http://www.cert.org/advisories/CA-2003-14.html",
"name" : "CA-2003-14",
"refsource" : "CERT",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/823260",
"name" : "VU#823260",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://www.securityfocus.com/bid/8016",
"name" : "8016",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105639925122961&w=2",
"name" : "20030622 Internet Explorer >=5.0 : Buffer overflow",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-023",
"name" : "MS03-023",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in the HTML Converter (HTML32.cnv) on various Windows operating systems allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via cut-and-paste operation, as demonstrated in Internet Explorer 5.0 using a long \"align\" argument in an HR tag."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_98se:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:64-bit:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:gold:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-07T04:00Z",
"lastModifiedDate" : "2018-10-12T21:32Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0470",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/006014.html",
"name" : "20030622 Symantec ActiveX control buffer overflow",
"refsource" : "FULLDISC",
"tags" : [ ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/527228",
"name" : "VU#527228",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://www.securityfocus.com/bid/8008",
"name" : "8008",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://securitytracker.com/id?1007029",
"name" : "1007029",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/9091",
"name" : "9091",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105647537823877&w=2",
"name" : "20030624 [Symantec Security Advisor] Symantec Security Check ActiveX Buffer Overflow",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12423",
"name" : "symantec-security-activex-bo(12423)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in the \"RuFSI Utility Class\" ActiveX control (aka \"RuFSI Registry Information Class\"), as used for the Symantec Security Check service, allows remote attackers to execute arbitrary code via a long argument to CompareVersionStrings."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:symantec:security_check:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-07T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0471",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/8024",
"name" : "8024",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/2207",
"name" : "2207",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105648385900792&w=2",
"name" : "20030624 Re: WebAdmin from ALT-N remote exploit PoC",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105647081418155&w=2",
"name" : "20030624 Remote Buffer Overrun WebAdmin.exe",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in WebAdmin.exe for WebAdmin allows remote attackers to execute arbitrary code via an HTTP request to WebAdmin.dll with a long USER argument."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:alt-n:webadmin:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-07T04:00Z",
"lastModifiedDate" : "2016-10-18T02:34Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0472",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20030607-01-P",
"name" : "20030607-01-P",
"refsource" : "SGI",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/8027",
"name" : "8027",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/8585",
"name" : "8585",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12676",
"name" : "irix-inetd-portscan-dos(12676)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The IPv6 capability in IRIX 6.5.19 allows remote attackers to cause a denial of service (hang) in inetd via port scanning."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.19:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-07T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0473",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20030607-01-P",
"name" : "20030607-01-P",
"refsource" : "SGI",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/8029",
"name" : "8029",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/8586",
"name" : "8586",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12677",
"name" : "irix-snoop-gain-privileges(12677)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unknown vulnerability in the IPv6 capability in IRIX 6.5.19 causes snoop to process packets as the root user, with unknown implications."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.19:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-07T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0474",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=105049794801319&w=2",
"name" : "20030416 SFAD03-001: iWeb Mini Web Server Remote Directory Traversal",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105673543626636&w=2",
"name" : "20030627 Re: TA-2003-06 Directory Transversal Vulnerability in iWeb Server",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Directory traversal vulnerability in iWeb Server allows remote attackers to read arbitrary files via an HTTP request containing .. sequences, a different vulnerability than CVE-2003-0475."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ashley_brown:iweb_server:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-07T04:00Z",
"lastModifiedDate" : "2016-10-18T02:34Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0475",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=105640001823769&w=2",
"name" : "20030623 TA-2003-06 Directory Transversal Vulnerability in iWeb Server 2",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105673543626636&w=2",
"name" : "20030627 Re: TA-2003-06 Directory Transversal Vulnerability in iWeb Server",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Directory traversal vulnerability in iWeb Server 2 allows remote attackers to read arbitrary files via an HTTP request containing URL-encoded .. sequences (\"%5c%2e%2e\"), a different vulnerability than CVE-2003-0474."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ashley_brown:iweb_server:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-07T04:00Z",
"lastModifiedDate" : "2016-10-18T02:34Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0476",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-368.html",
"name" : "RHSA-2003:368",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.debian.org/security/2004/dsa-423",
"name" : "DSA-423",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-238.html",
"name" : "RHSA-2003:238",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-408.html",
"name" : "RHSA-2003:408",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2004/dsa-358",
"name" : "DSA-358",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:074",
"name" : "MDKSA-2003:074",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105664924024009&w=2",
"name" : "20030626 Linux 2.4.x execve() file read race vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A327",
"name" : "oval:org.mitre.oval:def:327",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The execve system call in Linux 2.4.x records the file descriptor of the executable process in the file table of the calling process, which allows local users to gain read access to restricted file descriptors."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 2.1
},
"severity" : "LOW",
"exploitabilityScore" : 3.9,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-07T04:00Z",
"lastModifiedDate" : "2018-05-03T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0477",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.wzdftpd.net/changea.html",
"name" : "http://www.wzdftpd.net/changea.html",
"refsource" : "CONFIRM",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105674242105302&w=2",
"name" : "20030627 wzdftpd remote DoS",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "wzdftpd 0.1rc4 and earlier allows remote attackers to cause a denial of service (crash) via a PORT command without an argument."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:wzdftpd:wzdftpd:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "0.1_rc4",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-07T04:00Z",
"lastModifiedDate" : "2016-10-18T02:34Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0478",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=105665996104723&w=2",
"name" : "20030626 Bahamut IRCd <= 1.4.35 and several derived daemons",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105673555726823&w=2",
"name" : "20030627 Bahamut DoS",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105673489525906&w=2",
"name" : "20030627 Re: Bahamut IRCd <= 1.4.35 and several derived daemons",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Format string vulnerability in (1) Bahamut IRCd 1.4.35 and earlier, and other IRC daemons based on Bahamut including (2) digatech 1.2.1, (3) methane 0.1.1, (4) AndromedeIRCd 1.2.3-Release, and (5) ircd-RU, when running in debug mode, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a request containing format strings."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hans_westerhof:digatech:1.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:wenet:ircd-ru:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:andromede:adromedeircd:1.2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:daniel_moss:methane:0.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:bahamut:ircd:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "1.4.35",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-07T04:00Z",
"lastModifiedDate" : "2016-10-18T02:34Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0479",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=105673452325230&w=2",
"name" : "20030627 WebBBS Guestbook : Cross Site Scripting",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in the guestbook for WebBBS allows remote attackers to insert arbitrary web script via the (1) Name, (2) Email, or (3) Message fields."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:affordable_web_space_design:affordable_web_space_design_webbbs:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-07T04:00Z",
"lastModifiedDate" : "2016-10-18T02:34Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0480",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=1019",
"name" : "http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=1019",
"refsource" : "CONFIRM",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105673688529147&w=2",
"name" : "20030627 VMware Workstation 4.0: Possible privilege escalation on the host",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "VMware Workstation 4.0 for Linux allows local users to overwrite arbitrary files and gain privileges via \"symlink manipulation.\""
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:vmware:workstation:4.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:H/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "HIGH",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 3.7
},
"severity" : "LOW",
"exploitabilityScore" : 1.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-07T04:00Z",
"lastModifiedDate" : "2016-10-18T02:34Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0481",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=105638743109781&w=2",
"name" : "20030623 [KSA-001] Multiple vulnerabilities in Tutos",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in TUTOS 1.1 allow remote attackers to insert arbitrary web script, as demonstrated using the msg parameter to file_select.php."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gero_kohnert:tutos:1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-07T04:00Z",
"lastModifiedDate" : "2016-10-18T02:34Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0482",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=105638743109781&w=2",
"name" : "20030623 [KSA-001] Multiple vulnerabilities in Tutos",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "TUTOS 1.1 allows remote attackers to execute arbitrary code by uploading the code using file_new.php, then directly accessing the uploaded code via a request to the repository containing the code."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gero_kohnert:tutos:1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-07T04:00Z",
"lastModifiedDate" : "2016-10-18T02:34Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0483",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=105638720409307&w=2",
"name" : "20030623 Many XSS Vulnerabilities in XMB Forum.",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://docs.xmbforum2.com/index.php?title=Security_Issue_History",
"name" : "https://docs.xmbforum2.com/index.php?title=Security_Issue_History",
"refsource" : "MISC",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerabilities in XMB Forum 1.8 Partagium allow remote attackers to insert arbitrary script via (1) the member parameter to member.php or (2) the action parameter to buddy.php."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xmb_forum:xmb:1.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 6.8
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-07T04:00Z",
"lastModifiedDate" : "2021-04-29T15:15Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0484",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=105639883722514&w=2",
"name" : "20030621 XSS Exploit In phpBB viewtopic.php",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in viewtopic.php for phpBB allows remote attackers to insert arbitrary web script via the topic_id parameter."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 6.8
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-07T04:00Z",
"lastModifiedDate" : "2016-10-18T02:34Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0485",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/7997",
"name" : "7997",
"refsource" : "BID",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105613243117155&w=2",
"name" : "20030620 SRT2003-06-20-1232 - Progress 4GL Compiler datatype overflow",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in Progress 4GL Compiler 9.1D06 and earlier allows attackers to execute arbitrary code via source code containing a long, invalid data type."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:progress:4gl_compiler:9.1:d06:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-07T04:00Z",
"lastModifiedDate" : "2016-10-18T02:34Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0486",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.phpbb.com/phpBB/viewtopic.php?t=112052",
"name" : "http://www.phpbb.com/phpBB/viewtopic.php?t=112052",
"refsource" : "CONFIRM",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7979",
"name" : "7979",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105607263130644&w=2",
"name" : "20030619 phpBB password disclosure by sql injection",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12366",
"name" : "phpbb-viewtopic-sql-injection(12366)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "SQL injection vulnerability in viewtopic.php for phpBB 2.0.5 and earlier allows remote attackers to steal password hashes via the topic_id parameter."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "2.0.5",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-07T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0487",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://nautopia.org/vulnerabilidades/kerio_mailserver.htm",
"name" : "http://nautopia.org/vulnerabilidades/kerio_mailserver.htm",
"refsource" : "MISC",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7967",
"name" : "7967",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105596982503760&w=2",
"name" : "20030618 Multiple buffer overflows and XSS in Kerio MailServer",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12368",
"name" : "kerio-multiple-modules-bo(12368)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple buffer overflows in Kerio MailServer 5.6.3 allow remote authenticated users to cause a denial of service and possibly execute arbitrary code via (1) a long showuser parameter in the do_subscribe module, (2) a long folder parameter in the add_acl module, (3) a long folder parameter in the list module, and (4) a long user parameter in the do_map module."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:kerio:kerio_mailserver:5.6.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-07T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0488",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://nautopia.org/vulnerabilidades/kerio_mailserver.htm",
"name" : "http://nautopia.org/vulnerabilidades/kerio_mailserver.htm",
"refsource" : "MISC",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7966",
"name" : "7966",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7968",
"name" : "7968",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105596982503760&w=2",
"name" : "20030618 Multiple buffer overflows and XSS in Kerio MailServer",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12367",
"name" : "kerio-multiple-modules-xss(12367)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Kerio MailServer 5.6.3 allow remote attackers to insert arbitrary web script via (1) the add_name parameter in the add_acl module, or (2) the alias parameter in the do_map module."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:kerio:kerio_mailserver:5.6.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "HIGH",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.1
},
"severity" : "MEDIUM",
"exploitabilityScore" : 4.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : true
}
},
"publishedDate" : "2003-08-07T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0489",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-330",
"name" : "DSA-330",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "tcptraceroute 1.4 and earlier does not fully drop privileges after obtaining a file descriptor for capturing packets, which may allow local users to gain access to the descriptor via a separate vulnerability in tcptraceroute."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:michael_c._toren:tcptraceroute:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "1.4",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-07T04:00Z",
"lastModifiedDate" : "2008-09-05T20:34Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0490",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=105579526026992&w=2",
"name" : "20030616 Dantz Retrospect Client 5.0.540 for Mac OS X - permission issues",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The installation of Dantz Retrospect Client 5.0.540 on MacOS X 10.2.6, and possibly other versions, creates critical directories and files with world-writable permissions, which allows local users to gain privileges as other users by replacing programs with malicious code."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:dantz:retrospect_client:5.0.540:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-07T04:00Z",
"lastModifiedDate" : "2016-10-18T02:34Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0491",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=vuln-dev&m=105577873506147&w=2",
"name" : "20030616 Directory traversal vulnerability on Xoops/E-xoops CMS module \"tutorials\"",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The Tutorials 2.0 module in XOOPS and E-XOOPS allows remote attackers to execute arbitrary code by uploading a PHP file without a MIME image type, then directly accessing the uploaded file."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mytutorials:tutorials:2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-07T04:00Z",
"lastModifiedDate" : "2016-10-18T02:34Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0492",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/7922",
"name" : "7922",
"refsource" : "BID",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105578322012128&w=2",
"name" : "20030616 Multiple Vulnerabilities In Snitz Forums",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12325",
"name" : "snitz-search-xss(12325)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in search.asp for Snitz Forums 3.4.03 and earlier allows remote attackers to execute arbitrary web script via the Search parameter."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:snitz_communications:snitz_forums_2000:3.4.03:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 6.8
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-07T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0493",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/7924",
"name" : "7924",
"refsource" : "BID",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105578322012128&w=2",
"name" : "20030616 Multiple Vulnerabilities In Snitz Forums",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Snitz Forums 3.4.03 and earlier allows attackers to gain privileges as other users by stealing and replaying the encrypted password after obtaining a valid session ID."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:snitz_communications:snitz_forums_2000:3.4.03:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-07T04:00Z",
"lastModifiedDate" : "2016-10-18T02:34Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0494",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/7925",
"name" : "7925",
"refsource" : "BID",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105578322012128&w=2",
"name" : "20030616 Multiple Vulnerabilities In Snitz Forums",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12326",
"name" : "snitz-forums-password-reset(12326)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "password.asp in Snitz Forums 3.4.03 and earlier allows remote attackers to reset passwords and gain privileges as other users by via a direct request to password.asp with a modified member id."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:snitz_communications:snitz_forums_2000:3.4.03:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-07T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0495",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/7920",
"name" : "7920",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105578330812212&w=2",
"name" : "20030615 XSS Vulnerability in LedNews (CGI/Perl) v0.7",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12304",
"name" : "lednews-message-xss(12304)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in LedNews 0.7 allows remote attackers to insert arbitrary web script via a news item."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ledscripts.com:lednews:0.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-07T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0496",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.atstake.com/research/advisories/2003/a070803-1.txt",
"name" : "A070803-1",
"refsource" : "ATSTAKE",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0013.html",
"name" : "20030709 Pipe Filename Local Privilege Escalation FAQ",
"refsource" : "VULNWATCH",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105820282607865&w=2",
"name" : "20030714 @stake named pipe exploit",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105830986720243&w=2",
"name" : "20030715 CreateFile exploit, (working)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Microsoft SQL Server before Windows 2000 SP4 allows local users to gain privileges as the SQL Server user by calling the xp_fileexist extended stored procedure with a named pipe as an argument instead of a normal file."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000_terminal_services:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-18T04:00Z",
"lastModifiedDate" : "2019-04-30T14:27Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0497",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-264"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=7",
"name" : "20030701 Caché Insecure Installation File and Directory Permissions",
"refsource" : "IDEFENSE",
"tags" : [ ]
}, {
"url" : "https://www.intersystems.com/support-learning/support/product-news-alerts/support-alerts-2003/",
"name" : "https://www.intersystems.com/support-learning/support/product-news-alerts/support-alerts-2003/",
"refsource" : "CONFIRM",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Caché Database 5.x installs /cachesys/bin/cache with world-writable permissions, which allows local users to gain privileges by modifying cache and executing it via cuxs."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:intersystems:cache_database:5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-07T04:00Z",
"lastModifiedDate" : "2020-02-10T21:05Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0498",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-94"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=7",
"name" : "20030701 Caché Insecure Installation File and Directory Permissions",
"refsource" : "IDEFENSE",
"tags" : [ ]
}, {
"url" : "https://www.intersystems.com/support-learning/support/product-news-alerts/support-alerts-2003/",
"name" : "https://www.intersystems.com/support-learning/support/product-news-alerts/support-alerts-2003/",
"refsource" : "CONFIRM",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Caché Database 5.x installs the /cachesys/csp directory with insecure permissions, which allows local users to execute arbitrary code by adding server-side scripts that are executed with root privileges."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:intersystems:cache_database:5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-07T04:00Z",
"lastModifiedDate" : "2020-02-10T21:05Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0499",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "https://www.debian.org/security/2003/dsa-335",
"name" : "DSA-335",
"refsource" : "DEBIAN",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Mantis 0.17.5 and earlier stores its database password in cleartext in a world-readable configuration file, which allows local users to perform unauthorized database operations."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mantis:mantis:0.17.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 3.6
},
"severity" : "LOW",
"exploitabilityScore" : 3.9,
"impactScore" : 4.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-07T04:00Z",
"lastModifiedDate" : "2016-12-08T02:59Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0500",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-338",
"name" : "DSA-338",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/005826.html",
"name" : "20030618 SQL Inject in ProFTPD login against Postgresql using mod_sql",
"refsource" : "FULLDISC",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "SQL injection vulnerability in the PostgreSQL authentication module (mod_sql_postgres) for ProFTPD before 1.2.9rc1 allows remote attackers to execute arbitrary SQL and gain privileges by bypassing authentication or stealing passwords via the USER name."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:proftpd_project:proftpd:1.2.9_rc1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-07T04:00Z",
"lastModifiedDate" : "2008-09-05T20:34Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0501",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-198.html",
"name" : "RHSA-2003:198",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.debian.org/security/2004/dsa-423",
"name" : "DSA-423",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-238.html",
"name" : "RHSA-2003:238",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2004/dsa-358",
"name" : "DSA-358",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-239.html",
"name" : "RHSA-2003:239",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105621758104242",
"name" : "20030620 Linux /proc sensitive information disclosure",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A328",
"name" : "oval:org.mitre.oval:def:328",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The /proc filesystem in Linux allows local users to obtain sensitive information by opening various entries in /proc/self before executing a setuid program, which causes the program to fail to change the ownership and permissions of those entries."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.6.20.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 2.1
},
"severity" : "LOW",
"exploitabilityScore" : 3.9,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-07T04:00Z",
"lastModifiedDate" : "2018-05-03T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0502",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0040.html",
"name" : "20030723 R7-0015: Multiple Vulnerabilities Apple QuickTime/Darwin Streaming Server",
"refsource" : "VULNWATCH",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://www.rapid7.com/advisories/R7-0015.html",
"name" : "http://www.rapid7.com/advisories/R7-0015.html",
"refsource" : "MISC",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Apple QuickTime / Darwin Streaming Server before 4.1.3g allows remote attackers to cause a denial of service (crash) via a .. (dot dot) sequence followed by an MS-DOS device name (e.g. AUX) in a request to HTTP port 1220, a different vulnerability than CVE-2003-0421."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apple:darwin_streaming_server:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "4.1.3g",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2011-03-08T02:12Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0503",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.lac.co.jp/security/intelligence/SNSAdvisory/65.html",
"name" : "http://www.lac.co.jp/security/intelligence/SNSAdvisory/65.html",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105725489003575&w=2",
"name" : "20030703 [SNS Advisory No.65] Windows 2000 ShellExecute() API Let Applications to Cause Buffer Overflow",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=ntbugtraq&m=105724538222772&w=2",
"name" : "20030703 [SNS Advisory No.65] Windows 2000 ShellExecute() API Let Applications to Cause Buffer Overflow",
"refsource" : "NTBUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in the ShellExecute API function of SHELL32.DLL in Windows 2000 before SP4 may allow attackers to cause a denial of service or execute arbitrary code via a long third argument."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-07T04:00Z",
"lastModifiedDate" : "2016-10-18T02:34Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0504",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.security-corporation.com/articles-20030702-005.html",
"name" : "http://www.security-corporation.com/articles-20030702-005.html",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-365",
"name" : "DSA-365",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000697",
"name" : "CLA-2003:697",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:077",
"name" : "MDKSA-2003:077",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105718361607981&w=2",
"name" : "20030702 [KSA-003] Cross Site Scripting Vulnerability in Phpgroupware",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Phpgroupware 0.9.14.003 (aka webdistro) allow remote attackers to insert arbitrary HTML or web script, as demonstrated with a request to index.php in the addressbook module."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phpgroupware:phpgroupware:0.9.14.003:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-07T04:00Z",
"lastModifiedDate" : "2016-10-18T02:34Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0505",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/7931",
"name" : "7931",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105716650021546&w=2",
"name" : "20030702 CORE-2003-0305-04: NetMeeting Directory Traversal Vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Directory traversal vulnerability in Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to read arbitrary files via \"..\\..\" (dot dot) sequences in a file transfer request."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:netmeeting:3.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-07T04:00Z",
"lastModifiedDate" : "2016-10-18T02:34Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0506",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=105716650021546&w=2",
"name" : "20030702 CORE-2003-0305-04: NetMeeting Directory Traversal Vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to cause a denial of service (shutdown of NetMeeting conference) via malformed packets, as demonstrated via the chat conversation."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:netmeeting:3.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-07T04:00Z",
"lastModifiedDate" : "2016-10-18T02:34Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0507",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://support.microsoft.com/default.aspx?kbid=319709",
"name" : "Q319709",
"refsource" : "MSKB",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/594108",
"name" : "VU#594108",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://www.securityfocus.com/bid/7930",
"name" : "7930",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/9171",
"name" : "9171",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105716669921775&w=2",
"name" : "20030702 CORE-2003-0305-03: Active Directory Stack Overflow",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Stack-based buffer overflow in Active Directory in Windows 2000 before SP4 allows remote attackers to cause a denial of service (reboot) and possibly execute arbitrary code via an LDAP version 3 search request with a large number of (1) \"AND,\" (2) \"OR,\" and possibly other statements, which causes LSASS.EXE to crash."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-07T04:00Z",
"lastModifiedDate" : "2016-10-18T02:34Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0508",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=105785749721291&w=2",
"name" : "20030709 Acroread 5.0.7 buffer overflow",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105709569312583&w=2",
"name" : "20030701 [sec-labs] Adobe Acrobat Reader <=5.0.7 Buffer Overflow",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in the WWWLaunchNetscape function of Adobe Acrobat Reader (acroread) 5.0.7 and earlier allows remote attackers to execute arbitrary code via a .pdf file with a long mailto link."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "5.0.7",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-07T04:00Z",
"lastModifiedDate" : "2016-10-18T02:34Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0509",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/14101",
"name" : "14101",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/14103",
"name" : "14103",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/14112",
"name" : "14112",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/10098",
"name" : "10098",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/10099",
"name" : "10099",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/10100",
"name" : "10100",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://securitytracker.com/id?1007092",
"name" : "1007092",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/9165",
"name" : "9165",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105709450711395&w=2",
"name" : "20030701 CyberStrong Shopping Cart - Advisory & Exploit Code",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12485",
"name" : "cyberstrongeshop-multiple-sql-injection(12485)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "SQL injection vulnerability in Cyberstrong eShop 4.2 and earlier allows remote attackers to steal authentication information and gain privileges via the ProductCode parameter in (1) 10expand.asp, (2) 10browse.asp, and (3) 20review.asp."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cyberstrong:eshop:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "4.2",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-07T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0510",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://druglord.freelsd.org/ezbounce/",
"name" : "http://druglord.freelsd.org/ezbounce/",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105709355110281&w=2",
"name" : "20030701 ezbounce[v1.0-(1.04a/1.50pre6)]: remote format string exploit.",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Format string vulnerability in ezbounce 1.0 through 1.50 allows remote attackers to execute arbitrary code via the \"sessions\" command."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.19:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.26:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.27:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.33:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.34:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.35:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.41:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.42:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.49:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.18:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.31:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.15:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.23:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.25:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.22:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.32:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.47:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.40:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.38:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.24:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.48:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.16:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.30:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.17:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.39:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.29:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.45:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.28:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.21:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.50:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.14:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.44:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.13:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.43:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.12:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.20:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.37:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.36:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ezbounce:ezbounce:1.46:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-07T04:00Z",
"lastModifiedDate" : "2016-10-18T02:34Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0511",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0055.html",
"name" : "20030728 Cisco Aironet AP 1100 Malformed HTTP Request Crash Vulnerability",
"refsource" : "VULNWATCH",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.vigilante.com/inetsecurity/advisories/VIGILANTE-2003001.htm",
"name" : "http://www.vigilante.com/inetsecurity/advisories/VIGILANTE-2003001.htm",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.cisco.com/warp/public/707/cisco-sa-20030728-ap1x00.shtml",
"name" : "20030728 HTTP GET Vulnerability in AP1x00",
"refsource" : "CISCO",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5834",
"name" : "oval:org.mitre.oval:def:5834",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The web server for Cisco Aironet AP1x00 Series Wireless devices running certain versions of IOS 12.2 allow remote attackers to cause a denial of service (reload) via a malformed URL."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(4\\)ja:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(4\\)ja1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(11\\)ja:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(8\\)ja:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0512",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-310"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0056.html",
"name" : "20030728 Cisco Aironet AP1100 Valid Account Disclosure Vulnerability",
"refsource" : "VULNWATCH",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.vigilante.com/inetsecurity/advisories/VIGILANTE-2003002.htm",
"name" : "http://www.vigilante.com/inetsecurity/advisories/VIGILANTE-2003002.htm",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.cisco.com/warp/public/707/cisco-sn-20030724-ios-enum.shtml",
"name" : "20030724 Enumerating Locally Defined Users in Cisco IOS",
"refsource" : "CISCO",
"tags" : [ ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/886796",
"name" : "VU#886796",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5824",
"name" : "oval:org.mitre.oval:def:5824",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cisco IOS 12.2 and earlier generates a \"% Login invalid\" message instead of prompting for a password when an invalid username is provided, which allows remote attackers to identify valid usernames on the system and conduct brute force password guessing, as reported for the Aironet Bridge."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(14.5\\)t:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(15\\)zn:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(11\\)ja1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(14.5\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(24\\)s1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0\\(24.2\\)s:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(16.1\\)b:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(15.1\\)s:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(16\\)b:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0513",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0056.html",
"name" : "20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue",
"refsource" : "VULNWATCH",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-March/018475.html",
"name" : "20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue",
"refsource" : "FULLDISC",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Microsoft Internet Explorer allows remote attackers to bypass intended cookie access restrictions on a web application via \"%2e%2e\" (encoded dot dot) directory traversal sequences in a URL, which causes Internet Explorer to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-04-15T04:00Z",
"lastModifiedDate" : "2008-09-05T20:34Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0514",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0056.html",
"name" : "20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue",
"refsource" : "VULNWATCH",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-March/018475.html",
"name" : "20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue",
"refsource" : "FULLDISC",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Apple Safari allows remote attackers to bypass intended cookie access restrictions on a web application via \"%2e%2e\" (encoded dot dot) directory traversal sequences in a URL, which causes Safari to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apple:safari:1.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apple:safari:1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-04-15T04:00Z",
"lastModifiedDate" : "2008-09-05T20:34Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0515",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-347",
"name" : "DSA-347",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "SQL injection vulnerabilities in the (1) PostgreSQL or (2) MySQL authentication modules for teapop 0.3.5 and earlier allow attackers to execute arbitrary SQL and possibly gain privileges."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:teapop:teapop:0.3.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:teapop:teapop:0.3.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-18T04:00Z",
"lastModifiedDate" : "2008-09-10T19:19Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0516",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "ftp://alpha.greenie.net/pub/mgetty/source/1.1/mgetty1.1.29-Nov25.tar.gz",
"name" : "ftp://alpha.greenie.net/pub/mgetty/source/1.1/mgetty1.1.29-Nov25.tar.gz",
"refsource" : "CONFIRM",
"tags" : [ "Patch" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "cnd.c in mgetty 1.1.28 and earlier does not properly filter non-printable characters and quotes, which may allow remote attackers to execute arbitrary commands via shell metacharacters in (1) caller ID or (2) caller name strings."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gert_doering:mgetty:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "1.1.28",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-18T04:00Z",
"lastModifiedDate" : "2008-09-10T19:19Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0517",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "ftp://alpha.greenie.net/pub/mgetty/source/1.1/mgetty1.1.29-Nov25.tar.gz",
"name" : "ftp://alpha.greenie.net/pub/mgetty/source/1.1/mgetty1.1.29-Nov25.tar.gz",
"refsource" : "CONFIRM",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "faxrunqd.in in mgetty 1.1.28 and earlier allows local users to overwrite files via a symlink attack on JOB files."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gert_doering:mgetty:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "1.1.28",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gert_doering:mgetty:1.1.20:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gert_doering:mgetty:1.1.22:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gert_doering:mgetty:1.1.19:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gert_doering:mgetty:1.1.21:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 2.1
},
"severity" : "LOW",
"exploitabilityScore" : 3.9,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-18T04:00Z",
"lastModifiedDate" : "2008-09-05T20:34Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0518",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-07/0034.html",
"name" : "20030704 MacOSX - crash screensaver locked with password and get the desktop back",
"refsource" : "BUGTRAQ",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-07/0187.html",
"name" : "20030715 FIXED: MacOSX - crash screensaver locked with password and get thedesktop back",
"refsource" : "BUGTRAQ",
"tags" : [ "Patch" ]
}, {
"url" : "http://docs.info.apple.com/article.html?artnum=120232",
"name" : "http://docs.info.apple.com/article.html?artnum=120232",
"refsource" : "CONFIRM",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The screen saver in MacOS X allows users with physical access to cause the screen saver to crash and gain access to the underlying session via a large number of characters in the password field, possibly triggering a buffer overflow."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-18T04:00Z",
"lastModifiedDate" : "2008-09-10T19:19Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0519",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006286.html",
"name" : "20030707 Internet Explorer 6 DoS Bug",
"refsource" : "FULLDISC",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Certain versions of Internet Explorer 5 and 6, in certain Windows environments, allow remote attackers to cause a denial of service (freeze) via a URL to C:\\aux (MS-DOS device name) and possibly other devices."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-18T04:00Z",
"lastModifiedDate" : "2008-09-05T20:34Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0520",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/8107",
"name" : "8107",
"refsource" : "BID",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105735714318026&w=2",
"name" : "20030704 Trillian Remote DoS",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Trillian 1.0 Pro and 0.74 Freeware allows remote attackers to cause a denial of service (crash) via a TypingUser message in which the \"TypingUser\" string has been modified."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cerulean_studios:trillian:0.74:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cerulean_studios:trillian:1.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-18T04:00Z",
"lastModifiedDate" : "2016-10-18T02:34Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0521",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=105760556627616&w=2",
"name" : "20030706 cPanel Malicious HTML Tags Injection Vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in cPanel 6.4.2 allows remote attackers to insert arbitrary HTML and possibly gain cPanel administrator privileges via script in a URL that is logged but not properly quoted when displayed via the (1) Error Log or (2) Latest Visitors screens."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cpanel:cpanel:6.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cpanel:cpanel:6.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cpanel:cpanel:6.4.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cpanel:cpanel:6.4.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cpanel:cpanel:5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cpanel:cpanel:6.4.2_stable_48:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cpanel:cpanel:5.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cpanel:cpanel:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 6.8
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-18T04:00Z",
"lastModifiedDate" : "2016-10-18T02:34Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0522",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=105733145930031&w=2",
"name" : "20030704 Another ProductCart SQL Injection Vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105760660928715&w=2",
"name" : "20030705 Re: Another ProductCart SQL Injection Vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple SQL injection vulnerabilities in ProductCart 1.5 through 2 allow remote attackers to (1) gain access to the admin control panel via the idadmin parameter to login.asp or (2) gain other privileges via the Email parameter to Custva.asp."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.5003:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.5003r:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.6b003:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.6br:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.6br001:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.5004:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.6002:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.6br003:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:early_impact:productcart:2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.6003:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.6b:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.6b001:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.5002:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:early_impact:productcart:2br000:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.6b002:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-18T04:00Z",
"lastModifiedDate" : "2016-10-18T02:34Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0523",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=105761696706800&w=2",
"name" : "20030705 ProductCart XSS Vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in msg.asp for certain versions of ProductCart allow remote attackers to execute arbitrary web script via the message parameter."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.5003:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.5003r:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.6b003:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.6br:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.5004:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.6002:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.6br001:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.6br003:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.6003:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.6b:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:early_impact:productcart:2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.6b001:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.5002:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:early_impact:productcart:2br000:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.6b002:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 6.8
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-18T04:00Z",
"lastModifiedDate" : "2016-10-18T02:34Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0524",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=105769387706906&w=2",
"name" : "20030708 Qt temporary files race condition in Knoppix 3.1",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Qt in Knoppix 3.1 Live CD allows local users to overwrite arbitrary files via a symlink attack on the qt_plugins_3.0rc temporary file in the .qt directory."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:knoppix:knoppix:3.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "HIGH",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 6.2
},
"severity" : "MEDIUM",
"exploitabilityScore" : 1.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-18T04:00Z",
"lastModifiedDate" : "2016-10-18T02:34Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0525",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.atstake.com/research/advisories/2003/a072303-1.txt",
"name" : "A072303-1",
"refsource" : "ATSTAKE",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12701",
"name" : "winnt-file-management-dos(12701)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A319",
"name" : "oval:org.mitre.oval:def:319",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-029",
"name" : "MS03-029",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The getCanonicalPath function in Windows NT 4.0 may free memory that it does not own and cause heap corruption, which allows attackers to cause a denial of service (crash) via requests that cause a long file name to be passed to getCanonicalPath, as demonstrated on the IBM JVM using a long string to the java.io.getCanonicalPath Java method."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2018-10-12T21:32Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0526",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0029.html",
"name" : "20030716 ISA Server - Error Page Cross Site Scripting",
"refsource" : "VULNWATCH",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0031.html",
"name" : "20030716 Microsoft ISA Server HTTP error handler XSS (TL#007)",
"refsource" : "VULNWATCH",
"tags" : [ ]
}, {
"url" : "http://pivx.com/larholm/adv/TL006",
"name" : "http://pivx.com/larholm/adv/TL006",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105838862201266&w=2",
"name" : "20030716 ISA Server - Error Page Cross Site Scripting",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105838519729525&w=2",
"name" : "20030716 Microsoft ISA Server HTTP error handler XSS (TL#007)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=ntbugtraq&m=105838590030409&w=2",
"name" : "20030716 Microsoft ISA Server HTTP error handler XSS (TL#007)",
"refsource" : "NTBUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A117",
"name" : "oval:org.mitre.oval:def:117",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-028",
"name" : "MS03-028",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to inject arbitrary web script via a URL containing the script in the domain name portion, which is not properly cleansed in the default error pages (1) 500.htm for \"500 Internal Server error\" or (2) 404.htm for \"404 Not Found.\""
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:isa_server:2000:fp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:isa_server:2000:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:isa_server:2000:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 6.8
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-18T04:00Z",
"lastModifiedDate" : "2018-10-12T21:32Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0528",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.cert.org/advisories/CA-2003-23.html",
"name" : "CA-2003-23",
"refsource" : "CERT",
"tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0100.html",
"name" : "20030911 NSFOCUS SA2003-06 : Microsoft Windows RPC DCOM Interface Heap Overflow Vulnerability",
"refsource" : "VULNWATCH",
"tags" : [ ]
}, {
"url" : "http://www.nsfocus.com/english/homepage/research/0306.htm",
"name" : "http://www.nsfocus.com/english/homepage/research/0306.htm",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/254236",
"name" : "VU#254236",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106407417011430&w=2",
"name" : "20030920 The Analysis of RPC Long Filename Heap Overflow AND a Way to Write Universal Heap Overflow of Windows",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3966",
"name" : "oval:org.mitre.oval:def:3966",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2968",
"name" : "oval:org.mitre.oval:def:2968",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2884",
"name" : "oval:org.mitre.oval:def:2884",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A127",
"name" : "oval:org.mitre.oval:def:127",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-039",
"name" : "MS03-039",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed RPC request with a long filename parameter, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0715."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:r2:*:64-bit:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-09-17T04:00Z",
"lastModifiedDate" : "2019-04-30T14:27Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0530",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/8454",
"name" : "8454",
"refsource" : "BID",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.cert.org/advisories/CA-2003-22.html",
"name" : "CA-2003-22",
"refsource" : "CERT",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/548964",
"name" : "VU#548964",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://securitytracker.com/id?1007538",
"name" : "1007538",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/9580",
"name" : "9580",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12962",
"name" : "ie-br549-activex-bo(12962)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032",
"name" : "MS03-032",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in the BR549.DLL ActiveX control for Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to execute arbitrary code."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2018-10-12T21:32Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0531",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/8457",
"name" : "8457",
"refsource" : "BID",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.lac.co.jp/security/english/snsadv_e/67_e.html",
"name" : "http://www.lac.co.jp/security/english/snsadv_e/67_e.html",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.cert.org/advisories/CA-2003-22.html",
"name" : "CA-2003-22",
"refsource" : "CERT",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/205148",
"name" : "VU#205148",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://secunia.com/advisories/9580",
"name" : "9580",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12961",
"name" : "ie-cache-script-injection(12961)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032",
"name" : "MS03-032",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to access and execute script in the My Computer domain using the browser cache via crafted Content-Type and Content-Disposition headers, aka the \"Browser Cache Script Execution in My Computer Zone\" vulnerability."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2018-10-12T21:32Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0532",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0084.html",
"name" : "20030820 EEYE: Internet Explorer Object Data Remote Execution Vulnerability",
"refsource" : "VULNWATCH",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/865940",
"name" : "VU#865940",
"refsource" : "CERT-VN",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.eeye.com/html/Research/Advisories/AD20030820.html",
"name" : "http://www.eeye.com/html/Research/Advisories/AD20030820.html",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106149026621753&w=2",
"name" : "20030820 EEYE: Internet Explorer Object Data Remote Execution Vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032",
"name" : "MS03-032",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Internet Explorer 5.01 SP3 through 6.0 SP1 does not properly determine object types that are returned by web servers, which could allow remote attackers to execute arbitrary code via an object tag with a data parameter to a malicious file hosted on a server that returns an unsafe Content-Type, aka the \"Object Type\" vulnerability."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2018-10-12T21:32Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0533",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.us-cert.gov/cas/techalerts/TA04-104A.html",
"name" : "TA04-104A",
"refsource" : "CERT",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/753212",
"name" : "VU#753212",
"refsource" : "CERT-VN",
"tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/020069.html",
"name" : "20040413 EEYE: Windows Local Security Authority Service Remote Buffer Overflow",
"refsource" : "FULLDISC",
"tags" : [ ]
}, {
"url" : "http://www.eeye.com/html/Research/Advisories/AD20040413C.html",
"name" : "AD20040413C",
"refsource" : "EEYE",
"tags" : [ ]
}, {
"url" : "http://www.ciac.org/ciac/bulletins/o-114.shtml",
"name" : "O-114",
"refsource" : "CIAC",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/10108",
"name" : "10108",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=108325860431471&w=2",
"name" : "20040429 MS04011 Lsasrv.dll RPC buffer overflow remote exploit (PoC)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15699",
"name" : "win-lsass-bo(15699)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A919",
"name" : "oval:org.mitre.oval:def:919",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A898",
"name" : "oval:org.mitre.oval:def:898",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A883",
"name" : "oval:org.mitre.oval:def:883",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-011",
"name" : "MS04-011",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via a packet that causes the DsRolerUpgradeDownlevelServer function to create long debug entries for the DCPROMO.LOG log file, as exploited by the Sasser worm."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:netmeeting:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:fr:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-06-01T04:00Z",
"lastModifiedDate" : "2018-10-12T21:32Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0535",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-345",
"name" : "DSA-345",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006386.html",
"name" : "20030708 Fwd: xbl vulnerabilty",
"refsource" : "FULLDISC",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in xbl 1.0k and earlier allows local users to gain privileges via a long -display command line option."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xblockout:xbl:1.0i:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xblockout:xbl:1.0k:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xblockout:xbl:1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-18T04:00Z",
"lastModifiedDate" : "2008-09-10T19:19Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0536",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-346",
"name" : "DSA-346",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://sourceforge.net/tracker/index.php?func=detail&aid=670222&group_id=15&atid=100015",
"name" : "http://sourceforge.net/tracker/index.php?func=detail&aid=670222&group_id=15&atid=100015",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105128606513226&w=2",
"name" : "20030425 Unauthorized reading files on phpSysInfo",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Directory traversal vulnerability in phpSysInfo 2.1 and earlier allows attackers with write access to a local directory to read arbitrary files as the PHP user or cause a denial of service via .. (dot dot) sequences in the (1) template or (2) lng parameters."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phpsysinfo:phpsysinfo:2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phpsysinfo:phpsysinfo:2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 3.6
},
"severity" : "LOW",
"exploitabilityScore" : 3.9,
"impactScore" : 4.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-18T04:00Z",
"lastModifiedDate" : "2016-10-18T02:35Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0537",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-341",
"name" : "DSA-341",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The liece Emacs IRC client 2.0+0.20030527 and earlier creates temporary files insecurely, which could allow local users to overwrite arbitrary files as other users."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:daiki_ueno:liece_emacs_irc_client:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "2.0_0.2003-05-27",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-18T04:00Z",
"lastModifiedDate" : "2008-09-05T20:34Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0538",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-342",
"name" : "DSA-342",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The mailcap file for mozart 1.2.5 and earlier causes Oz applications to be passed to the Oz interpreter, which allows remote attackers to execute arbitrary Oz programs in a MIME-aware client program."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozart:mozart:1.2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozart:mozart:1.2.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-18T04:00Z",
"lastModifiedDate" : "2008-09-10T19:19Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0539",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-343",
"name" : "DSA-343",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-242.html",
"name" : "RHSA-2003:242",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A28",
"name" : "oval:org.mitre.oval:def:28",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "skk (Simple Kana to Kanji conversion program) 12.1 and earlier, and the ddskk package which is based on skk, creates temporary files insecurely, which allows local users to overwrite arbitrary files."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:daredevil_skk:11.3.2:*:noarch:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:daredevil_skk:11.3.5:*:noarch:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:skk:skk:10.62a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:daredevil_skk:11.6.0-10:*:noarch:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:daredevil_skk:11.6.0-6:*:noarch:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ddskk:ddskk:11.6_.rel.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:ddskk-xemacs:11.6.0-6:*:noarch:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:ddskk-xemacs:11.6.0-8:*:noarch:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:daredevil_skk:11.6.0-8:*:noarch:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:ddskk-xemacs:11.6.0-10:*:noarch:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-18T04:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0540",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-251.html",
"name" : "RHSA-2003:251",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-363",
"name" : "DSA-363",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-August/007693.html",
"name" : "20030804 Postfix 1.1.12 remote DoS / Postfix 1.1.11 bounce scanning",
"refsource" : "FULLDISC",
"tags" : [ ]
}, {
"url" : "http://www.novell.com/linux/security/advisories/2003_033_postfix.html",
"name" : "SuSE-SA:2003:033",
"refsource" : "SUSE",
"tags" : [ ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000717",
"name" : "CLA-2003:717",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://www.linuxsecurity.com/advisories/engarde_advisory-3517.html",
"name" : "ESA-20030804-019",
"refsource" : "ENGARDE",
"tags" : [ ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/895508",
"name" : "VU#895508",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://www.securityfocus.com/bid/8333",
"name" : "8333",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/9433",
"name" : "9433",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:081",
"name" : "MDKSA-2003:081",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106029188614704&w=2",
"name" : "2003-0029",
"refsource" : "TRUSTIX",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106001525130257&w=2",
"name" : "20030804 Postfix 1.1.12 remote DoS / Postfix 1.1.11 bounce scanning",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A544",
"name" : "oval:org.mitre.oval:def:544",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The address parser code in Postfix 1.1.12 and earlier allows remote attackers to cause a denial of service (lock) via (1) a malformed envelope address to a local host that would generate a bounce and contains the \".!\" string in the MAIL FROM or Errors-To headers, which causes nqmgr to lock up, or (2) via a valid MAIL FROM with a RCPT TO containing a \".!\" string, which causes an instance of the SMTP listener to lock up."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:conectiva:linux:7.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:conectiva:linux:8.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:wietse_venema:postfix:1.0.21:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:wietse_venema:postfix:1.1.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:wietse_venema:postfix:1.1.12:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:wietse_venema:postfix:2000-02-28:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:wietse_venema:postfix:2001-11-15:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:wietse_venema:postfix:1999-09-06:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:wietse_venema:postfix:1999-12-31:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0541",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-264.html",
"name" : "RHSA-2003:264",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.debian.org/security/2005/dsa-710",
"name" : "DSA-710",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000737",
"name" : "CLA-2003:737",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:093",
"name" : "MDKSA-2003:093",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A148",
"name" : "oval:org.mitre.oval:def:148",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "gtkhtml before 1.1.10, as used in Evolution, allows remote attackers to cause a denial of service (crash) via a malformed message that causes a null pointer dereference."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnome:gtkhtml:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "1.1.10",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-09-17T04:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0542",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-119"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/8911",
"name" : "8911",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2004-015.html",
"name" : "RHSA-2004:015",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://httpd.apache.org/dist/httpd/Announcement2.html",
"name" : "http://httpd.apache.org/dist/httpd/Announcement2.html",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/342674",
"name" : "20031028 [OpenPKG-SA-2003.046] OpenPKG Security Advisory (apache)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/advisories/6079",
"name" : "HPSBUX0311-301",
"refsource" : "HP",
"tags" : [ ]
}, {
"url" : "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:103",
"name" : "MDKSA-2003:103",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-320.html",
"name" : "RHSA-2003:320",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-360.html",
"name" : "RHSA-2003:360",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-405.html",
"name" : "RHSA-2003:405",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.6/SCOSA-2004.6.txt",
"name" : "SCOSA-2004.6",
"refsource" : "SCO",
"tags" : [ ]
}, {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20031203-01-U.asc",
"name" : "20031203-01-U",
"refsource" : "SGI",
"tags" : [ ]
}, {
"url" : "http://lists.apple.com/mhonarc/security-announce/msg00045.html",
"name" : "http://lists.apple.com/mhonarc/security-announce/msg00045.html",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/434566",
"name" : "VU#434566",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/549142",
"name" : "VU#549142",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://secunia.com/advisories/10096",
"name" : "10096",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10098",
"name" : "10098",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10102",
"name" : "10102",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10112",
"name" : "10112",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10114",
"name" : "10114",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10153",
"name" : "10153",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10260",
"name" : "10260",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10264",
"name" : "10264",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10463",
"name" : "10463",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/9504",
"name" : "9504",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2005-816.html",
"name" : "RHSA-2005:816",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101444-1",
"name" : "101444",
"refsource" : "SUNALERT",
"tags" : [ ]
}, {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101841-1",
"name" : "101841",
"refsource" : "SUNALERT",
"tags" : [ ]
}, {
"url" : "http://lists.apple.com/archives/security-announce/2004/Jan/msg00000.html",
"name" : "APPLE-SA-2004-01-26",
"refsource" : "APPLE",
"tags" : [ ]
}, {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc",
"name" : "20040202-01-U",
"refsource" : "SGI",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10580",
"name" : "10580",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10593",
"name" : "10593",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=130497311408250&w=2",
"name" : "SSRT090208",
"refsource" : "HP",
"tags" : [ ]
}, {
"url" : "http://docs.info.apple.com/article.html?artnum=61798",
"name" : "http://docs.info.apple.com/article.html?artnum=61798",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106761802305141&w=2",
"name" : "20031031 GLSA: apache (200310-04)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13400",
"name" : "apache-modalias-modrewrite-bo(13400)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9458",
"name" : "oval:org.mitre.oval:def:9458",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A864",
"name" : "oval:org.mitre.oval:def:864",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A863",
"name" : "oval:org.mitre.oval:def:863",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3799",
"name" : "oval:org.mitre.oval:def:3799",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r7035b7c9091c4b665a3b7205364775410646f12125d48e74e395f2ce@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1888194 [2/13] - /httpd/site/trunk/content/security/json/",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/re028d61fe612b0908595d658b9b39e74bca56f2a1ed3c5f06b5ab571@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073139 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/raa117ef183f0da9b3f46efbeaa66f7622bd68868a450cae4fd8ed594@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073149 [3/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"refsource" : "MLIST",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rewrite for Apache before 1.3.29 allow attackers to create configuration files to cause a denial of service (crash) or execute arbitrary code via a regular expression with more than 9 captures."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.12:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.14:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.24:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.25:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.26:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.17:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.18:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.27:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.28:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.32:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.42:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.23:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.47:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.35:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.19:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.39:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.20:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.41:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.38:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.40:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.36:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.46:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.22:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.43:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.28:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.37:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.44:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.45:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-03T05:00Z",
"lastModifiedDate" : "2021-06-06T11:15Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0543",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-291.html",
"name" : "RHSA-2003:291",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=104893",
"name" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=104893",
"refsource" : "CONFIRM",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm",
"name" : "http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-292.html",
"name" : "RHSA-2003:292",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.linuxsecurity.com/advisories/engarde_advisory-3693.html",
"name" : "ESA-20030930-027",
"refsource" : "ENGARDE",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-393",
"name" : "DSA-393",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-394",
"name" : "DSA-394",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.cert.org/advisories/CA-2003-26.html",
"name" : "CA-2003-26",
"refsource" : "CERT",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/255484",
"name" : "VU#255484",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg21247112",
"name" : "http://www-1.ibm.com/support/docview.wss?uid=swg21247112",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/22249",
"name" : "22249",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/8732",
"name" : "8732",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201029-1",
"name" : "201029",
"refsource" : "SUNALERT",
"tags" : [ ]
}, {
"url" : "http://www.vupen.com/english/advisories/2006/3900",
"name" : "ADV-2006-3900",
"refsource" : "VUPEN",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5292",
"name" : "oval:org.mitre.oval:def:5292",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4254",
"name" : "oval:org.mitre.oval:def:4254",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to cause a denial of service (crash) via an SSL client certificate with certain ASN.1 tag values."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-17T05:00Z",
"lastModifiedDate" : "2018-05-03T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0544",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-291.html",
"name" : "RHSA-2003:291",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-292.html",
"name" : "RHSA-2003:292",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm",
"name" : "http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=104893",
"name" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=104893",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.linuxsecurity.com/advisories/engarde_advisory-3693.html",
"name" : "ESA-20030930-027",
"refsource" : "ENGARDE",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-393",
"name" : "DSA-393",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-394",
"name" : "DSA-394",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.cert.org/advisories/CA-2003-26.html",
"name" : "CA-2003-26",
"refsource" : "CERT",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/380864",
"name" : "VU#380864",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg21247112",
"name" : "http://www-1.ibm.com/support/docview.wss?uid=swg21247112",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/22249",
"name" : "22249",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/8732",
"name" : "8732",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201029-1",
"name" : "201029",
"refsource" : "SUNALERT",
"tags" : [ ]
}, {
"url" : "http://www.vupen.com/english/advisories/2006/3900",
"name" : "ADV-2006-3900",
"refsource" : "VUPEN",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43041",
"name" : "openssl-asn1-sslclient-dos(43041)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4574",
"name" : "oval:org.mitre.oval:def:4574",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a denial of service (crash) via an SSL client certificate that causes OpenSSL to read past the end of a buffer when the long form is used."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-17T05:00Z",
"lastModifiedDate" : "2018-05-03T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0545",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-119"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-292.html",
"name" : "RHSA-2003:292",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm",
"name" : "http://www.uniras.gov.uk/vuls/2003/006489/openssl.htm",
"refsource" : "MISC",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-394",
"name" : "DSA-394",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.cert.org/advisories/CA-2003-26.html",
"name" : "CA-2003-26",
"refsource" : "CERT",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/935264",
"name" : "VU#935264",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg21247112",
"name" : "http://www-1.ibm.com/support/docview.wss?uid=swg21247112",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/22249",
"name" : "22249",
"refsource" : "SECUNIA",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/8732",
"name" : "8732",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.vupen.com/english/advisories/2006/3900",
"name" : "ADV-2006-3900",
"refsource" : "VUPEN",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2590",
"name" : "oval:org.mitre.oval:def:2590",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-17T05:00Z",
"lastModifiedDate" : "2018-05-03T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0546",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=106036724315539&w=2",
"name" : "RHSA-2003:255",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A631",
"name" : "oval:org.mitre.oval:def:631",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "up2date 3.0.7 and 3.1.23 does not properly verify RPM GPG signatures, which could allow remote attackers to cause unsigned packages to be installed from the Red Hat Network, if that network is compromised."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:up2date:3.0.7-1:*:i386_gnome:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:up2date:3.1.23-1:*:i386:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:up2date:3.0.7-1:*:i386:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:up2date:3.1.23-1:*:i386_gnome:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0547",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-258.html",
"name" : "RHSA-2003:258",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html",
"name" : "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000729",
"name" : "CLA-2003:729",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106194792924122&w=2",
"name" : "20030824 [slackware-security] GDM security update (SSA:2003-236-01)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A112",
"name" : "oval:org.mitre.oval:def:112",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "GDM before 2.4.1.6, when using the \"examine session errors\" feature, allows local users to read arbitrary files via a symlink attack on the ~/.xsession-errors file."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnome:gdm:2.4.1.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnome:gdm:2.4.1.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnome:gdm:2.4.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnome:gdm:2.4.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnome:gdm:2.4.1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnome:gdm:2.4.1.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnome:gdm:2.4.1.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:kdebase:2.4.0.7.13:*:i386:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:kdebase:2.4.1.3.5:*:i386:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 2.1
},
"severity" : "LOW",
"exploitabilityScore" : 3.9,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0548",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-258.html",
"name" : "RHSA-2003:258",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-259.html",
"name" : "RHSA-2003:259",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html",
"name" : "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000729",
"name" : "CLA-2003:729",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A113",
"name" : "oval:org.mitre.oval:def:113",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) when a chosen host expires, a different issue than CVE-2003-0549."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnome:gdm:2.4.1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnome:gdm:2.4.1.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:kdebase:2.2.3.1.20:*:ia64:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:kdebase:2.2.3.1.22:*:i386:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnome:gdm:2.2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnome:gdm:2.4.1.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:kdebase:2.0_beta2.45:*:i386:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnome:gdm:2.4.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnome:gdm:2.4.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:kdebase:2.0_beta2.45:*:ppc:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:kdebase:2.2.3.1.20:*:i386:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnome:gdm:2.4.1.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:kdebase:2.4.0.7.13:*:i386:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnome:gdm:2.4.1.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:kdebase:2.4.1.3.5:*:i386:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0549",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-258.html",
"name" : "RHSA-2003:258",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-259.html",
"name" : "RHSA-2003:259",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html",
"name" : "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000729",
"name" : "CLA-2003:729",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A129",
"name" : "oval:org.mitre.oval:def:129",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) via a short authorization key name."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnome:gdm:2.4.1.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnome:gdm:2.4.1.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:kdebase:2.2.3.1.22:*:i386:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:kdebase:2.4.0.7.13:*:i386:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnome:gdm:2.2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnome:gdm:2.4.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:kdebase:2.0_beta2.45:*:i386:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:kdebase:2.0_beta2.45:*:ppc:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnome:gdm:2.4.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnome:gdm:2.4.1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:kdebase:2.2.3.1.20:*:i386:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnome:gdm:2.4.1.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:kdebase:2.2.3.1.20:*:ia64:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:kdebase:2.4.1.3.5:*:i386:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnome:gdm:2.4.1.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0550",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-238.html",
"name" : "RHSA-2003:238",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.debian.org/security/2004/dsa-423",
"name" : "DSA-423",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.debian.org/security/2004/dsa-358",
"name" : "DSA-358",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-239.html",
"name" : "RHSA-2003:239",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A380",
"name" : "oval:org.mitre.oval:def:380",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The STP protocol, as enabled in Linux 2.4.x, does not provide sufficient security by design, which allows attackers to modify the bridge topology."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:linux:2.4.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0551",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-238.html",
"name" : "RHSA-2003:238",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.debian.org/security/2004/dsa-423",
"name" : "DSA-423",
"refsource" : "DEBIAN",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-198.html",
"name" : "RHSA-2003:198",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2004/dsa-358",
"name" : "DSA-358",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-239.html",
"name" : "RHSA-2003:239",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A384",
"name" : "oval:org.mitre.oval:def:384",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The STP protocol implementation in Linux 2.4.x does not properly verify certain lengths, which could allow attackers to cause a denial of service."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:linux:2.4.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0552",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-238.html",
"name" : "RHSA-2003:238",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-198.html",
"name" : "RHSA-2003:198",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.debian.org/security/2004/dsa-423",
"name" : "DSA-423",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.debian.org/security/2004/dsa-358",
"name" : "DSA-358",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-239.html",
"name" : "RHSA-2003:239",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A385",
"name" : "oval:org.mitre.oval:def:385",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Linux 2.4.x allows remote attackers to spoof the bridge Forwarding table via forged packets whose source addresses are the same as the target."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:linux:2.4.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0553",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://jimmers.russia.webmatrixhosting.net/whitepapers/CDTbug.pdf",
"name" : "http://jimmers.russia.webmatrixhosting.net/whitepapers/CDTbug.pdf",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105820193406838&w=2",
"name" : "20030714 Netscape 7.02 Client Detection Tool plug-in buffer overrun",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in the Client Detection Tool (CDT) plugin (npcdt.dll) for Netscape 7.02 allows remote attackers to execute arbitrary code via an attachment with a long filename."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:netscape:navigator:7.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-18T04:00Z",
"lastModifiedDate" : "2016-10-18T02:35Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0554",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006505.html",
"name" : "20030714 [sec-labs] Remote Denial of Service vulnerability in NeoModus Direct Connect 1.0 build 9",
"refsource" : "FULLDISC",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105820316708258&w=2",
"name" : "20030714 [sec-labs] Remote Denial of Service vulnerability in NeoModus Direct Connect 1.0 build 9",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "NeoModus Direct Connect 1.0 build 9, and possibly other versions, allows remote attackers to cause a denial of service (connection and possibly memory exhaustion) via a flood of ConnectToMe requests containing arbitrary IP addresses and ports."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:neomodus:direct_connect:1.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-18T04:00Z",
"lastModifiedDate" : "2016-10-18T02:35Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0555",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=105820576111599&w=2",
"name" : "20030714 ImageMagick's Overflow",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "ImageMagick 5.4.3.x and earlier allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a \"%x\" filename, possibly triggering a format string vulnerability."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:imagemagick:imagemagick:5.4.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-18T04:00Z",
"lastModifiedDate" : "2016-10-18T02:35Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0556",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006494.html",
"name" : "20030712 DoS - Polycom MGC 25 Control Port",
"refsource" : "FULLDISC",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105804648003163&w=2",
"name" : "20030712 DoS - Polycom MGC 25 Control Port",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Polycom MGC 25 allows remote attackers to cause a denial of service (crash) via a large number of \"user\" requests to the control port 5003, as demonstrated using the blast TCP stress tester."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:polycom:mgc-25:5.51.21:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:polycom:mgc-25:5.51.211:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:polycom:mgc-100:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:polycom:mgc-50:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-18T04:00Z",
"lastModifiedDate" : "2016-10-18T02:35Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0557",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=105804683203384&w=2",
"name" : "20030712 ZH2003-3SA (security advisory): Storefront sql injection: users",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "SQL injection vulnerability in login.asp for StoreFront 6.0, and possibly earlier versions, allows remote attackers to obtain sensitive user information via SQL statements in the password field."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:lagarde:storefront:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "6.0",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-18T04:00Z",
"lastModifiedDate" : "2016-10-18T02:35Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0558",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=105795219412333&w=2",
"name" : "20030711 LeapFTP remote buffer overflow exploit",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in LeapFTP 2.7.3.600 allows remote FTP servers to execute arbitrary code via a long IP address response to a PASV request."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:leapware:leapftp:2.7.3.600:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-18T04:00Z",
"lastModifiedDate" : "2016-10-18T02:35Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0559",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=105787021803729&w=2",
"name" : "20030710 PHP-Include-Hack-Possibility in phpforum 2 RC-1",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "mainfile.php in phpforum 2 RC-1, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code by modifying the MAIN_PATH parameter to reference a URL on a remote web server that contains the code."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phpforum:phpforum:2.0_rc1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-18T04:00Z",
"lastModifiedDate" : "2016-10-18T02:35Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0560",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/8159",
"name" : "8159",
"refsource" : "BID",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105733277731084&w=2",
"name" : "20030704 VPASP SQL Injection Vulnerability & Exploit CODE",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "SQL injection vulnerability in shopexd.asp for VP-ASP allows remote attackers to gain administrator privileges via the id parameter."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:virtual_programming:vp-asp:5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-18T04:00Z",
"lastModifiedDate" : "2016-10-18T02:35Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0561",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0010.html",
"name" : "20030707 Multiple Buffer Overflows in IglooFTP PRO",
"refsource" : "VULNWATCH",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105769805311484&w=2",
"name" : "20030707 Multiple Buffer Overflows in IglooFTP PRO",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple buffer overflows in IglooFTP PRO 3.8 allow remote FTP servers to execute arbitrary code via (1) a long FTP banner, or long responses to the client commands (2) USER, (3) PASS, (4) ACCT, and possibly other commands."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:iglooftp:iglooftp_pro:3.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-18T04:00Z",
"lastModifiedDate" : "2016-10-18T02:35Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0562",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0041.html",
"name" : "20030723 Buffer Overflow in Netware Web Server PERL Handler",
"refsource" : "VULNWATCH",
"tags" : [ ]
}, {
"url" : "http://www.protego.dk/advisories/200301.html",
"name" : "http://www.protego.dk/advisories/200301.html",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://support.novell.com/servlet/tidfinder/2966549",
"name" : "http://support.novell.com/servlet/tidfinder/2966549",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/185593",
"name" : "VU#185593",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105897561229347&w=2",
"name" : "20030723 NOVL-2003-2966549 - Enterprise Web Server PERL Buffer Overflow",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105897724931665&w=2",
"name" : "20030723 Buffer Overflow in Netware Web Server PERL Handler",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in the CGI2PERL.NLM PERL handler in Novell Netware 5.1 and 6.0 allows remote attackers to cause a denial of service (ABEND) via a long input string."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:novell:netware:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:novell:netware:6.0:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:novell:netware:5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:novell:netware:5.1:sp4:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:novell:netware:5.1:sp6:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:novell:netware:6.0:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2016-10-18T02:35Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0564",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.uniras.gov.uk/vuls/2003/006489/smime.htm",
"name" : "http://www.uniras.gov.uk/vuls/2003/006489/smime.htm",
"refsource" : "MISC",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/428230",
"name" : "VU#428230",
"refsource" : "CERT-VN",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.securityfocus.com/bid/8981",
"name" : "8981",
"refsource" : "BID",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2004-110.html",
"name" : "RHSA-2004:110",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2004-112.html",
"name" : "RHSA-2004:112",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20040402-01-U.asc",
"name" : "20040402-01-U",
"refsource" : "SGI",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:021",
"name" : "MDKSA-2004:021",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=108448379429944&w=2",
"name" : "SSRT4722",
"refsource" : "HP",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=109900315219363&w=2",
"name" : "FLSA:2089",
"refsource" : "FEDORA",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13603",
"name" : "smime-asn1-bo(13603)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A914",
"name" : "oval:org.mitre.oval:def:914",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A872",
"name" : "oval:org.mitre.oval:def:872",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11462",
"name" : "oval:org.mitre.oval:def:11462",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple vulnerabilities in multiple vendor implementations of the Secure/Multipurpose Internet Mail Extensions (S/MIME) protocol allow remote attackers to cause a denial of service and possibly execute arbitrary code via an S/MIME email message containing certain unexpected ASN.1 constructs, as demonstrated using the NISSC test suite."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hitachi:groupmax_mail_-_security_option:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hitachi:pki_runtime_library:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-01T05:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0565",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.uniras.gov.uk/vuls/2003/006489/x400.htm",
"name" : "http://www.uniras.gov.uk/vuls/2003/006489/x400.htm",
"refsource" : "MISC",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/927278",
"name" : "VU#927278",
"refsource" : "CERT-VN",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple vulnerabilities in multiple vendor implementations of the X.400 protocol allow remote attackers to cause a denial of service and possibly execute arbitrary code via an X.400 message containing certain unexpected ASN.1 constructs, as demonstrated using the NISSC test suite."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-01T05:00Z",
"lastModifiedDate" : "2005-10-20T04:00Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0567",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-20"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.cert.org/advisories/CA-2003-15.html",
"name" : "CA-2003-15",
"refsource" : "CERT",
"tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.cert.org/advisories/CA-2003-17.html",
"name" : "CA-2003-17",
"refsource" : "CERT",
"tags" : [ "Exploit", "Patch", "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006743.html",
"name" : "20030718 (no subject)",
"refsource" : "FULLDISC",
"tags" : [ ]
}, {
"url" : "http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml",
"name" : "20030717 IOS Interface Blocked by IPv4 Packet",
"refsource" : "CISCO",
"tags" : [ ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/411332",
"name" : "VU#411332",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5603",
"name" : "oval:org.mitre.oval:def:5603",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cisco IOS 11.x and 12.0 through 12.2 allows remote attackers to cause a denial of service (traffic block) by sending a particular sequence of IPv4 packets to an interface on the device, causing the input queue on that interface to be marked as full."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.1aa:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0da:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0st:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0sx:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0xa:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0xb:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0xj:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0xk:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0xs:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1xm:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1xp:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0xe:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1xy:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1db:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1xe:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0t:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0xu:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.2sa:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1ex:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1yi:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.2p:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1yh:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0w5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0sc:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1xx:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1ey:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1xq:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0s:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1xf:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1da:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0xr:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1xi:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1xc:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1yd:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0xq:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2bz:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2b:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1xb:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1yf:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1xl:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1ax:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1ev:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1xk:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0xh:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1xw:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1eb:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0sl:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1ec:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1xu:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1xj:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1aa:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0xn:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2bc:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0sp:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2bw:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0wc:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.3t:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1xd:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2bx:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0wt:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1ay:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1ew:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1xa:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0xg:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1yc:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0xp:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1xt:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0xf:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0xi:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1ye:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1xv:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1xg:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0xc:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2xr:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1e:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0dc:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1xs:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2xe:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2ja:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2sx:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2ys:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0xd:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2xj:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1xz:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2xh:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2xg:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1t:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1xr:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2yn:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2xb:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2yf:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2xl:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2ym:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2yw:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2yd:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0xl:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2yb:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2mb:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2dd:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2zh:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2da:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2mx:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2yo:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2xw:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2t:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2yt:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.1cc:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2yl:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2za:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2xn:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1yb:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2zb:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2yg:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1dc:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2xu:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2yr:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0db:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0sz:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:11.1ca:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2xm:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2sy:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2xk:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1xh:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2zj:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0sy:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2cy:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2xc:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2yc:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2ze:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2xs:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2yp:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2yy:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2sz:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2xi:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0xm:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2dx:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2xd:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2cx:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2yq:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2xf:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2xq:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1ea:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2zf:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2ya:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0xw:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2zg:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0xv:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2yk:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2yz:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2xa:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2yj:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2mc:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1yj:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2yx:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2yh:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2s:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2xt:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2yv:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2zc:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2zd:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2yu:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cisco:optical_networking_systems_software:3.4.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cisco:optical_networking_systems_software:4.0.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cisco:optical_networking_systems_software:3.2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cisco:optical_networking_systems_software:3.3.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:cisco:ons_15454_optical_transport_platform:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cisco:optical_networking_systems_software:3.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cisco:optical_networking_systems_software:3.1.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.8
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-18T04:00Z",
"lastModifiedDate" : "2018-10-30T16:26Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0568",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ ]
} ]
},
"references" : {
"reference_data" : [ ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ ]
},
"impact" : { },
"publishedDate" : "2017-05-11T14:29Z",
"lastModifiedDate" : "2017-05-11T14:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0569",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ ]
} ]
},
"references" : {
"reference_data" : [ ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ ]
},
"impact" : { },
"publishedDate" : "2017-05-11T14:29Z",
"lastModifiedDate" : "2017-05-11T14:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0570",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ ]
} ]
},
"references" : {
"reference_data" : [ ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ ]
},
"impact" : { },
"publishedDate" : "2017-05-11T14:29Z",
"lastModifiedDate" : "2017-05-11T14:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0571",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ ]
} ]
},
"references" : {
"reference_data" : [ ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ ]
},
"impact" : { },
"publishedDate" : "2017-05-11T14:29Z",
"lastModifiedDate" : "2017-05-11T14:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0572",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20030701-01-P",
"name" : "20030701-01-P",
"refsource" : "SGI",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.osvdb.org/8587",
"name" : "8587",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12635",
"name" : "irix-nsd-map-dos(12635)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unknown vulnerability in nsd in SGI IRIX 6.5.x through 6.5.20f, and possibly earlier versions, allows attackers to cause a denial of service (memory consumption)."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.14:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.15f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.18m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.19f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.15m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.16f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.19m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.16m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.17f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.12:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.18f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.17m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.20m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.20f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.13:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-18T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0573",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20030701-01-P",
"name" : "20030701-01-P",
"refsource" : "SGI",
"tags" : [ "Patch", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The DNS callbacks in nsd in SGI IRIX 6.5.x through 6.5.20f, and possibly earlier versions, do not perform sufficient sanity checking, with unknown impact."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.16f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.17f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.20f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.18f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.18m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.19f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.19m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.12:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.16m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.15f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.17m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.20m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.14:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.15m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.13:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-18T04:00Z",
"lastModifiedDate" : "2008-09-05T20:34Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0574",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20030702-01-P",
"name" : "20030702-01-P",
"refsource" : "SGI",
"tags" : [ "Patch", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unknown vulnerability in SGI IRIX 6.5.x through 6.5.20, and possibly earlier versions, allows local users to cause a core dump in scheme and possibly gain privileges via certain environment variables, a different vulnerability than CVE-2001-0797 and CVE-1999-0028."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.14:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.16:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.12:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.13:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.17:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.19:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.20:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.15:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.18:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-18T04:00Z",
"lastModifiedDate" : "2008-09-10T19:19Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0575",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/8304",
"name" : "8304",
"refsource" : "BID",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20030704-01-P",
"name" : "20030704-01-P",
"refsource" : "SGI",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/682900",
"name" : "VU#682900",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://www.ciac.org/ciac/bulletins/n-130.shtml",
"name" : "N-130",
"refsource" : "CIAC",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/2337",
"name" : "2337",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/9390",
"name" : "9390",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105958240709302&w=2",
"name" : "20030730 [LSD] IRIX nsd remote buffer overflow vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12763",
"name" : "irix-authunix-nsd-bo(12763)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Heap-based buffer overflow in the name services daemon (nsd) in SGI IRIX 6.5.x through 6.5.21f, and possibly earlier versions, allows attackers to gain root privileges via the AUTH_UNIX gid list."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.16:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.17:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.19f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.19m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.14:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.15:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.18m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.17f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.12:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.18f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.21:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.21f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.21m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.19:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.20:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.17m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.20m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.20f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.18:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.13:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0576",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20030801-01-P",
"name" : "20030801-01-P",
"refsource" : "SGI",
"tags" : [ ]
}, {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20030801-02-P",
"name" : "20030801-02-P",
"refsource" : "SGI",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unknown vulnerability in the NFS daemon (nfsd) in SGI IRIX 6.5.19f and earlier allows remote attackers to cause a denial of service (kernel panic) via certain packets that cause XDR decoding errors, a different vulnerability than CVE-2003-0619."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.12:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.18f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.19f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.19m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.17f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.17m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.15:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.14:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.18m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.13:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.16:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2008-09-10T19:19Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0577",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/6629",
"name" : "6629",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/archive/1/306903",
"name" : "20030116 Re[2]: Local/remote mpg123 exploit",
"refsource" : "BUGTRAQ",
"tags" : [ "Patch" ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000695",
"name" : "CLA-2003:695",
"refsource" : "CONECTIVA",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-002.0/CSSA-2004-002.0.txt",
"name" : "CSSA-2004-002.0",
"refsource" : "SCO",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:078",
"name" : "MDKSA-2003:078",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/7875",
"name" : "7875",
"refsource" : "SECUNIA",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "mpg123 0.59r allows remote attackers to cause a denial of service and possibly execute arbitrary code via an MP3 file with a zero bitrate, which creates a negative frame size."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mpg123:mpg123:0.59r:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mpg123:mpg123:pre0.59s:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-18T04:00Z",
"lastModifiedDate" : "2008-09-10T19:19Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0578",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0025.html",
"name" : "20030716 SRT2003-07-07-0831 - IBM U2 UniVerse cci_dir creates hard links as root",
"refsource" : "VULNWATCH",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105839150004682&w=2",
"name" : "20030716 SRT2003-07-07-0831 - IBM U2 UniVerse cci_dir creates hard links as root",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "cci_dir in IBM U2 UniVerse 10.0.0.9 and earlier creates hard links and unlinks files as root, which allows local users to gain privileges by deleting and overwriting arbitrary files."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:u2_universe:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "10.0.0.9",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-18T04:00Z",
"lastModifiedDate" : "2016-10-18T02:35Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0579",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0026.html",
"name" : "20030716 SRT2003-07-07-0833 - IBM U2 UniVerse users with uvadm rights can take root via uvadmsh",
"refsource" : "VULNWATCH",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105838948002337&w=2",
"name" : "20030716 SRT2003-07-07-0833 - IBM U2 UniVerse users with uvadm rights can take root via uvadmsh",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "uvadmsh in IBM U2 UniVerse 10.0.0.9 and earlier trusts the user-supplied -uv.install command line option to find and execute the uv.install program, which allows local users to gain privileges by providing a pathname that is under control of the user."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:u2_universe:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "10.0.0.9",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-18T04:00Z",
"lastModifiedDate" : "2016-10-18T02:35Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0580",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0028.html",
"name" : "20030716 SRT2003-07-08-1223 - IBM U2 UniVerse uvadm can take root via buffer overflows",
"refsource" : "VULNWATCH",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105839042603476&w=2",
"name" : "20030716 SRT2003-07-08-1223 - IBM U2 UniVerse uvadm can take root via buffer overflows",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in uvadmsh in IBM U2 UniVerse 10.0.0.9 and earlier allows the uvadm user to execute arbitrary code via a long -uv.install command line argument."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:u2_universe:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "10.0.0.9",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-18T04:00Z",
"lastModifiedDate" : "2016-10-18T02:35Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0581",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-360",
"name" : "DSA-360",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105829691405446&w=2",
"name" : "20030714 xfstt-1.4 vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "X Fontserver for Truetype fonts (xfstt) 1.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a (1) FS_QueryXExtents8 or (2) FS_QueryXBitmaps8 packet, and possibly other types of packets, with a large num_ranges value, which causes an out-of-bounds array access."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xfstt:xfstt:1.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xfstt:xfstt:1.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-18T04:00Z",
"lastModifiedDate" : "2016-10-18T02:35Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0582",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ ]
} ]
},
"references" : {
"reference_data" : [ ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2003-0504. Reason: This candidate is a duplicate of CVE-2003-0504. Notes: All CVE users should reference CVE-2003-0504 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ ]
},
"impact" : { },
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-10T19:19Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0583",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=105846288808846&w=2",
"name" : "20030716 SRT2003-07-16-0358 - bru has buffer overflow and format issues",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in Backup and Restore Utility for Unix (BRU) 17.0 and earlier, when running setuid, allows local users to execute arbitrary code via a long command line argument."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:tolis_group:bru:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "17.0",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-18T04:00Z",
"lastModifiedDate" : "2016-10-18T02:35Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0584",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=105846288808846&w=2",
"name" : "20030716 SRT2003-07-16-0358 - bru has buffer overflow and format issues",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Format string vulnerability in Backup and Restore Utility for Unix (BRU) 17.0 and earlier, when running setuid, allows local users to execute arbitrary code via format string specifiers in a command line argument."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:tolis_group:bru:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "17.0",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-18T04:00Z",
"lastModifiedDate" : "2016-10-18T02:35Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0585",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=105845898003616&w=2",
"name" : "20030717 eStore SQL Injection Vulnerability & Path Disclosure",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "SQL injection vulnerability in login.asp of Brooky eStore 1.0.1 through 1.0.2b allows remote attackers to bypass authentication and execute arbitrary SQL code via the (1) user or (2) pass parameters."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:brooky:estore:1.0.2b:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-18T04:00Z",
"lastModifiedDate" : "2016-10-18T02:35Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0586",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=105845898003616&w=2",
"name" : "20030717 eStore SQL Injection Vulnerability & Path Disclosure",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Brooky eStore 1.0.1 through 1.0.2b allows remote attackers to obtain sensitive path information via a direct HTTP request to settings.inc.php."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:brooky:estore:1.0.2b:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-18T04:00Z",
"lastModifiedDate" : "2016-10-18T02:35Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0587",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=105839276105934&w=2",
"name" : "20030716 Changing UBB cookie allows account hijack",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in Infopop Ultimate Bulletin Board (UBB) 6.x allows remote authenticated users to execute arbitrary web script and gain administrative access via the \"displayed name\" attribute of the \"ubber\" cookie."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:infopop:ultimate_bulletin_board:6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 6.9
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.4,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-18T04:00Z",
"lastModifiedDate" : "2016-10-18T02:35Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0588",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=105839007002993&w=2",
"name" : "20030716 Digi-news and Digi-ads version 1.1 admin access without password",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "admin.php in Digi-news 1.1 allows remote attackers to bypass authentication via a cookie with the username set to the name of the administrator, which satisfies an improper condition in admin.php that does not require a correct password."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:digi-fx:digi-news:1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-18T04:00Z",
"lastModifiedDate" : "2016-10-18T02:35Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0589",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=105839007002993&w=2",
"name" : "20030716 Digi-news and Digi-ads version 1.1 admin access without password",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "admin.php in Digi-ads 1.1 allows remote attackers to bypass authentication via a cookie with the username set to the name of the administrator, which satisfies an improper condition in admin.php that does not require a correct password."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:digi-fx:digi-news:1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-18T04:00Z",
"lastModifiedDate" : "2016-10-18T02:35Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0590",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://members.fortunecity.it/lethalman2002/bugs/splatt.html",
"name" : "http://members.fortunecity.it/lethalman2002/bugs/splatt.html",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105830019209609&w=2",
"name" : "20030715 Splatt Forum html injection code in post icon",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in Splatt Forum allows remote attackers to insert arbitrary HTML and web script via the post icon (image_subject) field."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:splatt:splatt_forum:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:C/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "NONE",
"baseScore" : 7.1
},
"severity" : "HIGH",
"exploitabilityScore" : 8.6,
"impactScore" : 6.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-18T04:00Z",
"lastModifiedDate" : "2016-10-18T02:35Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0591",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ ]
} ]
},
"references" : {
"reference_data" : [ ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is a duplicate number that was created during the refinement phase. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ ]
},
"impact" : { },
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2008-09-10T19:19Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0592",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0056.html",
"name" : "20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue",
"refsource" : "VULNWATCH",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://www.debian.org/security/2004/dsa-459",
"name" : "DSA-459",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2004-074.html",
"name" : "RHSA-2004:074",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-March/018475.html",
"name" : "20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue",
"refsource" : "FULLDISC",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:022",
"name" : "MDKSA-2004:022",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A823",
"name" : "oval:org.mitre.oval:def:823",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Konqueror in KDE 3.1.3 and earlier (kdelibs) allows remote attackers to bypass intended cookie access restrictions on a web application via \"%2e%2e\" (encoded dot dot) directory traversal sequences in a URL, which causes Konqueror to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:kde:konqueror:2.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:kde:konqueror:3.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:kde:konqueror:3.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:kde:konqueror:2.2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:kde:konqueror:3.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:kde:konqueror:3.1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:kde:konqueror_embedded:0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:kde:konqueror:3.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:kde:konqueror:3.0.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:kde:konqueror:3.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:kde:konqueror:3.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-04-15T04:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0593",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0056.html",
"name" : "20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue",
"refsource" : "VULNWATCH",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-March/018475.html",
"name" : "20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue",
"refsource" : "FULLDISC",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Opera allows remote attackers to bypass intended cookie access restrictions on a web application via \"%2e%2e\" (encoded dot dot) directory traversal sequences in a URL, which causes Opera to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:5.0:*:linux:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:5.1.0:*:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:6.0.1:*:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:6.0.2:*:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:6.0.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:6.0:*:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:7.0_beta2:*:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:7.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:7.23:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:5.0.2:*:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:6.0.3:*:linux:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:7.0.2:*:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:6.0.6:*:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:7.11j:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:6.0.2:*:linux:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:5.12:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:7.0_beta1:*:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:7.21:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:6.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:7.0:*:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:6.0.3:*:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:7.0.1:*:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:6.10:*:linux:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:7.0.3:*:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:5.1.1:*:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:7.20_beta1_build2981:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:5.0:*:mac:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:6.0.5:*:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:6.0.1:*:linux:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:7.20:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:5.12:*:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:6.0.4:*:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:7.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:7.22:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:7.11b:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-04-15T04:00Z",
"lastModifiedDate" : "2008-09-05T20:34Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0594",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0056.html",
"name" : "20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue",
"refsource" : "VULNWATCH",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-March/018475.html",
"name" : "20040310 Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue",
"refsource" : "FULLDISC",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2004-112.html",
"name" : "RHSA-2004:112",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:021",
"name" : "MDKSA-2004:021",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9826",
"name" : "oval:org.mitre.oval:def:9826",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A917",
"name" : "oval:org.mitre.oval:def:917",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A873",
"name" : "oval:org.mitre.oval:def:873",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Mozilla allows remote attackers to bypass intended cookie access restrictions on a web application via \"%2e%2e\" (encoded dot dot) directory traversal sequences in a URL, which causes Mozilla to send the cookie outside the specified URL subsets, e.g. to a vulnerable application that runs on the same server as the target application."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:1.1:alpha:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:1.1:beta:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:1.4.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:1.0:rc2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:1.3.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:1.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:1.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:1.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:1.0:rc1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:1.2:alpha:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:1.2:beta:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:1.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-04-15T04:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0595",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0038.html",
"name" : "20030718 Witango & Tango 2000 Application Server Remote System Buffer Overrun",
"refsource" : "VULNWATCH",
"tags" : [ "Exploit", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in WiTango Application Server and Tango 2000 allows remote attackers to execute arbitrary code via a long cookie to Witango_UserReference."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:witango:tango_server:2000:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:witango:witango_server:5.0.1.061:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2008-09-10T19:19Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0596",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=186219",
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=186219",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "https://www.debian.org/security/2003/dsa-352",
"name" : "DSA-352",
"refsource" : "DEBIAN",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "FDclone 2.00a, and other versions before 2.02a, creates temporary directories with predictable names and uses them if they already exist, which allows local users to read or modify files of other fdclone users by creating the directory ahead of time."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fdclone:fdclone:2.00a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 3.6
},
"severity" : "LOW",
"exploitabilityScore" : 3.9,
"impactScore" : 4.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2016-12-08T02:59Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0597",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=105889063714201&w=2",
"name" : "CSSA-2003-SCO-11",
"refsource" : "SCO",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unknown vulnerability in display of Merge before 5.3.23a in UnixWare 7.1.x allows local users to gain root privileges."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sco:openserver:5.0.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sco:openserver:5.0.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2016-10-18T02:35Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0598",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ ]
} ]
},
"references" : {
"reference_data" : [ ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2003-0657. Reason: This candidate is a reservation duplicate of CVE-2003-0657. Notes: All CVE users should reference CVE-2003-0657 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ ]
},
"impact" : { },
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2008-09-10T19:19Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0599",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-365",
"name" : "DSA-365",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://mail.gnu.org/archive/html/phpgroupware-users/2003-07/msg00035.html",
"name" : "http://mail.gnu.org/archive/html/phpgroupware-users/2003-07/msg00035.html",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.phpgroupware.org",
"name" : "http://www.phpgroupware.org",
"refsource" : "CONFIRM",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unknown vulnerability in the Virtual File System (VFS) capability for phpGroupWare 0.9.16preRC and versions before 0.9.14.004 with unknown implications, related to the VFS path being under the web document root."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phpgroupware:phpgroupware:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "0.9.14.004",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phpgroupware:phpgroupware:0.9.16prerc:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2008-09-05T20:34Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0601",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://docs.info.apple.com/article.html?artnum=25631",
"name" : "http://docs.info.apple.com/article.html?artnum=25631",
"refsource" : "CONFIRM",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/8266",
"name" : "8266",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12728",
"name" : "macos-workgroup-gain-access(12728)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Workgroup Manager in Apple Mac OS X Server 10.2 through 10.2.6 does not disable a password for a new account before it is saved for the first time, which allows remote attackers to gain unauthorized access via the new account before it is saved."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-03-29T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0602",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/6861",
"name" : "6861",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/6868",
"name" : "6868",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.bugzilla.org/security/2.16.2/",
"name" : "http://www.bugzilla.org/security/2.16.2/",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000653",
"name" : "CLA-2003:653",
"refsource" : "CONECTIVA",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple cross-site scripting vulnerabilities (XSS) in Bugzilla 2.16.x before 2.16.3 and 2.17.x before 2.17.4 allow remote attackers to insert arbitrary HTML or web script via (1) multiple default German and Russian HTML templates or (2) ALT and NAME attributes in AREA tags as used by the GraphViz graph generation feature for local dependency graphs."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.17.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.16:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.16.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.16.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.17:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.17.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 6.8
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2008-09-05T20:34Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0603",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/7412",
"name" : "7412",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000653",
"name" : "CLA-2003:653",
"refsource" : "CONECTIVA",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.bugzilla.org/security/2.16.2/",
"name" : "http://www.bugzilla.org/security/2.16.2/",
"refsource" : "CONFIRM",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Bugzilla 2.16.x before 2.16.3, 2.17.x before 2.17.4, and earlier versions allows local users to overwrite arbitrary files via a symlink attack on temporary files that are created in directories with group-writable or world-writable permissions."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.16.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.12:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.16.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.17:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.17.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.16:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.17.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 2.1
},
"severity" : "LOW",
"exploitabilityScore" : 3.9,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2008-09-05T20:34Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0604",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.pivx.com/larholm/unpatched/",
"name" : "http://www.pivx.com/larholm/unpatched/",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=ntbugtraq&m=105899408520292&w=2",
"name" : "20030723 Drivial Pursuit: Internet Explorer Browser & Your Files and Folders !",
"refsource" : "NTBUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105899261818572&w=2",
"name" : "20030723 Drivial Pursuit: Internet Explorer Browser & Your Files and Folders !",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105906867322856&w=2",
"name" : "20030723 Re: Drivial Pursuit: Internet Explorer Browser & Your Files and Folders !",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=ntbugtraq&m=105906261314411&w=2",
"name" : "20030723 Re: Drivial Pursuit: Internet Explorer Browser & Your Files and Folders !",
"refsource" : "NTBUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.malware.com/once.again!.html",
"name" : "http://www.malware.com/once.again!.html",
"refsource" : "MISC",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Windows Media Player (WMP) 7 and 8, as running on Internet Explorer and possibly other Microsoft products that process HTML, allows remote attackers to bypass zone restrictions and access or execute arbitrary files via an IFRAME tag pointing to an ASF file whose Content-location contains a File:// URL."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:windows_media_player:8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:windows_media_player:7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2018-08-13T21:47Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0605",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006851.html",
"name" : "20030721 Microsoft Windows 2000 RPC DCOM Interface DOS AND Privilege Escalation Vulnerability",
"refsource" : "FULLDISC",
"tags" : [ ]
}, {
"url" : "http://www.cert.org/advisories/CA-2003-19.html",
"name" : "CA-2003-19",
"refsource" : "CERT",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://www.cert.org/advisories/CA-2003-23.html",
"name" : "CA-2003-23",
"refsource" : "CERT",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/326746",
"name" : "VU#326746",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105880332428706&w=2",
"name" : "20030720 Microsoft Windows 2000 RPC DCOM Interface DOS AND Privilege Escalation Vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A494",
"name" : "oval:org.mitre.oval:def:494",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1118",
"name" : "oval:org.mitre.oval:def:1118",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-039",
"name" : "MS03-039",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The RPC DCOM interface in Windows 2000 SP3 and SP4 allows remote attackers to cause a denial of service (crash), and local attackers to use the DoS to hijack the epmapper pipe to gain privileges, via certain messages to the __RemoteGetClassObject interface that cause a NULL pointer to be passed to the PerformScmStage function."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2019-04-30T14:27Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0606",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-353",
"name" : "DSA-353",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "sup 1.8 and earlier does not properly create temporary files, which allows local users to overwrite arbitrary files."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sup:sup:1.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cvsup:cvsup-mirror:1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2008-09-10T19:19Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0607",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-354",
"name" : "DSA-354",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/8307",
"name" : "8307",
"refsource" : "BID",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12765",
"name" : "xconq-user-display-bo(12765)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in xconq 7.4.1 allows local users to become part of the \"games\" group via the (1) USER or (2) DISPLAY environment variables."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:stanley_t._shebs:xconq:7.4.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-03-29T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0609",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.idefense.com/advisory/07.29.03.txt",
"name" : "20030729 Buffer Overflow in Sun Solaris Runtime Linker",
"refsource" : "IDEFENSE",
"tags" : [ ]
}, {
"url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/55680",
"name" : "55680",
"refsource" : "SUNALERT",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/8722",
"name" : "8722",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105951760418667&w=2",
"name" : "20030729 Solaris ld.so.1 buffer overflow",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12755",
"name" : "sun-ldso1-ldpreload-bo(12755)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3601",
"name" : "oval:org.mitre.oval:def:3601",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Stack-based buffer overflow in the runtime linker, ld.so.1, on Solaris 2.6 through 9 allows local users to gain root privileges via a long LD_PRELOAD environment variable."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2018-10-30T16:26Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0610",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.nai.com/us/promos/mcafee/epo_vulnerabilities.asp",
"name" : "http://www.nai.com/us/promos/mcafee/epo_vulnerabilities.asp",
"refsource" : "CONFIRM",
"tags" : [ "Patch", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Directory traversal vulnerability in ePO agent for McAfee ePolicy Orchestrator 3.0 allows remote attackers to read arbitrary files via a certain HTTP request."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mcafee:epolicy_orchestrator:3.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2008-09-10T19:19Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0611",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/8312",
"name" : "8312",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-356",
"name" : "DSA-356",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple buffer overflows in xtokkaetama 1.0 allow local users to gain privileges via a long (1) -display command line argument or (2) XTOKKAETAMADIR environment variable."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xtokkaetama:xtokkaetama:1.0_b6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2008-09-05T20:34Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0612",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://secunia.com/advisories/9577/",
"name" : "9577",
"refsource" : "SECUNIA",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://packages.debian.org/changelogs/pool/non-free/c/crafty/crafty_19.15-1/changelog.txt",
"name" : "http://packages.debian.org/changelogs/pool/non-free/c/crafty/crafty_19.15-1/changelog.txt",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=203541",
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=203541",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/9893",
"name" : "9893",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://securitytracker.com/id?1009393",
"name" : "1009393",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://securitytracker.com/id?1009398",
"name" : "1009398",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/357601",
"name" : "20040315 Crafty Game Stack Overflow & Exploit",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15501",
"name" : "crafty-command-line-bo(15501)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13017",
"name" : "crafty-long-argument-bo(13017)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple buffer overflows in main.c for Crafty 19.3 allow local users to gain group \"games\" privileges via long command line arguments to crafty.bin."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:robert_hyatt:crafty:19.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-03-29T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0613",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-369",
"name" : "DSA-369",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in zblast-svgalib of zblast 1.2.1 and earlier allows local users to execute arbitrary code via the high score file."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:zblast:zblast:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "1.2.1",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2008-09-10T19:19Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0614",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-355",
"name" : "DSA-355",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=82&mode=thread&order=0&thold=0",
"name" : "http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=82&mode=thread&order=0&thold=0",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/330676",
"name" : "20030727 Gallery XSS security advisory (with fix and patch instructions)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106252092421469&w=2",
"name" : "20030902 GLSA: gallery (200309-06)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/348641/30/21790/threaded",
"name" : "20040101 Re: Gallery v1.3.3 Cross Site Scripting Vulnerabillity",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in search.php of Gallery 1.1 through 1.3.4 allows remote attackers to insert arbitrary web script via the searchstring parameter."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gallery_project:gallery:1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gallery_project:gallery:1.2.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gallery_project:gallery:1.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gallery_project:gallery:1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gallery_project:gallery:1.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gallery_project:gallery:1.3.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gallery_project:gallery:1.3.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gallery_project:gallery:1.3.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gallery_project:gallery:1.2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gallery_project:gallery:1.2.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gallery_project:gallery:1.2.1_p1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gallery_project:gallery:1.2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gallery_project:gallery:1.3.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2018-10-19T15:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0615",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/8231",
"name" : "8231",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-256.html",
"name" : "RHSA-2003:256",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/246409",
"name" : "VU#246409",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2003:084",
"name" : "MDKSA-2003:084",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://securitytracker.com/id?1007234",
"name" : "1007234",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/13638",
"name" : "13638",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000713",
"name" : "CLA-2003:713",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101426-1",
"name" : "101426",
"refsource" : "SUNALERT",
"tags" : [ ]
}, {
"url" : "http://www.ciac.org/ciac/bulletins/n-155.shtml",
"name" : "N-155",
"refsource" : "CIAC",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-371",
"name" : "DSA-371",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105880349328877&w=2",
"name" : "20030720 CGI.pm vulnerable to Cross-site Scripting",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106018783704468&w=2",
"name" : "20030806 [OpenPKG-SA-2003.036] OpenPKG Security Advisory (perl-www)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=full-disclosure&m=105875211018698&w=2",
"name" : "20030720 CGI.pm vulnerable to Cross-site Scripting.",
"refsource" : "FULLDISC",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12669",
"name" : "cgi-startform-xss(12669)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A470",
"name" : "oval:org.mitre.oval:def:470",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A307",
"name" : "oval:org.mitre.oval:def:307",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm allows remote attackers to insert web script via a URL that is fed into the form's action parameter."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cgi.pm:cgi.pm:2.75:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cgi.pm:cgi.pm:2.751:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openpkg:openpkg:1.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openpkg:openpkg:current:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cgi.pm:cgi.pm:2.753:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cgi.pm:cgi.pm:2.76:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cgi.pm:cgi.pm:2.73:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cgi.pm:cgi.pm:2.74:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cgi.pm:cgi.pm:2.93:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openpkg:openpkg:1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cgi.pm:cgi.pm:2.78:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cgi.pm:cgi.pm:2.79:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:debian:debian_linux:3.0:*:m68k:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:debian:debian_linux:3.0:*:mips:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:debian:debian_linux:3.0:*:alpha:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:debian:debian_linux:3.0:*:mipsel:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:debian:debian_linux:3.0:*:ppc:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:debian:debian_linux:3.0:*:s-390:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:debian:debian_linux:3.0:*:ia-32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:debian:debian_linux:3.0:*:ia-64:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:debian:debian_linux:3.0:*:arm:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:debian:debian_linux:3.0:*:hppa:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:debian:debian_linux:3.0:*:sparc:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2018-05-03T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0616",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.nai.com/us/promos/mcafee/epo_vulnerabilities.asp",
"name" : "http://www.nai.com/us/promos/mcafee/epo_vulnerabilities.asp",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.atstake.com/research/advisories/2003/a073103-1.txt",
"name" : "A073103-1",
"refsource" : "ATSTAKE",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Format string vulnerability in ePO service for McAfee ePolicy Orchestrator 2.0, 2.5, and 2.5.1 allows remote attackers to execute arbitrary code via a POST request with format strings in the computerlist parameter, which are used when logging a failed name resolution."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mcafee:epolicy_orchestrator:2.5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mcafee:epolicy_orchestrator:2.5:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mcafee:epolicy_orchestrator:2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mcafee:epolicy_orchestrator:2.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2013-07-23T05:04Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0617",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-362",
"name" : "DSA-362",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106252097421549&w=2",
"name" : "20030902 GLSA: mindi (200309-05)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "mindi 0.58 and earlier does not properly create temporary files, which allows local users to overwrite arbitrary files."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hugo_rabson:mindi:0.58_r5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2016-10-18T02:35Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0618",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2004/dsa-431",
"name" : "DSA-431",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/9543",
"name" : "9543",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=203426",
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=203426",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15012",
"name" : "suidperl-obtain-information(15012)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple vulnerabilities in suidperl 5.6.1 and earlier allow a local user to obtain sensitive information about files for which the user does not have appropriate permissions."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:perl:suidperl:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 2.1
},
"severity" : "LOW",
"exploitabilityScore" : 3.9,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-05-04T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0619",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-198.html",
"name" : "RHSA-2003:198",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2004/dsa-358",
"name" : "DSA-358",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-239.html",
"name" : "RHSA-2003:239",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105950927708272&w=2",
"name" : "20030729 Remote Linux Kernel < 2.4.21 DoS in XDR routine.",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A386",
"name" : "oval:org.mitre.oval:def:386",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Integer signedness error in the decode_fh function of nfs3xdr.c in Linux kernel before 2.4.21 allows remote attackers to cause a denial of service (kernel panic) via a negative size value within XDR data of an NFSv3 procedure call."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "2.4.21",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0620",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-364",
"name" : "DSA-364",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105960276803617&w=2",
"name" : "20030730 Re: man-db[] multiple(4) vulnerabilities.",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105951284512898&w=2",
"name" : "20030729 man-db[] multiple(4) vulnerabilities.",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple buffer overflows in man-db 2.4.1 and earlier, when installed setuid, allow local users to gain privileges via (1) MANDATORY_MANPATH, MANPATH_MAP, and MANDB_MAP arguments to add_to_dirlist in manp.c, (2) a long pathname to ult_src in ult_src.c, (3) a long .so argument to test_for_include in ult_src.c, (4) a long MANPATH environment variable, or (5) a long PATH environment variable."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:andries_brouwer:man:2.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:andries_brouwer:man:2.4.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:andries_brouwer:man:2.3.18:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:andries_brouwer:man:2.3.19:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:andries_brouwer:man:2.3.20:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2016-10-18T02:35Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0621",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/advisory03_38_00.jsp",
"name" : "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/advisory03_38_00.jsp",
"refsource" : "CONFIRM",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/8931",
"name" : "8931",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106762000607681&w=2",
"name" : "20031031 Corsaire Security Advisory: BEA Tuxedo Administration CGI multiple argument issues",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13559",
"name" : "bea-tuxedo-file-disclosure(13559)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to determine the existence of files outside the web root via modified paths in the INIFILE argument."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:tuxedo:6.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:tuxedo:6.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:5.1:*:enterprise:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:4.2:*:enterprise:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:5.0.1:*:enterprise:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:tuxedo:6.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:tuxedo:7.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:tuxedo:8.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:tuxedo:8.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-01T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0622",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/advisory03_38_00.jsp",
"name" : "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/advisory03_38_00.jsp",
"refsource" : "CONFIRM",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/8931",
"name" : "8931",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106762000607681&w=2",
"name" : "20031031 Corsaire Security Advisory: BEA Tuxedo Administration CGI multiple argument issues",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13560",
"name" : "bea-tuxedo-device-dos(13560)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to cause a denial of service (hang) via pathname arguments that contain MS-DOS device names such as CON and AUX."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:4.2:*:enterprise:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:5.0.1:*:enterprise:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:tuxedo:8.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:tuxedo:8.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:tuxedo:6.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:tuxedo:6.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:5.1:*:enterprise:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:tuxedo:6.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:tuxedo:7.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-01T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0623",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/advisory03_38_00.jsp",
"name" : "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/advisory03_38_00.jsp",
"refsource" : "CONFIRM",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/8931",
"name" : "8931",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106762000607681&w=2",
"name" : "20031031 Corsaire Security Advisory: BEA Tuxedo Administration CGI multiple argument issues",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13561",
"name" : "bea-tuxedo-filename-xss(13561)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in the Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to inject arbitrary web script via the INIFILE argument."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:tuxedo:8.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:4.2:*:enterprise:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:tuxedo:6.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:tuxedo:7.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:tuxedo:8.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:5.0.1:*:enterprise:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:5.1:*:enterprise:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:tuxedo:6.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:tuxedo:6.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-01T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0624",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-79"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/SA_BEA03_36.00.jsp",
"name" : "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/SA_BEA03_36.00.jsp",
"refsource" : "MISC",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/8938",
"name" : "8938",
"refsource" : "BID",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106761926906781&w=2",
"name" : "20031031 Corsaire Security Advisory: BEA WebLogic example InteractiveQuery.jsp XSS issue",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13568",
"name" : "bea-weblogic-interactivequery-xss(13568)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in InteractiveQuery.jsp for BEA WebLogic 8.1 and earlier allows remote attackers to inject malicious web script via the person parameter."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "8.1",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:3.1.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : true
}
},
"publishedDate" : "2003-12-01T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0625",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/8255",
"name" : "8255",
"refsource" : "BID",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-360",
"name" : "DSA-360",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://developer.berlios.de/forum/forum.php?forum_id=2819",
"name" : "http://developer.berlios.de/forum/forum.php?forum_id=2819",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105941103709264&w=2",
"name" : "20030727 [PAPER]: Address relay fingerprinting.",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Off-by-one error in certain versions of xfstt allows remote attackers to read potentially sensitive memory via a malformed client request in the connection handshake, which leaks the memory in the server's response."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xfstt:xfstt:1.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xfstt:xfstt:1.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 6.4
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 4.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2016-10-18T02:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0626",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-November/013652.html",
"name" : "20031103 Corsaire Security Advisory: PeopleSoft PeopleBooks Search CGI multiple argument issues",
"refsource" : "FULLDISC",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0042.html",
"name" : "20031113 Corsaire Security Advisory: PeopleSoft PeopleBooks Search CGI multiple argument issues",
"refsource" : "VULNWATCH",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.auscert.org.au/render.html?it=3610",
"name" : "ESB-2003.0786",
"refsource" : "AUSCERT",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/9037",
"name" : "9037",
"refsource" : "BID",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.secunia.com/advisories/10225/",
"name" : "10225",
"refsource" : "SECUNIA",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13754",
"name" : "peoplesoft-searchcgi-directory-traversal(13754)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "psdoccgi.exe in PeopleSoft PeopleTools 8.4 through 8.43 allows remote attackers to read arbitrary files via the (1) headername or (2) footername arguments."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.15:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.16:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.42:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.43:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.13:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.14:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.40:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.41:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.17:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.18:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.19:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.12:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.20:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-13T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0627",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-November/013652.html",
"name" : "20031103 Corsaire Security Advisory: PeopleSoft PeopleBooks Search CGI multiple argument issues",
"refsource" : "FULLDISC",
"tags" : [ ]
}, {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0042.html",
"name" : "20031113 Corsaire Security Advisory: PeopleSoft PeopleBooks Search CGI multiple argument issues",
"refsource" : "VULNWATCH",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/9038",
"name" : "9038",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.secunia.com/advisories/10225/",
"name" : "10225",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13754",
"name" : "peoplesoft-searchcgi-directory-traversal(13754)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "psdoccgi.exe in PeopleSoft PeopleTools 8.4 through 8.43 allows remote attackers to cause a denial of service (application crash), possibly via the headername and footername arguments."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.43:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.40:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.41:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.42:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0628",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=106874146204158&w=2",
"name" : "20031113 Corsaire Security Advisory: PeopleSoft Gateway Administration servlet path disclosure issue",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "PeopleSoft Gateway Administration servlet (gateway.administration) in PeopleTools 8.43 and earlier allows remote attackers to obtain the full pathnames for server-side include (SSI) files via an HTTP request with an invalid value."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.18:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.19:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.16:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.17:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.43:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.12:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.13:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.20:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.15:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.42:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.41:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.14:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.40:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-15T05:00Z",
"lastModifiedDate" : "2016-10-18T02:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0629",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=106874146204158&w=2",
"name" : "20031113 Corsaire Security Advisory: PeopleSoft Gateway Administration servlet path disclosure issue",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in PeopleSoft IScript environment for PeopleTools 8.43 and earlier allows remote attackers to insert arbitrary web script via a certain HTTP request to IScript."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.18:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.19:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.16:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.17:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.42:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.43:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.12:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.13:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.20:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.15:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.41:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.14:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.40:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-15T05:00Z",
"lastModifiedDate" : "2016-10-18T02:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0630",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-359",
"name" : "DSA-359",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106252128221901&w=2",
"name" : "20030902 GLSA: atari800 (200309-07)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple buffer overflows in the atari800.svgalib setuid program of the Atari 800 emulator (atari800) before 1.2.2 allow local users to gain privileges via long command line arguments, as demonstrated with the -osa_rom argument."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:atari800:atari800:1.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:atari800:atari800:1.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:atari800:atari800:1.2.1_pre0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:atari800:atari800:1.0.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:atari800:atari800:1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:atari800:atari800:1.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:atari800:atari800:1.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:atari800:atari800:1.0.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:atari800:atari800:1.2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:atari800:atari800:1.0.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:atari800:atari800:1.0.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-20T04:00Z",
"lastModifiedDate" : "2016-10-18T02:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0631",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=1039",
"name" : "http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=1039",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105899875225268&w=2",
"name" : "20030723 VMware GSX Server 2.5.1 / Workstation 4.0 (for Linux systems)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "VMware GSX Server 2.5.1 build 4968 and earlier, and Workstation 4.0 and earlier, allows local users to gain root privileges via certain enivronment variables that are used when launching a virtual machine session."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:vmware:gsx_server:2.5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:vmware:workstation:4.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2016-10-18T02:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0632",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://otn.oracle.com/deploy/security/pdf/2003alert56.pdf",
"name" : "http://otn.oracle.com/deploy/security/pdf/2003alert56.pdf",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105906721920776&w=2",
"name" : "20030724 Integrigy Security Alert - Oracle E-Business Suite FNDWRR Buffer Overflow",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in the Oracle Applications Web Report Review (FNDWRR) CGI program (FNDWRR.exe) of Oracle E-Business Suite 11.0 and 11.5.1 through 11.5.8 may allow remote attackers to execute arbitrary code via a long URL."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:applications:11.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:e-business_suite:11.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:e-business_suite:11.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:applications:10.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:e-business_suite:11.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:e-business_suite:11.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:e-business_suite:11.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:e-business_suite:11.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:e-business_suite:11.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:e-business_suite:11.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2016-10-18T02:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0633",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://otn.oracle.com/deploy/security/pdf/2003alert55.pdf",
"name" : "http://otn.oracle.com/deploy/security/pdf/2003alert55.pdf",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/8268",
"name" : "8268",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105906689120237&w=2",
"name" : "20030724 Integrigy Security Alert - Oracle E-Business Suite AOL/J Setup Test Information Disclosure",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple vulnerabilities in aoljtest.jsp of Oracle Applications AOL/J Setup Test Suite in Oracle E-Business Suite 11.5.1 through 11.5.8 allow a remote attacker to obtain sensitive information without authentication, such as the GUEST user password and the application server security key."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:applications:10.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:e-business_suite:11.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:e-business_suite:11.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:e-business_suite:11.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:e-business_suite:11.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:applications:11.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:e-business_suite:11.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:e-business_suite:11.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:e-business_suite:11.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:e-business_suite:11.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2016-10-18T02:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0634",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/8267",
"name" : "8267",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://otn.oracle.com/deploy/security/pdf/2003alert57.pdf",
"name" : "http://otn.oracle.com/deploy/security/pdf/2003alert57.pdf",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0105.html",
"name" : "20030912 Update to the Oracle EXTPROC advisory",
"refsource" : "VULNWATCH",
"tags" : [ ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/936868",
"name" : "VU#936868",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105916455814904&w=2",
"name" : "20030725 question about oracle advisory",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=ntbugtraq&m=105915485303327&w=2",
"name" : "20030725 Oracle Extproc Buffer Overflow (#NISR25072003)",
"refsource" : "NTBUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105914979629857&w=2",
"name" : "20030725 Oracle Extproc Buffer Overflow (#NISR25072003)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12721",
"name" : "oracle-extproc-bo(12721)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Stack-based buffer overflow in the PL/SQL EXTPROC functionality for Oracle9i Database Release 2 and 1, and Oracle 8i, allows authenticated database users, and arbitrary database users in some cases, to execute arbitrary code via a long library name."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5_.1.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.6_.0.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle8i:standard_8.1.7_.0.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle8i:standard_8.1.7_.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle8i:standard_8.1.7_.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7_.1.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle8i:standard_8.1.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:standard_9.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:client_9.2.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:client_9.2.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle8i:standard_8.1.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:standard_9.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:standard_9.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5_.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.6_.1.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:personal_9.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7_.0.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5_.0.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle8i:standard_8.1.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0635",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2966435.htm",
"name" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2966435.htm",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105492852131747&w=2",
"name" : "20030606 NOVL-2003-2966205 - iChain 2.2 Field Patch 1a",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unknown vulnerability or vulnerabilities in Novell iChain 2.2 before Support Pack 1, with unknown impact, possibly related to unauthorized access to (1) NCPIP.NLM and (2) JSTCP.NLM."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:novell:ichain:2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2016-10-18T02:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0636",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2966435.htm",
"name" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2966435.htm",
"refsource" : "CONFIRM",
"tags" : [ "Patch" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Novell iChain 2.2 before Support Pack 1 does not properly verify that URL redirects match the DNS name of an accelerator, which allows attackers to redirect URLs to malicious web sites."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:novell:ichain:2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2008-09-05T20:34Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0637",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2966435.htm",
"name" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2966435.htm",
"refsource" : "CONFIRM",
"tags" : [ "Patch" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Novell iChain 2.2 before Support Pack 1 uses a shorter timeout for a non-existent user than a valid user, which makes it easier for remote attackers to guess usernames and conduct brute force password guessing."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:novell:ichain:2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2008-09-05T20:34Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0638",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2966435.htm",
"name" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2966435.htm",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105492852131747&w=2",
"name" : "20030606 NOVL-2003-2966205 - iChain 2.2 Field Patch 1a",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105492847631711&w=2",
"name" : "20030606 NOVL-2003-2966207 - iChain 2.1 Field Patch 3",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple buffer overflows in Novell iChain 2.1 before Field Patch 3, and iChain 2.2 before Field Patch 1a, allow attackers to cause a denial of service (ABEND) and possibly execute arbitrary code via (1) a long user name or (2) an unknown attack related to a \"special script against login.\""
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:novell:ichain:2.1:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:novell:ichain:2.1:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:novell:ichain:2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2016-10-18T02:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0639",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2966435.htm",
"name" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2966435.htm",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105492852131747&w=2",
"name" : "20030606 NOVL-2003-2966205 - iChain 2.2 Field Patch 1a",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unknown vulnerability in Novell iChain 2.2 before Support Pack 1 allows users to access restricted or secure pages without authentication."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:novell:ichain:2.1:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:novell:ichain:2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:novell:ichain:2.1:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2016-10-18T02:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0640",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.secunia.com/advisories/9232/",
"name" : "9232",
"refsource" : "SECUNIA",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-33.jsp",
"name" : "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-33.jsp",
"refsource" : "CONFIRM",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "BEA WebLogic Server and Express, when using NodeManager to start servers, provides Operator users with privileges to overwrite usernames and passwords, which may allow Operators to gain Admin privileges."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:*:*:express:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2008-09-05T20:34Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0641",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/8222",
"name" : "8222",
"refsource" : "BID",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.osvdb.org/6578",
"name" : "6578",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/9310",
"name" : "9310",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105848106631132&w=2",
"name" : "20030717 Bypassing ServerLock protection on Windows 2000",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12665",
"name" : "serverlock-openprocess-load-module(12665)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "WatchGuard ServerLock for Windows 2000 before SL 2.0.3 allows local users to load arbitrary modules via the OpenProcess() function, as demonstrated using (1) a DLL injection attack, (2) ZwSetSystemInformation, and (3) API hooking in OpenProcess."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:watchguard:serverlock:2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:watchguard:serverlock:2.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:watchguard:serverlock:2.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0642",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/8223",
"name" : "8223",
"refsource" : "BID",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://secunia.com/advisories/9310",
"name" : "9310",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105848106631132&w=2",
"name" : "20030717 Bypassing ServerLock protection on Windows 2000",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12666",
"name" : "serverlock-physicalmemory-symlink(12666)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "WatchGuard ServerLock for Windows 2000 before SL 2.0.4 allows local users to access kernel memory via a symlink attack on \\Device\\PhysicalMemory."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:watchguard:serverlock:2.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:watchguard:serverlock:2.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:watchguard:serverlock:2.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:watchguard:serverlock:2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 2.1
},
"severity" : "LOW",
"exploitabilityScore" : 3.9,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0643",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.ultramonkey.org/bugs/cve/CAN-2003-0643.shtml",
"name" : "http://www.ultramonkey.org/bugs/cve/CAN-2003-0643.shtml",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.ultramonkey.org/bugs/cve-patch/CAN-2003-0643.patch",
"name" : "http://www.ultramonkey.org/bugs/cve-patch/CAN-2003-0643.patch",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://gentoo.kems.net/gentoo-x86-portage/sys-kernel/gentoo-sources/ChangeLog",
"name" : "http://gentoo.kems.net/gentoo-x86-portage/sys-kernel/gentoo-sources/ChangeLog",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://mirror.clarkson.edu/pub/distributions/gentoo-portage/sys-kernel/wolk-sources/ChangeLog",
"name" : "http://mirror.clarkson.edu/pub/distributions/gentoo-portage/sys-kernel/wolk-sources/ChangeLog",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://ftp.belnet.be/linux/gentoo-portage/sys-kernel/gentoo-sources/files/gentoo-sources-2.4.CAN-2003-0643.patch",
"name" : "http://ftp.belnet.be/linux/gentoo-portage/sys-kernel/gentoo-sources/files/gentoo-sources-2.4.CAN-2003-0643.patch",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_004_v11.pdf",
"name" : "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_004_v11.pdf",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/23265",
"name" : "23265",
"refsource" : "SECUNIA",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Integer signedness error in the Linux Socket Filter implementation (filter.c) in Linux 2.4.3-pre3 to 2.4.22-pre10 allows attackers to cause a denial of service (crash)."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.12:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.13:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.14:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.19:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.19:pre1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.19:pre2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.19:pre3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:pre1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.15:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:pre3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:pre5:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.21:pre7:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.17:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.21:pre1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.21:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:pre4:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.16:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.3:pre3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.19:pre5:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.21:pre4:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:pre2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.20:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:pre7:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.19:pre4:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.22:pre10:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.19:pre6:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:pre6:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:pre8:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 2.1
},
"severity" : "LOW",
"exploitabilityScore" : 3.9,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-07-25T04:00Z",
"lastModifiedDate" : "2008-09-10T19:20Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0644",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://lists.kde.org/?l=kde-announce&m=106296509815092&w=2",
"name" : "http://lists.kde.org/?l=kde-announce&m=106296509815092&w=2",
"refsource" : "CONFIRM",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://lists.debian.org/debian-devel-changes/2003/09/msg00767.html",
"name" : "[debian-devel-changes] 20030909 Accepted kdbg 1.2.9-1 (i386 source)",
"refsource" : "MLIST",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2005-416.html",
"name" : "RHSA-2005:416",
"refsource" : "REDHAT",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Kdbg 1.1.0 through 1.2.8 does not check permissions of the .kdbgrc file, which allows local users to execute arbitrary commands."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:johannes_sixt:kdbg:1.2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:johannes_sixt:kdbg:1.2.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:johannes_sixt:kdbg:1.2.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:johannes_sixt:kdbg:1.2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:johannes_sixt:kdbg:1.1.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:johannes_sixt:kdbg:1.1.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:johannes_sixt:kdbg:1.1.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:johannes_sixt:kdbg:1.1.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:johannes_sixt:kdbg:1.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:johannes_sixt:kdbg:1.2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:johannes_sixt:kdbg:1.2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:johannes_sixt:kdbg:1.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:johannes_sixt:kdbg:1.2.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:johannes_sixt:kdbg:1.1.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:johannes_sixt:kdbg:1.1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:johannes_sixt:kdbg:1.2.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:johannes_sixt:kdbg:1.1.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-09-07T04:00Z",
"lastModifiedDate" : "2008-09-05T20:34Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0645",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-364",
"name" : "DSA-364",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/8352",
"name" : "8352",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106018504800341&w=2",
"name" : "20030806 man-db[v2.4.1-]: open_cat_stream() privileged call exploit.",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12848",
"name" : "mandb-opencatstream-gain-privileges(12848)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "man-db 2.3.12 and 2.3.18 to 2.4.1 uses certain user-controlled DEFINE directives from the ~/.manpath file, even when running setuid, which could allow local users to gain privileges."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:andries_brouwer:man:2.3.20:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:andries_brouwer:man:2.4.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0646",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006488.html",
"name" : "20030711 Trend Micro ActiveX Multiple Overflows",
"refsource" : "FULLDISC",
"tags" : [ ]
}, {
"url" : "http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionID=15274",
"name" : "http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionID=15274",
"refsource" : "CONFIRM",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple buffer overflows in ActiveX controls used by Trend Micro HouseCall 5.5 and 5.7, and Damage Cleanup Server 1.0, allow remote attackers to execute arbitrary code via long parameter strings."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:trend_micro:damage_cleanup_server:1.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:trend_micro:housecall:5.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:trend_micro:housecall:5.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2008-09-10T19:20Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0647",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.cisco.com/warp/public/707/cisco-sn-20030730-ios-2gb-get.shtml",
"name" : "20030731 Sending 2GB Data in GET Request Causes Buffer Overflow in Cisco IOS Software",
"refsource" : "CISCO",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/579324",
"name" : "VU#579324",
"refsource" : "CERT-VN",
"tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in the HTTP server for Cisco IOS 12.2 and earlier allows remote attackers to execute arbitrary code via an extremely long (2GB) HTTP GET request."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "12.2",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2008-09-10T19:20Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0648",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2004/dsa-472",
"name" : "DSA-472",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://securitytracker.com/id?1009655",
"name" : "1009655",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://securitytracker.com/id?1009656",
"name" : "1009656",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/10041",
"name" : "10041",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/11290",
"name" : "11290",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/354838",
"name" : "VU#354838",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/900964",
"name" : "VU#900964",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15726",
"name" : "ftetexteditor-vfte-bo(15726)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple buffer overflows in vfte, based on FTE, before 0.50, allow local users to execute arbitrary code."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fte:fte_text_editor:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-05-04T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0649",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-368",
"name" : "DSA-368",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:053",
"name" : "MDKSA-2004:053",
"refsource" : "MANDRAKE",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in xpcd-svga for xpcd 2.08 and earlier allows local users to execute arbitrary code via a long HOME environment variable."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xpcd:xpcd:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "2.08",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2008-09-10T19:20Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0650",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/8309",
"name" : "8309",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0064.html",
"name" : "20030730 GameSpy Arcade Arbitrary File Writing Vulnerability",
"refsource" : "VULNWATCH",
"tags" : [ ]
}, {
"url" : "http://www.gamespyarcade.com/features/versions.shtml",
"name" : "http://www.gamespyarcade.com/features/versions.shtml",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105958779017085&w=2",
"name" : "20030730 GameSpy Arcade Arbitrary File Writing Vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Directory traversal vulnerability in GSAPAK.EXE for GameSpy Arcade, possibly versions before 1.3e, allows remote attackers to overwrite arbitrary files and execute arbitrary code via .. (dot dot) sequences in filenames in a .APK (Zip) file."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gamespy:arcade:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "1.3e",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2016-10-18T02:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0651",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/8287",
"name" : "8287",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-07/0355.html",
"name" : "20030728 Remotely exploitable overflow in mod_mylo for Apache",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in the mylo_log logging function for mod_mylo 0.2.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mod_mylo:mod_mylo:0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mod_mylo:mod_mylo:2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mod_mylo:mod_mylo:2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2008-09-05T20:34Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0652",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-367",
"name" : "DSA-367",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106001473329625&w=2",
"name" : "20030803 xtokkaetama[v1.0b+]: (missed) buffer overflow exploit.",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in xtokkaetama allows local users to gain privileges via a long -nickname command line argument, a different vulnerability than CVE-2003-0611."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xtokkaetama:xtokkaetama:1.0_b6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2016-10-18T02:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0653",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-010.txt.asc",
"name" : "NetBSD-SA2003-010",
"refsource" : "NETBSD",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The OSI networking kernel (sys/netiso) in NetBSD 1.6.1 and earlier does not use a BSD-required \"PKTHDR\" mbuf when sending certain error responses to the sender of an OSI packet, which allows remote attackers to cause a denial of service (kernel panic or crash) via certain OSI packets."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.5.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.5.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.6.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2008-09-10T19:20Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0654",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-373",
"name" : "DSA-373",
"refsource" : "DEBIAN",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in autorespond may allow remote attackers to execute arbitrary code as the autorespond user via qmail."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:autorespond:autorespond:2.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2008-09-10T19:20Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0655",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.secnetops.com/research/advisories/SRT2003-08-01-0126.txt",
"name" : "http://www.secnetops.com/research/advisories/SRT2003-08-01-0126.txt",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105978381618095&w=2",
"name" : "20030801 SRT2003-08-01-0126 - cdrtools local root exploit",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "rscsi in cdrtools 2.01 and earlier allows local users to overwrite arbitrary files and gain root privileges by specifying the target file as a command line argument, which is modified while rscsi is running with privileges."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cdrtools:cdrtools:2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cdrtools:cdrtools:2.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2016-10-18T02:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0656",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-366",
"name" : "DSA-366",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:083",
"name" : "MDKSA-2003:083",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106252649028401&w=2",
"name" : "20030902 GLSA: eroaster (200309-04)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "eroaster before 2.2.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary file that is used as a lockfile."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:eroaster:eroaster:2.1.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:eroaster:eroaster:2.2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:eroaster:eroaster:2.0.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 2.1
},
"severity" : "LOW",
"exploitabilityScore" : 3.9,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2016-10-18T02:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0657",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-365",
"name" : "DSA-365",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple SQL injection vulnerabilities in the infolog module for phpgroupware 0.9.14 and earlier could allow remote attackers to conduct unauthorized database actions."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phpgroupware:phpgroupware:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "0.9.14",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2008-09-05T20:34Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0658",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:caldera:openlinux_workstation:3.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:caldera:openserver:5.0.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:caldera:openlinux_server:3.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sco:unixware:7.1.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-20T04:00Z",
"lastModifiedDate" : "2008-09-10T19:20Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0659",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.kb.cert.org/vuls/id/967668",
"name" : "VU#967668",
"refsource" : "CERT-VN",
"tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.securityfocus.com/bid/8827",
"name" : "8827",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.cert.org/advisories/CA-2003-27.html",
"name" : "CA-2003-27",
"refsource" : "CERT",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106631999907035&w=2",
"name" : "20031016 Listbox And Combobox Control Buffer Overflow",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=ntbugtraq&m=106632111408343&w=2",
"name" : "20031016 Listbox And Combobox Control Buffer Overflow",
"refsource" : "NTBUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13424",
"name" : "win-user32-control-bo(13424)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A340",
"name" : "oval:org.mitre.oval:def:340",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A201",
"name" : "oval:org.mitre.oval:def:201",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-045",
"name" : "MS03-045",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in a function in User32.dll on Windows NT through Server 2003 allows local users to execute arbitrary code via long (1) LB_DIR messages to ListBox or (2) CB_DIR messages to ComboBox controls in a privileged application."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:r2:*:64-bit:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:*:embedded:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:sp1:embedded:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-17T05:00Z",
"lastModifiedDate" : "2019-04-30T14:27Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0660",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.kb.cert.org/vuls/id/838572",
"name" : "VU#838572",
"refsource" : "CERT-VN",
"tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.securityfocus.com/bid/8830",
"name" : "8830",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.cert.org/advisories/CA-2003-27.html",
"name" : "CA-2003-27",
"refsource" : "CERT",
"tags" : [ "US Government Resource" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13422",
"name" : "win-authenticode-code-execution(13422)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A198",
"name" : "oval:org.mitre.oval:def:198",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A185",
"name" : "oval:org.mitre.oval:def:185",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-041",
"name" : "MS03-041",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The Authenticode capability in Microsoft Windows NT through Server 2003 does not prompt the user to download and install ActiveX controls when the system is low on memory, which could allow remote attackers to execute arbitrary code without user approval."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:*:embedded:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:sp1:embedded:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:r2:*:64-bit:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:server:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-17T05:00Z",
"lastModifiedDate" : "2019-04-30T14:27Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0661",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.kb.cert.org/vuls/id/989932",
"name" : "VU#989932",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3483",
"name" : "oval:org.mitre.oval:def:3483",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-034",
"name" : "MS03-034",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The NetBT Name Service (NBNS) for NetBIOS in Windows NT 4.0, 2000, XP, and Server 2003 may include random memory in a response to a NBNS query, which could allow remote attackers to obtain sensitive information."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:r2:*:64-bit:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-20T04:00Z",
"lastModifiedDate" : "2019-04-30T14:27Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0662",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-119"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.kb.cert.org/vuls/id/989932",
"name" : "VU#989932",
"refsource" : "CERT-VN",
"tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0015.html",
"name" : "20031016 Microsoft Local Troubleshooter ActiveX control buffer overflow",
"refsource" : "VULNWATCH",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/8833",
"name" : "8833",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.cert.org/advisories/CA-2003-27.html",
"name" : "CA-2003-27",
"refsource" : "CERT",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012205.html",
"name" : "20031016 Microsoft Local Troubleshooter ActiveX control buffer overflow",
"refsource" : "FULLDISC",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=ntbugtraq&m=106632192709608&w=2",
"name" : "20031016 Microsoft Local Troubleshooter ActiveX control buffer overflow",
"refsource" : "NTBUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13423",
"name" : "win2k-local-troubleshooter-bo(13423)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A237",
"name" : "oval:org.mitre.oval:def:237",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-042",
"name" : "MS03-042",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in Troubleshooter ActiveX Control (Tshoot.ocx) in Microsoft Windows 2000 SP4 and earlier allows remote attackers to execute arbitrary code via an HTML document with a long argument to the RunQuery2 method."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 9.3
},
"severity" : "HIGH",
"exploitabilityScore" : 8.6,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-17T05:00Z",
"lastModifiedDate" : "2019-04-30T14:27Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0663",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.us-cert.gov/cas/techalerts/TA04-104A.html",
"name" : "TA04-104A",
"refsource" : "CERT",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/639428",
"name" : "VU#639428",
"refsource" : "CERT-VN",
"tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.ciac.org/ciac/bulletins/o-114.shtml",
"name" : "O-114",
"refsource" : "CIAC",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/10114",
"name" : "10114",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15700",
"name" : "win2k-lsass-ldap-dos(15700)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1016",
"name" : "oval:org.mitre.oval:def:1016",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-011",
"name" : "MS04-011",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unknown vulnerability in the Local Security Authority Subsystem Service (LSASS) in Windows 2000 domain controllers allows remote attackers to cause a denial of service via a crafted LDAP message."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-06-01T04:00Z",
"lastModifiedDate" : "2018-10-12T21:32Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0664",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A188",
"name" : "oval:org.mitre.oval:def:188",
"refsource" : "OVAL",
"tags" : [ "Third Party Advisory" ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-035",
"name" : "MS03-035",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Microsoft Word 2002, 2000, 97, and 98(J) does not properly check certain properties of a document, which allows attackers to bypass the macro security model and automatically execute arbitrary macros via a malicious document."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:word:98:*:*:ja:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:word:2000:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:word:2002:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:works:2001:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:word:2000:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:word:2000:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:works:2002:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:works:2003:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:word:97:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:word:2000:sr1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:word:2000:sr1a:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:word:97:sr2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:word:2002:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:word:97:sr1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:word:98:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:word:2002:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-20T04:00Z",
"lastModifiedDate" : "2018-10-12T21:32Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0665",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.kb.cert.org/vuls/id/992132",
"name" : "VU#992132",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://secunia.com/advisories/9668",
"name" : "9668",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/8536",
"name" : "8536",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-038",
"name" : "MS03-038",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in the ActiveX control for Microsoft Access Snapshot Viewer for Access 97, 2000, and 2002 allows remote attackers to execute arbitrary code via long parameters to the control."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:access:2000:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:access:97:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:access:2000:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:access:2002:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:access:2000:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:access:2000:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:access:2002:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:access:2002:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-20T04:00Z",
"lastModifiedDate" : "2018-10-12T21:32Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0666",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0092.html",
"name" : "20030903 EEYE: Microsoft WordPerfect Document Converter Buffer Overflow",
"refsource" : "VULNWATCH",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106261952827573&w=2",
"name" : "20030903 EEYE: Microsoft WordPerfect Document Converter Buffer Overflow",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106279971612961&w=2",
"name" : "20030905 Microsoft WordPerfect Document Converter Exploit",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-036",
"name" : "MS03-036",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in Microsoft Wordperfect Converter allows remote attackers to execute arbitrary code via modified data offset and data size parameters in a Corel WordPerfect file."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:wordperfect_converter:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-20T04:00Z",
"lastModifiedDate" : "2018-10-12T21:32Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0669",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F47353",
"name" : "47353",
"refsource" : "SUNALERT",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4561",
"name" : "oval:org.mitre.oval:def:4561",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unknown vulnerability in Solaris 2.6 through 9 causes a denial of service (system panic) via \"a rare race condition\" or an attack by local users."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:H/Au:N/C:N/I:N/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "HIGH",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 1.2
},
"severity" : "LOW",
"exploitabilityScore" : 1.9,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2018-10-30T16:26Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0670",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.atstake.com/research/advisories/2003/a080703-1.txt",
"name" : "A080703-1",
"refsource" : "ATSTAKE",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Sustworks IPNetSentryX and IPNetMonitorX allow local users to sniff network packets via the setuid helper applications (1) RunTCPDump, which calls tcpdump, and (2) RunTCPFlow, which calls tcpflow."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sustainable_softworks:ipnetsentryx:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sustainable_softworks:ipnetmonitorx:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 2.1
},
"severity" : "LOW",
"exploitabilityScore" : 3.9,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2008-09-10T19:20Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0671",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.atstake.com/research/advisories/2003/a080703-1.txt",
"name" : "A080703-1",
"refsource" : "ATSTAKE",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.atstake.com/research/advisories/2003/a080703-2.txt",
"name" : "A080703-2",
"refsource" : "ATSTAKE",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Format string vulnerability in tcpflow, when used in a setuid context, allows local users to execute arbitrary code via the device name argument, as demonstrated in Sustworks IPNetSentryX and IPNetMonitorX the setuid program RunTCPFlow."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:jeremy_elson:tcpflow:0.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:jeremy_elson:tcpflow:0.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:jeremy_elson:tcpflow:0.12:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:jeremy_elson:tcpflow:0.20:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2008-09-10T19:20Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0672",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-370",
"name" : "DSA-370",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Format string vulnerability in pam-pgsql 0.5.2 and earlier allows remote attackers to execute arbitrary code via the username that isp rovided during authentication, which is not properly handled when recording a log message."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:leon_j_breedt:pam-pgsql:0.5.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:leon_j_breedt:pam-pgsql:0.5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2008-09-10T19:20Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0676",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=106036588613929&w=2",
"name" : "20030808 Directory Traversal in Sun iPlanet Administration Server 5.1",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Directory traversal vulnerability in ViewLog for iPlanet Administration Server 5.1 (aka Sun ONE) allows remote attackers to read arbitrary files via \"..%2f\" (partially encoded dot dot) sequences."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:iplanet_directory_server:5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:one_directory_server:5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:one_directory_server:5.1:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:iplanet_directory_server:5.1:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:one_directory_server:5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:one_directory_server:5.0:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:one_directory_server:5.0_sp2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:iplanet_directory_server:5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:iplanet_directory_server:5.1:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:one_directory_server:5.1:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2016-10-18T02:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0677",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/332284",
"name" : "20030807 Cisco CSS 11000 Series DoS",
"refsource" : "BUGTRAQ",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0073.html",
"name" : "20030807 Cisco CSS 11000 Series DoS",
"refsource" : "VULNWATCH",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0079.html",
"name" : "20030808 Re: [VulnWatch] Cisco CSS 11000 Series DoS",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cisco CSS 11000 routers on the CS800 chassis allow remote attackers to cause a denial of service (CPU consumption or reboot) via a large number of TCP SYN packets to the circuit IP address, aka \"ONDM Ping failure.\""
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cisco:webns:5.0_0.038s:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2008-09-10T19:20Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0678",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ ]
} ]
},
"references" : {
"reference_data" : [ ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ ]
},
"impact" : { },
"publishedDate" : "2017-05-11T14:29Z",
"lastModifiedDate" : "2017-05-11T14:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0679",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20030802-01-P",
"name" : "20030802-01-P",
"refsource" : "SGI",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unknown vulnerability in the libcpr library for the Checkpoint/Restart (cpr) system on SGI IRIX 6.5.21f and earlier allows local users to truncate or overwrite certain files."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "6.5.21f",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 2.1
},
"severity" : "LOW",
"exploitabilityScore" : 3.9,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2008-09-10T19:20Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0680",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20030901-01-P",
"name" : "20030901-01-P",
"refsource" : "SGI",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unknown vulnerability in NFS for SGI IRIX 6.5.21 and earlier may allow an NFS client to bypass read-only restrictions."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.21:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.21f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.21m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-06T04:00Z",
"lastModifiedDate" : "2008-09-10T19:20Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0681",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.sendmail.org/8.12.10.html",
"name" : "http://www.sendmail.org/8.12.10.html",
"refsource" : "CONFIRM",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.securityfocus.com/bid/8649",
"name" : "8649",
"refsource" : "BID",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000742",
"name" : "CLA-2003:742",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-384",
"name" : "DSA-384",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-283.html",
"name" : "RHSA-2003:283",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/108964",
"name" : "VU#108964",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:092",
"name" : "MDKSA-2003:092",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106383437615742&w=2",
"name" : "20030917 GLSA: sendmail (200309-13)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106398718909274&w=2",
"name" : "20030919 [OpenPKG-SA-2003.041] OpenPKG Security Advisory (sendmail)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13216",
"name" : "sendmail-ruleset-parsing-bo(13216)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A595",
"name" : "oval:org.mitre.oval:def:595",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3606",
"name" : "oval:org.mitre.oval:def:3606",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "A \"potential buffer overflow in ruleset parsing\" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:advanced_message_server:1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:advanced_message_server:1.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.10.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.11.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.11.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.8.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.9.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:2.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:2.1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:3.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:2.6.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12:beta16:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.11.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.11.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_pro:8.9.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12:beta12:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:3.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:2.2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:2.1.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.9.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:3.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12:beta10:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:3.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.11.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:3.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:2.2.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:3.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:2.2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.9.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.11.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.11.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:2.1.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:2.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:2.6.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.9.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.10.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:3.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12:beta7:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:2.2.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12:beta5:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:3.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_pro:8.9.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:2.1.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:gentoo:linux:1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:gentoo:linux:1.4:rc1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:gentoo:linux:1.4:rc2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:ibm:aix:5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.5:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.5.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:3.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:turbolinux:turbolinux_server:7.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.5:*:sh3:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:gentoo:linux:0.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:3.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.22:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:ibm:aix:4.3.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:gentoo:linux:1.1a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.5.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:turbolinux:turbolinux_workstation:8.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:gentoo:linux:0.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:turbolinux:turbolinux_server:8.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:turbolinux:turbolinux_server:6.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:turbolinux:turbolinux_workstation:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.6.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.6:beta:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:gentoo:linux:1.4:rc3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:turbolinux:turbolinux_workstation:7.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.0.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.4.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:turbolinux:turbolinux_server:6.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:turbolinux:turbolinux_advanced_server:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-06T04:00Z",
"lastModifiedDate" : "2018-05-03T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0682",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-382",
"name" : "DSA-382",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-280.html",
"name" : "RHSA-2003:280",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000741",
"name" : "CLA-2003:741",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-383",
"name" : "DSA-383",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106373546332230&w=2",
"name" : "RHSA-2003:279",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106381409220492&w=2",
"name" : "20030917 [OpenPKG-SA-2003.040] OpenPKG Security Advisory (openssh)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A446",
"name" : "oval:org.mitre.oval:def:446",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "\"Memory bugs\" in OpenSSH 3.7.1 and earlier, with unknown impact, a different set of vulnerabilities than CVE-2003-0693 and CVE-2003-0695."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "3.7.1",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-06T04:00Z",
"lastModifiedDate" : "2018-05-03T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0683",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/8921",
"name" : "8921",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20031004-01-P",
"name" : "20031004-01-P",
"refsource" : "SGI",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/2734",
"name" : "2734",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10095",
"name" : "10095",
"refsource" : "SECUNIA",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "NFS in SGI 6.5.21m and 6.5.21f does not perform access checks in certain configurations when an /etc/exports entry uses wildcards without any hostnames or groups, which could allow attackers to bypass intended restrictions."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.21m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.21f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-03T05:00Z",
"lastModifiedDate" : "2008-09-05T20:34Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0684",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ ]
} ]
},
"references" : {
"reference_data" : [ ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ ]
},
"impact" : { },
"publishedDate" : "2017-05-11T14:29Z",
"lastModifiedDate" : "2017-05-11T14:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0685",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-372",
"name" : "DSA-372",
"refsource" : "DEBIAN",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106071059430211&w=2",
"name" : "20030812 Netris client Buffer Overflow Vulnerability.",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in Netris 0.52 and earlier, and possibly other versions, allows remote malicious Netris servers to execute arbitrary code on netris clients via a long server response."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:netris:netris:0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:netris:netris:0.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:netris:netris:0.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2016-10-18T02:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0686",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-262.html",
"name" : "RHSA-2003:262",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-374",
"name" : "DSA-374",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://us2.samba.org/samba/ftp/pam_smb/",
"name" : "http://us2.samba.org/samba/ftp/pam_smb/",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.turbolinux.com/security/TLSA-2003-50.txt",
"name" : "TLSA-2003-50",
"refsource" : "TURBO",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-261.html",
"name" : "RHSA-2003:261",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/680260",
"name" : "VU#680260",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://secunia.com/advisories/9611",
"name" : "9611",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000734",
"name" : "CLA-2003:734",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106252769930090&w=2",
"name" : "20030901 GLSA: pam_smb (200309-01)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A469",
"name" : "oval:org.mitre.oval:def:469",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in PAM SMB module (pam_smb) 1.1.6 and earlier, when authenticating to a remote service, allows remote attackers to execute arbitrary code."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:dave_airlie:pam_smb:1.1.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:dave_airlie:pam_smb:1.1.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:pam_smb:1.1.6-7:*:i386:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:dave_airlie:pam_smb:1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:dave_airlie:pam_smb:2.0_rc4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:pam_smb:1.1.6-2:*:i386:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:dave_airlie:pam_smb:1.1.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:dave_airlie:pam_smb:1.1.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:dave_airlie:pam_smb:1.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:dave_airlie:pam_smb:1.1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:pam_smb:1.1.6-2:*:ia64:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:pam_smb:1.1.6-5:*:i386:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-20T04:00Z",
"lastModifiedDate" : "2018-05-03T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0687",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ ]
} ]
},
"references" : {
"reference_data" : [ ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate has been revoked by its Candidate Numbering Authority (CNA) because it was internally assigned to a problem that was not reachable (the affected routine was not used by the software). Notes: none."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ ]
},
"impact" : { },
"publishedDate" : "2004-08-18T04:00Z",
"lastModifiedDate" : "2008-09-10T19:20Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0688",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-265.html",
"name" : "RHSA-2003:265",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.sendmail.org/dnsmap1.html",
"name" : "http://www.sendmail.org/dnsmap1.html",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20030803-01-P",
"name" : "20030803-01-P",
"refsource" : "SGI",
"tags" : [ ]
}, {
"url" : "http://www.novell.com/linux/security/advisories/2003_035_sendmail.html",
"name" : "SuSE-SA:2003:035",
"refsource" : "SUSE",
"tags" : [ ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/993452",
"name" : "VU#993452",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000727",
"name" : "CLA-2003:727",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:086",
"name" : "MDKSA-2003:086",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A597",
"name" : "oval:org.mitre.oval:def:597",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The DNS map code in Sendmail 8.12.8 and earlier, when using the \"enhdnsbl\" feature, does not properly initialize certain data structures, which allows remote attackers to cause a denial of service (process crash) via an invalid DNS response that causes Sendmail to free incorrect data."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:sendmail:8.12.8-4:*:i386_dev:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:sendmail:8.12.8-4:*:i386_doc:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.19:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:sendmail:8.12.5-7:*:i386_dev:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:sendmail:8.12.5-7:*:i386_doc:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:sendmail:8.12.5-7:*:i386:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:sendmail:8.12.5-7:*:i386_cf:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:sendmail:8.12.8-4:*:i386_cf:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.21:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.20:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:sendmail:8.12.8-4:*:i386:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.0a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:3.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-20T04:00Z",
"lastModifiedDate" : "2018-05-03T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0689",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-249.html",
"name" : "RHSA-2003:249",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-325.html",
"name" : "RHSA-2003:325",
"refsource" : "REDHAT",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The getgrouplist function in GNU libc (glibc) 2.2.4 and earlier allows attackers to cause a denial of service (segmentation fault) and execute arbitrary code when a user is a member of a large number of groups, which can cause a buffer overflow."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-20T04:00Z",
"lastModifiedDate" : "2008-09-10T19:20Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0690",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.kde.org/info/security/advisory-20030916-1.txt",
"name" : "http://www.kde.org/info/security/advisory-20030916-1.txt",
"refsource" : "CONFIRM",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-270.html",
"name" : "RHSA-2003:270",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://cert.uni-stuttgart.de/archive/suse/security/2002/12/msg00101.html",
"name" : "http://cert.uni-stuttgart.de/archive/suse/security/2002/12/msg00101.html",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-388",
"name" : "DSA-388",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2004/dsa-443",
"name" : "DSA-443",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-286.html",
"name" : "RHSA-2003:286",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-289.html",
"name" : "RHSA-2003:289",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000747",
"name" : "CLA-2003:747",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-287.html",
"name" : "RHSA-2003:287",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-288.html",
"name" : "RHSA-2003:288",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:091",
"name" : "MDKSA-2003:091",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106374551513499&w=2",
"name" : "20030916 [KDE SECURITY ADVISORY] KDM vulnerabilities",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A193",
"name" : "oval:org.mitre.oval:def:193",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "KDM in KDE 3.1.3 and earlier does not verify whether the pam_setcred function call succeeds, which may allow attackers to gain root privileges by triggering error conditions within PAM modules, as demonstrated in certain configurations of the MIT pam_krb5 module."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:kde:kde:1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:kde:kde:1.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:kde:kde:2.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:kde:kde:2.1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:kde:kde:3.0.3a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:kde:kde:3.0.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:kde:kde:3.1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:kde:kde:3.1.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:kde:kde:2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:kde:kde:2.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:kde:kde:3.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:kde:kde:2.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:kde:kde:3.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:kde:kde:3.0.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:kde:kde:2.0_beta:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:kde:kde:2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:kde:kde:3.1.1a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:kde:kde:3.0.5b:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:kde:kde:2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:kde:kde:3.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:kde:kde:3.0.5a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:kde:kde:1.1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:kde:kde:2.2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:kde:kde:3.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:kde:kde:1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:kde:kde:3.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:kde:kde:3.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-06T04:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0691",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ ]
} ]
},
"references" : {
"reference_data" : [ ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not associated with any specific security issue. Notes: none."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ ]
},
"impact" : { },
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-10T19:20Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0692",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.kde.org/info/security/advisory-20030916-1.txt",
"name" : "http://www.kde.org/info/security/advisory-20030916-1.txt",
"refsource" : "CONFIRM",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-270.html",
"name" : "RHSA-2003:270",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-388",
"name" : "DSA-388",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://cert.uni-stuttgart.de/archive/suse/security/2002/12/msg00101.html",
"name" : "http://cert.uni-stuttgart.de/archive/suse/security/2002/12/msg00101.html",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000747",
"name" : "CLA-2003:747",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-288.html",
"name" : "RHSA-2003:288",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:091",
"name" : "MDKSA-2003:091",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106374551513499&w=2",
"name" : "20030916 [KDE SECURITY ADVISORY] KDM vulnerabilities",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A215",
"name" : "oval:org.mitre.oval:def:215",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "KDM in KDE 3.1.3 and earlier uses a weak session cookie generation algorithm that does not provide 128 bits of entropy, which allows attackers to guess session cookies via brute force methods and gain access to the user session."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:kde:kde:2.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:kde:kde:2.0_beta:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:kde:kde:2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:kde:kde:3.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:kde:kde:3.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:kde:kde:3.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:kde:kde:3.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:kde:kde:1.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:kde:kde:1.1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:kde:kde:2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:kde:kde:2.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:kde:kde:2.1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:kde:kde:2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:kde:kde:3.0.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:kde:kde:3.1.1a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:kde:kde:3.0.5b:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:kde:kde:3.1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:kde:kde:3.0.5a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:kde:kde:3.0.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:kde:kde:3.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:kde:kde:2.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:kde:kde:3.1.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:kde:kde:2.2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:kde:kde:1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:kde:kde:1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:kde:kde:3.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:kde:kde:3.0.3a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-06T04:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0693",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.kb.cert.org/vuls/id/333628",
"name" : "VU#333628",
"refsource" : "CERT-VN",
"tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.openssh.com/txt/buffer.adv",
"name" : "http://www.openssh.com/txt/buffer.adv",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010135.html",
"name" : "20030915 openssh remote exploit",
"refsource" : "FULLDISC",
"tags" : [ ]
}, {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010146.html",
"name" : "20030916 The lowdown on SSH vulnerability",
"refsource" : "FULLDISC",
"tags" : [ ]
}, {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010103.html",
"name" : "20030915 new ssh exploit?",
"refsource" : "FULLDISC",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-280.html",
"name" : "RHSA-2003:280",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-382",
"name" : "DSA-382",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-383",
"name" : "DSA-383",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.cert.org/advisories/CA-2003-24.html",
"name" : "CA-2003-24",
"refsource" : "CERT",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:090",
"name" : "MDKSA-2003:090",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000620.1-1",
"name" : "1000620",
"refsource" : "SUNALERT",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106374466212309&w=2",
"name" : "20030916 [slackware-security] OpenSSH Security Advisory (SSA:2003-259-01)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106373247528528&w=2",
"name" : "20030916 OpenSSH Buffer Management Bug Advisory",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106373546332230&w=2",
"name" : "RHSA-2003:279",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106381396120332&w=2",
"name" : "2003-0033",
"refsource" : "TRUSTIX",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106381409220492&w=2",
"name" : "20030917 [OpenPKG-SA-2003.040] OpenPKG Security Advisory (openssh)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13191",
"name" : "openssh-packet-bo(13191)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A447",
"name" : "oval:org.mitre.oval:def:447",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2719",
"name" : "oval:org.mitre.oval:def:2719",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "A \"buffer management error\" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be freed and corrupting the heap, a different vulnerability than CVE-2003-0695."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "3.7",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-09-22T04:00Z",
"lastModifiedDate" : "2018-05-03T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0694",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.sendmail.org/8.12.10.html",
"name" : "http://www.sendmail.org/8.12.10.html",
"refsource" : "CONFIRM",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.cert.org/advisories/CA-2003-25.html",
"name" : "CA-2003-25",
"refsource" : "CERT",
"tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0113.html",
"name" : "20030917 Zalewski Advisory - Sendmail 8.12.9 prescan bug",
"refsource" : "VULNWATCH",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-283.html",
"name" : "RHSA-2003:283",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-284.html",
"name" : "RHSA-2003:284",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000742",
"name" : "CLA-2003:742",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-384",
"name" : "DSA-384",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.11/SCOSA-2004.11.txt",
"name" : "SCOSA-2004.11",
"refsource" : "SCO",
"tags" : [ ]
}, {
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2003-q3/4119.html",
"name" : "20030917 Sendmail 8.12.9 prescan bug (a new one) [CAN-2003-0694]",
"refsource" : "FULLDISC",
"tags" : [ ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/784980",
"name" : "VU#784980",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:092",
"name" : "MDKSA-2003:092",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106383437615742&w=2",
"name" : "20030917 GLSA: sendmail (200309-13)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106382859407683&w=2",
"name" : "20030917 [slackware-security] Sendmail vulnerabilities fixed (SSA:2003-260-02)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106381604923204&w=2",
"name" : "20030917 Sendmail 8.12.9 prescan bug (a new one) [CAN-2003-0694]",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106398718909274&w=2",
"name" : "20030919 [OpenPKG-SA-2003.041] OpenPKG Security Advisory (sendmail)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A603",
"name" : "oval:org.mitre.oval:def:603",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A572",
"name" : "oval:org.mitre.oval:def:572",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2975",
"name" : "oval:org.mitre.oval:def:2975",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:advanced_message_server:1.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.10.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.11.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.11.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:3.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:3.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.11.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.11.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:2.2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.11.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12:beta16:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.11.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:advanced_message_server:1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12:beta12:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:3.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.15:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:2.2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.20f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12:beta7:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.9.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12:beta5:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:3.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_pro:8.9.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.16:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:2.1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:3.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:2.6.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.9.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:2.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.8.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.17f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.11.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:2.1.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:2.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:2.6.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.18f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.19f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.21f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.9.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_pro:8.9.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.21m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.10.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.17m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.20m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.9.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:2.1.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.19m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:3.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:2.2.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:3.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail:8.12:beta10:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:2.2.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:3.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.18m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sendmail:sendmail_switch:2.1.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:4.0g_pk4_bl22:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1a_pk3_bl3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1a_pk4_bl21:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.3:release_p38:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.3:releng:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.7:release_p17:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:turbolinux:turbolinux_server:6.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.5.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1_pk3_bl17:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1_pk4_bl18:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:4.0f_pk6_bl17:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.7:releng:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.4:release_p42:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:gentoo:linux:0.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:4.0f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.5.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1_pk5_bl19:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1a_pk5_bl23:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1b:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:gentoo:linux:0.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:turbolinux:turbolinux_server:6.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.6:releng:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:3.0:releng:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:5.1:releng:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.8:release_p6:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:5.1:release_p5:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:turbolinux:turbolinux_server:7.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.6:release_p20:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:4.0g:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.5:*:sh3:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:4.0g_pk3_bl17:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:4.0f_pk8_bl22:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.6:beta:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:gentoo:linux:1.4:rc3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.4:releng:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.0.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.9:pre-release:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.22:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.5:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:ibm:aix:4.3.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1_pk6_bl20:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:gentoo:linux:1.1a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:turbolinux:turbolinux_workstation:8.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.4.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.0:releng:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:gentoo:linux:1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1a_pk2_bl2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:turbolinux:turbolinux_advanced_server:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:turbolinux:turbolinux_server:8.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.8:releng:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:4.0f_pk7_bl18:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1a_pk1_bl1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:turbolinux:turbolinux_workstation:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:5.0:release_p14:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.6.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:5.0:releng:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1b_pk1_bl1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:gentoo:linux:1.4:rc1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:turbolinux:turbolinux_workstation:7.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.5:release_p32:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1b_pk2_bl22:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.5:releng:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:gentoo:linux:1.4:rc2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:ibm:aix:5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-06T04:00Z",
"lastModifiedDate" : "2018-10-30T16:26Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0695",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-280.html",
"name" : "RHSA-2003:280",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-383",
"name" : "DSA-383",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.openssh.com/txt/buffer.adv",
"name" : "http://www.openssh.com/txt/buffer.adv",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-382",
"name" : "DSA-382",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000741",
"name" : "CLA-2003:741",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:090",
"name" : "MDKSA-2003:090",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106373546332230&w=2",
"name" : "RHSA-2003:279",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106381396120332&w=2",
"name" : "2003-0033",
"refsource" : "TRUSTIX",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=openbsd-security-announce&m=106375582924840",
"name" : "http://marc.info/?l=openbsd-security-announce&m=106375582924840",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106382542403716&w=2",
"name" : "20030917 [slackware-security] OpenSSH updated again (SSA:2003-260-01)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106381409220492&w=2",
"name" : "20030917 [OpenPKG-SA-2003.040] OpenPKG Security Advisory (openssh)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A452",
"name" : "oval:org.mitre.oval:def:452",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple \"buffer management errors\" in OpenSSH before 3.7.1 may allow attackers to cause a denial of service or execute arbitrary code using (1) buffer_init in buffer.c, (2) buffer_free in buffer.c, or (3) a separate function in channels.c, a different vulnerability than CVE-2003-0693."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "3.7.1",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-06T04:00Z",
"lastModifiedDate" : "2018-05-03T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0696",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "https://techsupport.services.ibm.com/server/pseries.subscriptionSvcs?mode=7&heading=AIX51&topic=SECURITY&month=200310&label=getipnodebyname%28%29+API+does+not+close+sockets.&date=20031001&bulletin=datafile150755&embed=true",
"name" : "https://techsupport.services.ibm.com/server/pseries.subscriptionSvcs?mode=7&heading=AIX51&topic=SECURITY&month=200310&label=getipnodebyname%28%29+API+does+not+close+sockets.&date=20031001&bulletin=datafile150755&embed=true",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/8738",
"name" : "8738",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13328",
"name" : "aix-sendmail-getipnodebyname-dos(13328)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The getipnodebyname() API in AIX 5.1 and 5.2 does not properly close sockets, which allows attackers to cause a denial of service (resource exhaustion)."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:ibm:aix:5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-01-20T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0697",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=IY45344&apar=only",
"name" : "IY45344",
"refsource" : "AIXAPAR",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www-1.ibm.com/services/continuity/recover1.nsf/mss/MSS-OAR-E01-2003.1605.1",
"name" : "http://www-1.ibm.com/services/continuity/recover1.nsf/mss/MSS-OAR-E01-2003.1605.1",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=IY45250&apar=only",
"name" : "IY45250",
"refsource" : "AIXAPAR",
"tags" : [ ]
}, {
"url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=IY46256&apar=only",
"name" : "IY46256",
"refsource" : "AIXAPAR",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Format string vulnerability in lpd in the bos.rte.printers fileset for AIX 4.3 through 5.2, with debug enabled, allows local users to cause a denial of service (crash) or gain root privileges."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:ibm:aix:5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:ibm:aix:4.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-06T04:00Z",
"lastModifiedDate" : "2008-09-10T19:20Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0698",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ ]
} ]
},
"references" : {
"reference_data" : [ ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2003-0743. Reason: This candidate is a duplicate of CVE-2003-0743. Notes: All CVE users should reference CVE-2003-0743 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ ]
},
"impact" : { },
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-10T19:20Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0699",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-198.html",
"name" : "RHSA-2003:198",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-238.html",
"name" : "RHSA-2003:238",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-239.html",
"name" : "RHSA-2003:239",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A387",
"name" : "oval:org.mitre.oval:def:387",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The C-Media PCI sound driver in Linux before 2.4.21 does not use the get_user function to access userspace, which crosses security boundaries and may facilitate the exploitation of vulnerabilities, a different vulnerability than CVE-2003-0700."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0700",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-238.html",
"name" : "RHSA-2003:238",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2004-044.html",
"name" : "RHSA-2004:044",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A401",
"name" : "oval:org.mitre.oval:def:401",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The C-Media PCI sound driver in Linux before 2.4.22 does not use the get_user function to access userspace in certain conditions, which crosses security boundaries and may facilitate the exploitation of vulnerabilities, a different vulnerability than CVE-2003-0699."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:kernel:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "2.4.21",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-02-17T05:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0701",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.kb.cert.org/vuls/id/334928",
"name" : "VU#334928",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106148101210479&w=2",
"name" : "20030820 [SNS Advisory No.68] Internet Explorer Object Type Buffer Overflow in Double-Byte Character Set Environment",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12970",
"name" : "ie-dbcs-object-bo(12970)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032",
"name" : "MS03-032",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in Internet Explorer 6 SP1 for certain languages that support double-byte encodings (e.g., Japanese) allows remote attackers to execute arbitrary code via the Type property of an Object tag, a variant of CVE-2003-0344."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.01:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:*:windows_server_2003:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2018-10-12T21:32Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0702",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.enteredge.com/research/CAN-2003-0702.asp",
"name" : "http://www.enteredge.com/research/CAN-2003-0702.asp",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106278164225389&w=2",
"name" : "20030905 ISS Server Sensor Denial of Service",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13088",
"name" : "realsecure-isapi-dos(13088)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unknown vulnerability in an ISAPI plugin for ISS Server Sensor 7.0 XPU 20.16, 20.18, and possibly other versions before 20.19, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code in Internet Information Server (IIS) via a certain URL through SSL."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:iss:realsecure_server_sensor:7.0:xpu20.16:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:iss:realsecure_server_sensor:7.0:xpu20.18:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-20T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0703",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/8497",
"name" : "8497",
"refsource" : "BID",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.atstake.com/research/advisories/2003/a082203-1.txt",
"name" : "A082203-1",
"refsource" : "ATSTAKE",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13008",
"name" : "kismac-exchangekernel-kernel-overwrite(13008)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13007",
"name" : "kismac-driverkext-load-modules(13007)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "KisMAC before 0.05d trusts user-supplied variables to load arbitrary kernels or kernel modules, which allows local users to gain privileges via the $DRIVER_KEXT environment variable as used in (1) viha_driver.sh, (2) macjack_load.sh, or (3) airojack_load.sh, or (4) via \"similar techniques\" using exchangeKernel.sh."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:kismac:kismac:0.05d:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-09-17T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0704",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.atstake.com/research/advisories/2003/a082203-1.txt",
"name" : "A082203-1",
"refsource" : "ATSTAKE",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/8497",
"name" : "8497",
"refsource" : "BID",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13010",
"name" : "kismac-viha-gain-privileges(13010)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13009",
"name" : "kismac-setuid-modify-ownership(13009)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13006",
"name" : "kismac-driverkext-modify-ownership(13006)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "KisMAC before 0.05d trusts user-supplied variables when chown'ing files or directories, which allows local users to gain privileges via the $DRIVER_KEXT environment variable in (1) viha_driver.sh, (2) macjack_load.sh, (3) airojack_load.sh, (4) setuid_enable.sh, (5) setuid_disable.sh, and using a \"similar technique\" for (6) viha_prep.sh and (7) viha_unprep.sh."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:kismac:kismac:0.05d:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-09-17T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0705",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-378",
"name" : "DSA-378",
"refsource" : "DEBIAN",
"tags" : [ "Patch" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in mah-jong 1.5.6 and earlier allows remote attackers to execute arbitrary code."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:nicolas_boullis:mah-jong:1.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-09-17T04:00Z",
"lastModifiedDate" : "2008-09-10T19:20Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0706",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-378",
"name" : "DSA-378",
"refsource" : "DEBIAN",
"tags" : [ "Patch" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unknown vulnerability in mah-jong 1.5.6 and earlier allows remote attackers to cause a denial of service (tight loop)."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:nicolas_boullis:mah-jong:1.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-09-17T04:00Z",
"lastModifiedDate" : "2008-09-10T19:20Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0707",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-375",
"name" : "DSA-375",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in LinuxNode (node) before 0.3.2 allows remote attackers to execute arbitrary code."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:tomi_manninen:linuxnode:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "0.3.2",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-20T04:00Z",
"lastModifiedDate" : "2008-09-05T20:35Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0708",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-375",
"name" : "DSA-375",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Format string vulnerability in LinuxNode (node) before 0.3.2 may allow attackers to cause a denial of service or execute arbitrary code."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:tomi_manninen:linuxnode:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "0.3.2",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-20T04:00Z",
"lastModifiedDate" : "2008-09-05T20:35Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0709",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.zone-h.org/en/advisories/read/id=2925/",
"name" : "http://www.zone-h.org/en/advisories/read/id=2925/",
"refsource" : "MISC",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in the whois client, which is not setuid but is sometimes called from within CGI programs, may allow remote attackers to execute arbitrary code via a long command line option."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:whois:whois:4.5.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:whois:whois:4.6.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-20T04:00Z",
"lastModifiedDate" : "2008-09-10T19:20Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0711",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.kb.cert.org/vuls/id/467036",
"name" : "VU#467036",
"refsource" : "CERT-VN",
"tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.securityfocus.com/bid/8828",
"name" : "8828",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.ngssoftware.com/advisories/ms-pchealth.txt",
"name" : "http://www.ngssoftware.com/advisories/ms-pchealth.txt",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.cert.org/advisories/CA-2003-27.html",
"name" : "CA-2003-27",
"refsource" : "CERT",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://marc.info/?l=ntbugtraq&m=106632194809632&w=2",
"name" : "20031016 Microsoft PCHealth 2003/XP Buffer Overflow (#NISR15102003)",
"refsource" : "NTBUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106631908105696&w=2",
"name" : "20031016 Microsoft PCHealth 2003/XP Buffer Overflow (#NISR15102003)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4706",
"name" : "oval:org.mitre.oval:def:4706",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3889",
"name" : "oval:org.mitre.oval:def:3889",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3685",
"name" : "oval:org.mitre.oval:def:3685",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A217",
"name" : "oval:org.mitre.oval:def:217",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-044",
"name" : "MS03-044",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Stack-based buffer overflow in the PCHealth system in the Help and Support Center function in Windows XP and Windows Server 2003 allows remote attackers to execute arbitrary code via a long query in an HCP URL."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:r2:*:64-bit:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-17T05:00Z",
"lastModifiedDate" : "2019-04-30T14:27Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0712",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-79"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.kb.cert.org/vuls/id/435444",
"name" : "VU#435444",
"refsource" : "CERT-VN",
"tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.securityfocus.com/bid/8832",
"name" : "8832",
"refsource" : "BID",
"tags" : [ "Patch", "Third Party Advisory", "VDB Entry" ]
}, {
"url" : "http://www.cert.org/advisories/CA-2003-27.html",
"name" : "CA-2003-27",
"refsource" : "CERT",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106631918405915&w=2",
"name" : "20031016 Vulnerability in Exchange Server 5.5 Outlook Web Access Could Allow",
"refsource" : "BUGTRAQ",
"tags" : [ "Mailing List", "Third Party Advisory" ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-047",
"name" : "MS03-047",
"refsource" : "MS",
"tags" : [ "Patch", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in the HTML encoding for the Compose New Message form in Microsoft Exchange Server 5.5 Outlook Web Access (OWA) allows remote attackers to execute arbitrary web script."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:exchange_server:5.5:-:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:exchange_server:5.5:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:exchange_server:5.5:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:exchange_server:5.5:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:exchange_server:5.5:sp4:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"acInsufInfo" : false,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-17T05:00Z",
"lastModifiedDate" : "2020-04-09T13:48Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0714",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-400"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.kb.cert.org/vuls/id/422156",
"name" : "VU#422156",
"refsource" : "CERT-VN",
"tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.securityfocus.com/bid/8838",
"name" : "8838",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch", "Third Party Advisory", "VDB Entry" ]
}, {
"url" : "http://www.cert.org/advisories/CA-2003-27.html",
"name" : "CA-2003-27",
"refsource" : "CERT",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106682909006586&w=2",
"name" : "20031022 MS03-046 Microsoft Exchange 2000 Heap Overflow",
"refsource" : "BUGTRAQ",
"tags" : [ "Mailing List", "Third Party Advisory" ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-046",
"name" : "MS03-046",
"refsource" : "MS",
"tags" : [ "Patch", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The Internet Mail Service in Exchange Server 5.5 and Exchange 2000 allows remote attackers to cause a denial of service (memory exhaustion) by directly connecting to the SMTP service and sending a certain extended verb request, possibly triggering a buffer overflow in Exchange 2000."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:exchange_server:5.5:-:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:exchange_server:5.5:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:exchange_server:5.5:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:exchange_server:5.5:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:exchange_server:5.5:sp4:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:exchange_server:2000:-:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:exchange_server:2000:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:exchange_server:2000:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:exchange_server:2000:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-17T05:00Z",
"lastModifiedDate" : "2020-04-09T13:49Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0715",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.cert.org/advisories/CA-2003-23.html",
"name" : "CA-2003-23",
"refsource" : "CERT",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/483492",
"name" : "VU#483492",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106322856608909&w=2",
"name" : "20030910 EEYE: Microsoft RPC Heap Corruption Vulnerability - Part II",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4224",
"name" : "oval:org.mitre.oval:def:4224",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A264",
"name" : "oval:org.mitre.oval:def:264",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A20",
"name" : "oval:org.mitre.oval:def:20",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1813",
"name" : "oval:org.mitre.oval:def:1813",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1202",
"name" : "oval:org.mitre.oval:def:1202",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-039",
"name" : "MS03-039",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed DCERPC DCOM object activation request packet with modified length fields, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0528."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:r2:*:64-bit:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-09-17T04:00Z",
"lastModifiedDate" : "2019-04-30T14:27Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0717",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.kb.cert.org/vuls/id/575892",
"name" : "VU#575892",
"refsource" : "CERT-VN",
"tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.securityfocus.com/bid/8826",
"name" : "8826",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.cert.org/advisories/CA-2003-27.html",
"name" : "CA-2003-27",
"refsource" : "CERT",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106666713812158&w=2",
"name" : "20031018 Proof of concept for Windows Messenger Service overflow",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=ntbugtraq&m=106632188709562&w=2",
"name" : "20031016 MS03-043 Popup Messenger Servce buffer-overflow",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A268",
"name" : "oval:org.mitre.oval:def:268",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A213",
"name" : "oval:org.mitre.oval:def:213",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-043",
"name" : "MS03-043",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The Messenger Service for Windows NT through Server 2003 does not properly verify the length of the message, which allows remote attackers to execute arbitrary code via a buffer overflow attack."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:r2:*:64-bit:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-17T05:00Z",
"lastModifiedDate" : "2019-04-30T14:27Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0718",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=109762641822064&w=2",
"name" : "20041012 Microsoft IIS 5.x/6.0 WebDAV (XML parser) attribute blowup DoS",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17656",
"name" : "iis-ms04030-patch(17656)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17645",
"name" : "iis-webdav-xml-attribute-dos(17645)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4767",
"name" : "oval:org.mitre.oval:def:4767",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1427",
"name" : "oval:org.mitre.oval:def:1427",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1330",
"name" : "oval:org.mitre.oval:def:1330",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-030",
"name" : "MS04-030",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The WebDAV Message Handler for Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows remote attackers to cause a denial of service (memory and CPU exhaustion, application crash) via a PROPFIND request with an XML message containing XML elements with a large number of attributes."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_information_server:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-11-03T05:00Z",
"lastModifiedDate" : "2020-11-23T19:49Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0719",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://xforce.iss.net/xforce/alerts/id/168",
"name" : "20040413 Microsoft SSL Library Remote Compromise Vulnerability",
"refsource" : "ISS",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/archive/1/361836",
"name" : "20040430 A technical description of the SSL PCT vulnerability (CVE-2003-0719)",
"refsource" : "BUGTRAQ",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.us-cert.gov/cas/techalerts/TA04-104A.html",
"name" : "TA04-104A",
"refsource" : "CERT",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/586540",
"name" : "VU#586540",
"refsource" : "CERT-VN",
"tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A951",
"name" : "oval:org.mitre.oval:def:951",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A903",
"name" : "oval:org.mitre.oval:def:903",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A889",
"name" : "oval:org.mitre.oval:def:889",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1093",
"name" : "oval:org.mitre.oval:def:1093",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-011",
"name" : "MS04-011",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in the Private Communications Transport (PCT) protocol implementation in the Microsoft SSL library, as used in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via PCT 1.0 handshake packets."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:netmeeting:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:fr:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-06-01T04:00Z",
"lastModifiedDate" : "2018-10-12T21:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0720",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.idefense.com/advisory/09.10.03.txt",
"name" : "http://www.idefense.com/advisory/09.10.03.txt",
"refsource" : "MISC",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-273.html",
"name" : "RHSA-2003:273",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0099.html",
"name" : "20030910 iDEFENSE Security Advisory 09.10.03: Two Exploitable Overflows in PINE",
"refsource" : "VULNWATCH",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-274.html",
"name" : "RHSA-2003:274",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106329356702508&w=2",
"name" : "20030911 [slackware-security] security issues in pine (SSA:2003-253-01)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106322571805153&w=2",
"name" : "20030910 iDEFENSE Security Advisory 09.10.03: Two Exploitable Overflows in PINE",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A499",
"name" : "oval:org.mitre.oval:def:499",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in PINE before 4.58 allows remote attackers to execute arbitrary code via a malformed message/external-body MIME type."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:university_of_washington:pine:4.20:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:university_of_washington:pine:4.21:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:university_of_washington:pine:4.56:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:university_of_washington:pine:4.30:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:university_of_washington:pine:4.33:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:university_of_washington:pine:4.0.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:university_of_washington:pine:4.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:university_of_washington:pine:4.52:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:university_of_washington:pine:4.53:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:university_of_washington:pine:3.98:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:university_of_washington:pine:4.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:university_of_washington:pine:4.50:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:university_of_washington:pine:4.44:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-09-17T04:00Z",
"lastModifiedDate" : "2018-05-03T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0721",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.idefense.com/advisory/09.10.03.txt",
"name" : "20030910 Two Exploitable Overflows in PINE",
"refsource" : "IDEFENSE",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-273.html",
"name" : "RHSA-2003:273",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009850.html",
"name" : "20030911 Pine: .procmailrc rule against integer overflow",
"refsource" : "FULLDISC",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-274.html",
"name" : "RHSA-2003:274",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106329356702508&w=2",
"name" : "20030911 [slackware-security] security issues in pine (SSA:2003-253-01)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106367213400313&w=2",
"name" : "20030915 remote Pine <= 4.56 exploit fully automatic",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A503",
"name" : "oval:org.mitre.oval:def:503",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Integer signedness error in rfc2231_get_param from strings.c in PINE before 4.58 allows remote attackers to execute arbitrary code via an email that causes an out-of-bounds array access using a negative number."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:university_of_washington:pine:4.33:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:university_of_washington:pine:4.44:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:university_of_washington:pine:3.98:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:university_of_washington:pine:4.21:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:university_of_washington:pine:4.30:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:university_of_washington:pine:4.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:university_of_washington:pine:4.50:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:university_of_washington:pine:4.52:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:university_of_washington:pine:4.0.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:university_of_washington:pine:4.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:university_of_washington:pine:4.20:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:university_of_washington:pine:4.56:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:university_of_washington:pine:4.53:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-09-17T04:00Z",
"lastModifiedDate" : "2018-05-03T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0722",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.idefense.com/advisory/09.16.03.txt",
"name" : "http://www.idefense.com/advisory/09.16.03.txt",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0115.html",
"name" : "20030918 Solaris SADMIND Exploitation",
"refsource" : "VULNWATCH",
"tags" : [ ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/41870",
"name" : "VU#41870",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://www.ciac.org/ciac/bulletins/n-148.shtml",
"name" : "N-148",
"refsource" : "CIAC",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/8615",
"name" : "8615",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/9742",
"name" : "9742",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-56740-1&searchclause=security",
"name" : "56740",
"refsource" : "SUNALERT",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106391959014331&w=2",
"name" : "20030918 Solaris SADMIND Exploitation",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1273",
"name" : "oval:org.mitre.oval:def:1273",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The default installation of sadmind on Solaris uses weak authentication (AUTH_SYS), which allows local and remote attackers to spoof Solstice AdminSuite clients and gain root privileges via a certain sequence of RPC packets."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-09-22T04:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0723",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:087",
"name" : "MDKSA-2003:087",
"refsource" : "MANDRAKE",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in gkrellmd for gkrellm 2.1.x before 2.1.14 may allow remote attackers to execute arbitrary code."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gkrellm:gkrellm:2.1.13:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gkrellm:gkrellm:2.1.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-20T04:00Z",
"lastModifiedDate" : "2008-09-10T19:20Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0724",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/advisories/5736",
"name" : "SSRT3588",
"refsource" : "HP",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/8492",
"name" : "8492",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "ssh on HP Tru64 UNIX 5.1B and 5.1A does not properly handle RSA signatures when digital certificates and RSA keys are used, which could allow local and remote attackers to gain privileges."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1b_pk2_bl22:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1a_pk1_bl1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1a_pk2_bl2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1a_pk3_bl3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1a_pk4_bl21:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1a_pk5_bl23:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-20T04:00Z",
"lastModifiedDate" : "2008-09-05T20:35Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0725",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/8476",
"name" : "8476",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0087.html",
"name" : "20030825 New Bug in RealServer",
"refsource" : "VULNWATCH",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://lists.immunitysec.com/pipermail/dailydave/2003-August/000030.html",
"name" : "http://lists.immunitysec.com/pipermail/dailydave/2003-August/000030.html",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.service.real.com/help/faq/security/rootexploit082203.html",
"name" : "http://www.service.real.com/help/faq/security/rootexploit082203.html",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/934932",
"name" : "VU#934932",
"refsource" : "CERT-VN",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in the RTSP protocol parser for the View Source plug-in (vsrcplin.so or vsrcplin3260.dll) for RealNetworks Helix Universal Server 9 and RealSystem Server 8, 7 and RealServer G2 allows remote attackers to execute arbitrary code."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:realnetworks:helix_universal_server:8.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:realnetworks:realserver:7.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:realnetworks:realserver:8.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:realnetworks:helix_universal_server:9.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:realnetworks:helix_universal_server:9.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:realnetworks:helix_universal_server:9.0.2.794:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:realnetworks:realserver:7.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:realnetworks:realserver:8.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:realnetworks:realserver:8.0_beta:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:realnetworks:realserver:g2_1.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:realnetworks:realserver:7.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:realnetworks:realserver:8.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-20T04:00Z",
"lastModifiedDate" : "2008-09-05T20:35Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0726",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/335293",
"name" : "20030827 RealOne Player Allows Cross Zone and Domain Access",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/8453",
"name" : "8453",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.digitalpranksters.com/advisories/realnetworks/smilscriptprotocol.html",
"name" : "http://www.digitalpranksters.com/advisories/realnetworks/smilscriptprotocol.html",
"refsource" : "MISC",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.service.real.com/help/faq/security/securityupdate_august2003.html",
"name" : "http://www.service.real.com/help/faq/security/securityupdate_august2003.html",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://securitytracker.com/id?1007532",
"name" : "1007532",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13028",
"name" : "realone-smil-execute-code(13028)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "RealOne player allows remote attackers to execute arbitrary script in the \"My Computer\" zone via a SMIL presentation with a URL that references a scripting protocol, which is executed in the security context of the previously loaded URL, as demonstrated using a \"javascript:\" URL in the area tag."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:realnetworks:realone_player:6.0.11.818:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:realnetworks:realone_player:6.0.11.830:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:realnetworks:realone_player:2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:realnetworks:realone_player:6.0.10.505:gold:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:realnetworks:realone_player:6.0.11.841:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:realnetworks:realone_player:6.0.11.853:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:realnetworks:realone_desktop_manager:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:realnetworks:realone_enterprise_desktop:6.0.11.774:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "HIGH",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.1
},
"severity" : "MEDIUM",
"exploitabilityScore" : 4.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : true
}
},
"publishedDate" : "2003-10-20T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0727",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://otn.oracle.com/deploy/security/pdf/2003Alert58.pdf",
"name" : "http://otn.oracle.com/deploy/security/pdf/2003Alert58.pdf",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "https://www.exploit-db.com/exploits/42780/",
"name" : "42780",
"refsource" : "EXPLOIT-DB",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple buffer overflows in the XML Database (XDB) functionality for Oracle 9i Database Release 2 allow local users to cause a denial of service or hijack user sessions."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:database_server:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 2.1
},
"severity" : "LOW",
"exploitabilityScore" : 3.9,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-20T04:00Z",
"lastModifiedDate" : "2017-09-28T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0728",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=106081310531567&w=2",
"name" : "20030813 PCL-0001: Remote Vulnerability in HORDE MTA < 2.2.4",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106252836330987&w=2",
"name" : "20030901 GLSA: horde (200309-02)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Horde before 2.2.4 allows remote malicious web sites to steal session IDs and read or create arbitrary email by stealing the ID from a referrer URL."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:horde:horde:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "2.2.4",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 6.4
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 4.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-20T04:00Z",
"lastModifiedDate" : "2016-10-18T02:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0729",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securiteam.com/windowsntfocus/5RP0M1PAUM.html",
"name" : "http://www.securiteam.com/windowsntfocus/5RP0M1PAUM.html",
"refsource" : "MISC",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0091.html",
"name" : "20030901 Security Vulnerability in Tellurian TftpdNT (Long Filename)",
"refsource" : "VULNWATCH",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106252411425545&w=2",
"name" : "20030901 Security Vulnerability in Tellurian TftpdNT (Long Filename)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in Tellurian TftpdNT 1.8 allows remote attackers to execute arbitrary code via a TFTP request with a long filename."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:tellurian:tftpdnt:1.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:tellurian:tftpdnt:2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-20T04:00Z",
"lastModifiedDate" : "2016-10-18T02:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0730",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/8514",
"name" : "8514",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-380",
"name" : "DSA-380",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-286.html",
"name" : "RHSA-2003:286",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-288.html",
"name" : "RHSA-2003:288",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-289.html",
"name" : "RHSA-2003:289",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-015.txt.asc",
"name" : "NetBSD-SA2003-015",
"refsource" : "NETBSD",
"tags" : [ ]
}, {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20031101-01-U.asc",
"name" : "20031101-01-U",
"refsource" : "SGI",
"tags" : [ ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000821",
"name" : "CLA-2004:821",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2007-074.htm",
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2007-074.htm",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-287.html",
"name" : "RHSA-2003:287",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102803-1",
"name" : "102803",
"refsource" : "SUNALERT",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/24168",
"name" : "24168",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/24247",
"name" : "24247",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:089",
"name" : "MDKSA-2003:089",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://www.vupen.com/english/advisories/2007/0589",
"name" : "ADV-2007-0589",
"refsource" : "VUPEN",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106229335312429&w=2",
"name" : "20030830 Multiple integer overflows in XFree86 (local/remote)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple integer overflows in the font libraries for XFree86 4.3.0 allow local or remote attackers to cause a denial of service or execute arbitrary code via heap-based and stack-based buffer overflow attacks."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xfree86_project:x11r6:4.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xfree86_project:x11r6:4.3.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.5.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.5.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.6.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-20T04:00Z",
"lastModifiedDate" : "2016-10-18T02:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0731",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/333028",
"name" : "20030813 Portcullis Security Advisory: CiscoWorks 2000 Privilege Escalation Vulnerabilities",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://www.cisco.com/warp/public/707/cisco-sa-20030813-cmf.shtml",
"name" : "20030813 CiscoWorks Application Vulnerabilities",
"refsource" : "CISCO",
"tags" : [ "Patch", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows the guest user to gain administrative privileges via a certain POST request to com.cisco.nm.cmf.servlet.CsAuthServlet, possibly involving the \"cmd\" parameter with a modifyUser value and a modified \"priviledges\" parameter."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cisco:resource_manager:1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cisco:resource_manager_essentials:2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cisco:resource_manager_essentials:2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cisco:resource_manager:1.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cisco:resource_manager_essentials:2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ciscoworks_cd1:1st:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ciscoworks_cd1:3rd:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cisco:ciscoworks_common_management_foundation:2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ciscoworks_cd1:4th:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ciscoworks_cd1:5th:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cisco:ciscoworks_common_management_foundation:2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ciscoworks_cd1:2nd:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-20T04:00Z",
"lastModifiedDate" : "2008-09-10T19:20Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0732",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/333028",
"name" : "20030813 Portcullis Security Advisory: CiscoWorks 2000 Privilege Escalation Vulnerabilities",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://www.cisco.com/warp/public/707/cisco-sa-20030813-cmf.shtml",
"name" : "20030813 CiscoWorks Application Vulnerabilities",
"refsource" : "CISCO",
"tags" : [ "Patch", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows the guest user to obtain restricted information and possibly gain administrative privileges by changing the \"guest\" user to the Admin user on the Modify or delete users pages."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cisco:resource_manager:1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cisco:resource_manager_essentials:2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cisco:resource_manager:1.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cisco:resource_manager_essentials:2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cisco:resource_manager_essentials:2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ciscoworks_cd1:3rd:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ciscoworks_cd1:5th:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cisco:ciscoworks_common_management_foundation:2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cisco:ciscoworks_common_management_foundation:2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ciscoworks_cd1:1st:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ciscoworks_cd1:2nd:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ciscoworks_cd1:4th:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-20T04:00Z",
"lastModifiedDate" : "2008-09-05T20:35Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0733",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/8357",
"name" : "8357",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/SA_BEA03_36.00.jsp",
"name" : "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/SA_BEA03_36.00.jsp",
"refsource" : "CONFIRM",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in WebLogic Integration 7.0 and 2.0, Liquid Data 1.1, and WebLogic Server and Express 5.1 through 7.0, allow remote attackers to execute arbitrary web script and steal authentication credentials via (1) a forward instruction to the Servlet container or (2) other vulnerabilities in the WebLogic Server console application."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:liquid_data:1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_integration:2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_integration:7.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:*:express:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 6.8
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-20T04:00Z",
"lastModifiedDate" : "2008-09-05T20:35Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0734",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:088",
"name" : "MDKSA-2003:088",
"refsource" : "MANDRAKE",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unknown vulnerability in the pam_filter mechanism in pam_ldap before version 162, when LDAP based authentication is being used, allows users to bypass host-based access restrictions and log onto the system."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:padl_software:pam_ldap:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "162",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-20T04:00Z",
"lastModifiedDate" : "2008-09-10T19:20Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0735",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.kb.cert.org/vuls/id/925166",
"name" : "VU#925166",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106252188522715&w=2",
"name" : "20030902 GLSA: phpwebsite (200309-03)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106062021711496&w=2",
"name" : "20030810 phpWebSite SQL Injection & DoS & XSS Vulnerabilities",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "SQL injection vulnerability in the Calendar module of phpWebSite 0.9.x and earlier allows remote attackers to execute arbitrary SQL queries, as demonstrated using the year parameter."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phpwebsite:phpwebsite:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "0.9.0",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-20T04:00Z",
"lastModifiedDate" : "2016-10-18T02:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0736",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.kb.cert.org/vuls/id/664422",
"name" : "VU#664422",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106252188522715&w=2",
"name" : "20030902 GLSA: phpwebsite (200309-03)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106062021711496&w=2",
"name" : "20030810 phpWebSite SQL Injection & DoS & XSS Vulnerabilities",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in phpWebSite 0.9.x and earlier allow remote attackers to execute arbitrary web script via (1) the day parameter in the calendar module, (2) the fatcat_id parameter in the fatcat module, (3) the PAGE_id parameter in the pagemaster module, (4) the PDA_limit parameter in the search, and (5) possibly other parameters in the calendar, fatcat, and pagemaster modules."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phpwebsite:phpwebsite:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "0.9.0",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 6.8
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-20T04:00Z",
"lastModifiedDate" : "2016-10-18T02:37Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0737",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=106252188522715&w=2",
"name" : "20030902 GLSA: phpwebsite (200309-03)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106062021711496&w=2",
"name" : "20030810 phpWebSite SQL Injection & DoS & XSS Vulnerabilities",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The calendar module in phpWebSite 0.9.x and earlier allows remote attackers to obtain the full pathname of phpWebSite via an invalid year, which generates an error from localtime() in TimeZone.php of the Pear library."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phpwebsite:phpwebsite:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "0.9.0",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-20T04:00Z",
"lastModifiedDate" : "2016-10-18T02:37Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0738",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-134"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=106252188522715&w=2",
"name" : "20030902 GLSA: phpwebsite (200309-03)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106062021711496&w=2",
"name" : "20030810 phpWebSite SQL Injection & DoS & XSS Vulnerabilities",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The calendar module in phpWebSite 0.9.x and earlier allows remote attackers to cause a denial of service (crash) via a long year parameter."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phpwebsite:phpwebsite:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "0.9.0",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.8
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-20T04:00Z",
"lastModifiedDate" : "2016-10-18T02:37Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0739",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=1106",
"name" : "http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=1106",
"refsource" : "CONFIRM",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106029217115023&w=2",
"name" : "20030807 VMware Workstation 4.0.1 (for Linux systems) vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "VMware Workstation 4.0.1 for Linux, build 5289 and earlier, allows local users to delete arbitrary files via a symlink attack."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "4.0.1_build_5289",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-20T04:00Z",
"lastModifiedDate" : "2016-10-18T02:37Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0740",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-297.html",
"name" : "RHSA-2003:297",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000736",
"name" : "CLA-2003:736",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:108",
"name" : "MDKSA-2003:108",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106260760211958&w=2",
"name" : "20030903 Stunnel-3.x Daemon Hijacking",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Stunnel 4.00, and 3.24 and earlier, leaks a privileged file descriptor returned by listen(), which allows local users to hijack the Stunnel server."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:3.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:3.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:3.18:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:3.19:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:3.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:3.4a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:3.16:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:3.17:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:3.21c:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:3.22:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:3.24:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:3.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:3.21b:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:3.14:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:3.20:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:3.15:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:3.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:3.21:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:3.13:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:3.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:3.12:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:3.21a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:stunnel:stunnel:4.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-20T04:00Z",
"lastModifiedDate" : "2016-10-18T02:37Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0741",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ ]
} ]
},
"references" : {
"reference_data" : [ ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ ]
},
"impact" : { },
"publishedDate" : "2017-05-11T14:29Z",
"lastModifiedDate" : "2017-05-11T14:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0742",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "SCO Internet Manager (mana) allows local users to execute arbitrary programs by setting the REMOTE_ADDR environment variable to cause menu.mana to run as if it were called from ncsa_httpd, then modifying the PATH environment variable to point to a malicious \"hostname\" program."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sco:openserver:5.0.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sco:openserver:5.0.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sco:openserver:5.0.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-06T04:00Z",
"lastModifiedDate" : "2008-09-10T19:20Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0743",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-376",
"name" : "DSA-376",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.exim.org/pipermail/exim-announce/2003q3/000094.html",
"name" : "http://www.exim.org/pipermail/exim-announce/2003q3/000094.html",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.exim.org/pipermail/exim-users/Week-of-Mon-20030811/057720.html",
"name" : "[Exim] 20030814 Minor security bug",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "http://www.exim.org/pipermail/exim-users/Week-of-Mon-20030811/057809.html",
"name" : "[Exim] 20030815 Minor security bug",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "http://packages.debian.org/changelogs/pool/main/e/exim/exim_3.36-13/changelog",
"name" : "http://packages.debian.org/changelogs/pool/main/e/exim/exim_3.36-13/changelog",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://packages.debian.org/changelogs/pool/main/e/exim4/exim4_4.34-10/changelog",
"name" : "http://packages.debian.org/changelogs/pool/main/e/exim4/exim4_4.34-10/changelog",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000735",
"name" : "CLA-2003:735",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106252015820395&w=2",
"name" : "20030901 exim remote heap overflow, probably not exploitable",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=vuln-dev&m=106264740820334&w=2",
"name" : "20030903 Re: exim remote heap overflow, probably not exploitable",
"refsource" : "VULN-DEV",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) before 3.36 and Exim 4 (exim4) before 4.21 may allow remote attackers to execute arbitrary code via an invalid (1) HELO or (2) EHLO argument with a large number of spaces followed by a NULL character and a newline, which is not properly trimmed before the \"(no argument given)\" string is appended to the buffer."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:university_of_cambridge:exim:3.15:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:university_of_cambridge:exim:3.16:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:university_of_cambridge:exim:3.3.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:university_of_cambridge:exim:3.3.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:university_of_cambridge:exim:3.36:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:university_of_cambridge:exim:4.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:university_of_cambridge:exim:3.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:university_of_cambridge:exim:3.12:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:university_of_cambridge:exim:3.19:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:university_of_cambridge:exim:3.20:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:university_of_cambridge:exim:3.32:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:university_of_cambridge:exim:3.21:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:university_of_cambridge:exim:3.34:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:university_of_cambridge:exim:3.18:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:university_of_cambridge:exim:3.13:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:university_of_cambridge:exim:3.17:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:university_of_cambridge:exim:4.20:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:university_of_cambridge:exim:3.31:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:university_of_cambridge:exim:3.33:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:university_of_cambridge:exim:3.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:university_of_cambridge:exim:3.22:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:university_of_cambridge:exim:3.14:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:university_of_cambridge:exim:3.30:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:university_of_cambridge:exim:3.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:university_of_cambridge:exim:3.35:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-20T04:00Z",
"lastModifiedDate" : "2016-10-18T02:37Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0744",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/",
"name" : "20030903 leafnode 1.9.3 - 1.9.41 security announcement SA-2003-01",
"refsource" : "VULNWATCH",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://leafnode.sourceforge.net/leafnode-SA-2003-01.txt",
"name" : "http://leafnode.sourceforge.net/leafnode-SA-2003-01.txt",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/8541",
"name" : "8541",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/6452",
"name" : "6452",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/9678",
"name" : "9678",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106270038210736&w=2",
"name" : "20030904 leafnode 1.9.3 - 1.9.41 security announcement SA-2003-01",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The fetchnews NNTP client in leafnode 1.9.3 to 1.9.41 allows remote attackers to cause a denial of service (process hang and termination) via certain malformed Usenet news articles that cause fetchnews to hang while waiting for input."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:leafnode:leafnode:1.9.23:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:leafnode:leafnode:1.9.24:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:leafnode:leafnode:1.9.36:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:leafnode:leafnode:1.9.37:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:leafnode:leafnode:1.9.19:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:leafnode:leafnode:1.9.20:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:leafnode:leafnode:1.9.27:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:leafnode:leafnode:1.9.29:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:leafnode:leafnode:1.9.30:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:leafnode:leafnode:1.9.40:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:leafnode:leafnode:1.9.41:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:leafnode:leafnode:1.9.26:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:leafnode:leafnode:1.9.22:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:leafnode:leafnode:1.9.25:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:leafnode:leafnode:1.9.21:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:leafnode:leafnode:1.9.31:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:leafnode:leafnode:1.9.39:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:leafnode:leafnode:1.9.38:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:leafnode:leafnode:1.9.35:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-20T04:00Z",
"lastModifiedDate" : "2016-10-18T02:37Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0745",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-08/0340.html",
"name" : "20030825 SNMPc v5 and v6 remote vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ "Patch", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "SNMPc 6.0.8 and earlier performs authentication to the server on the client side, which allows remote attackers to gain privileges by decrypting the password that is returned by the server."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:castle_rock_computing:snmpc:6.0.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:castle_rock_computing:snmpc:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:castle_rock_computing:snmpc:5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:castle_rock_computing:snmpc:6.0.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-20T04:00Z",
"lastModifiedDate" : "2008-09-10T19:20Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0746",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.kb.cert.org/vuls/id/377804",
"name" : "VU#377804",
"refsource" : "CERT-VN",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.secunia.com/advisories/9482",
"name" : "9482",
"refsource" : "SECUNIA",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://archives.neohapsis.com/archives/hp/2003-q3/0042.html",
"name" : "HPSBUX0308-274",
"refsource" : "HP",
"tags" : [ ]
}, {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20030902-01-P",
"name" : "20030902-01-P",
"refsource" : "SGI",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Various Distributed Computing Environment (DCE) implementations, including HP OpenView, allow remote attackers to cause a denial of service (process hang or termination) via certain malformed inputs, as triggered by attempted exploits against the vulnerabilities CVE-2003-0352 or CVE-2003-0605, such as the Blaster/MSblast/LovSAN worm."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:openview:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-20T04:00Z",
"lastModifiedDate" : "2008-09-05T20:35Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0747",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-08/0361.html",
"name" : "20030830 SAP Internet Transaction Server",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/8515",
"name" : "8515",
"refsource" : "BID",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13063",
"name" : "its-wgatedll-information-disclosure(13063)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "wgate.dll in SAP Internet Transaction Server (ITS) 4620.2.0.323011 allows remote attackers to obtain potentially sensitive information such as directory structure and operating system via incorrect parameters (1) ~service, (2) ~templatelanguage, (3) ~language, (4) ~theme, or (5) ~template, which leaks the information in the resulting error message."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sap:internet_transaction_server:4620.2.0.323011:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-20T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0748",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-08/0361.html",
"name" : "20030830 SAP Internet Transaction Server",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/8516",
"name" : "8516",
"refsource" : "BID",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13066",
"name" : "its-wgatedll-directory-traversal(13066)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Directory traversal vulnerability in wgate.dll for SAP Internet Transaction Server (ITS) 4620.2.0.323011 allows remote attackers to read arbitrary files via ..\\ (dot-dot backslash) sequences in the ~theme parameter and a ~template parameter with a filename followed by space characters, which can prevent SAP from effectively adding a .html extension to the filename."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sap:internet_transaction_server:4620.2.0.323011:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-20T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0749",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-08/0361.html",
"name" : "20030830 SAP Internet Transaction Server",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/8517",
"name" : "8517",
"refsource" : "BID",
"tags" : [ "Exploit", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in wgate.dll for SAP Internet Transaction Server (ITS) 4620.2.0.323011 allows remote attackers to insert arbitrary web script and steal cookies via the ~service parameter."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sap:internet_transaction_server:4620.2.0.323011:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 6.8
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-20T04:00Z",
"lastModifiedDate" : "2008-09-05T20:35Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0750",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0089.html",
"name" : "20030826 [PHP] PY-Membres 4.2 : Admin Access, SQL Injection",
"refsource" : "VULNWATCH",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "secure.php in PY-Membres 4.2 and earlier allows remote attackers to bypass authentication by setting the adminpy parameter."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:py-membres:py-membres:4.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:py-membres:py-membres:4.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:py-membres:py-membres:4.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-20T04:00Z",
"lastModifiedDate" : "2008-09-10T19:20Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0751",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0089.html",
"name" : "20030826 [PHP] PY-Membres 4.2 : Admin Access, SQL Injection",
"refsource" : "VULNWATCH",
"tags" : [ "Exploit", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "SQL injection vulnerability in pass_done.php for PY-Membres 4.2 and earlier allows remote attackers to execute arbitrary SQL queries via the email parameter."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:py-membres:py-membres:4.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:py-membres:py-membres:4.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:py-membres:py-membres:4.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-20T04:00Z",
"lastModifiedDate" : "2008-09-10T19:20Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0752",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0090.html",
"name" : "20030826 [PHP] AttilaPHP 3.0 : User/Admin Access",
"refsource" : "VULNWATCH",
"tags" : [ "Exploit", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "SQL injection vulnerability in global.php3 of AttilaPHP 3.0, and possibly earlier versions, allows remote attackers to bypass authentication via a modified cook_id parameter."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:attila-php.net:attilaphp:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "3.0",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-20T04:00Z",
"lastModifiedDate" : "2008-09-05T20:35Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0753",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-08/0345.html",
"name" : "20030824 newsPHP file inclusion & bad login validation",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "nphpd.php in newsPHP 216 and earlier allows remote attackers to read arbitrary files via a full pathname to the target file in the nphp_config[LangFile] parameter."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:newsphp:newsphp:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "216",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-20T04:00Z",
"lastModifiedDate" : "2008-09-10T19:20Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0754",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-08/0345.html",
"name" : "20030824 newsPHP file inclusion & bad login validation",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "nphpd.php in newsPHP 216 and earlier allows remote attackers to bypass authentication via an HTTP request with a modified nphp_users array, which is used for authentication."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:newsphp:newsphp:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "216",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-20T04:00Z",
"lastModifiedDate" : "2008-09-10T19:20Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0755",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vuln-dev/2003-q3/0101.html",
"name" : "20030826 gtkftpd[v1.0.4(and below)]: remote root buffer overflow exploit.",
"refsource" : "VULN-DEV",
"tags" : [ "Exploit", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in sys_cmd.c for gtkftpd 1.0.4 and earlier allows remote attackers to execute arbitrary code by creating long directory names and listing them with a LIST command."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gtkftpd:gtkftp:1.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gtkftpd:gtkftp:1.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gtkftpd:gtkftp:1.0.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-20T04:00Z",
"lastModifiedDate" : "2008-09-10T19:20Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0756",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-09/0011.html",
"name" : "20030831 Directory Traversal in SITEBUILDER - v1.4",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Directory traversal vulnerability in sitebuilder.cgi in SiteBuilder 1.4 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the selectedpage parameter."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sitebuilder:sitebuilder:1.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-20T04:00Z",
"lastModifiedDate" : "2008-09-10T19:20Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0757",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-09/0018.html",
"name" : "20030902 IRM 007: The IP addresses of Check Point Firewall-1 internal interfaces may be enumerated using SecuRemote",
"refsource" : "BUGTRAQ",
"tags" : [ "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Check Point FireWall-1 4.0 and 4.1 before SP5 allows remote attackers to obtain the IP addresses of internal interfaces via certain SecuRemote requests to TCP ports 256 or 264, which leaks the IP addresses in a reply packet."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:checkpoint:firewall-1:4.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:checkpoint:firewall-1:4.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-20T04:00Z",
"lastModifiedDate" : "2008-09-05T20:35Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0758",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/8552",
"name" : "8552",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0114.html",
"name" : "20030918 CORE-2003-0531: Multiple IBM DB2 Stack Overflow Vulnerabilities",
"refsource" : "VULNWATCH",
"tags" : [ ]
}, {
"url" : "http://www.ciac.org/ciac/bulletins/n-154.shtml",
"name" : "N-154",
"refsource" : "CIAC",
"tags" : [ ]
}, {
"url" : "http://www.coresecurity.com/common/showdoc.php?idx=366&idxseccion=10",
"name" : "http://www.coresecurity.com/common/showdoc.php?idx=366&idxseccion=10",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106389919618721&w=2",
"name" : "20030918 CORE-2003-0531: Multiple IBM DB2 Stack Overflow Vulnerabilities",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13218",
"name" : "ibm-db2-db2dart-bo(13218)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in db2dart in IBM DB2 Universal Data Base 7.2 before Fixpak 10 allows local users to gain root privileges via a long command line argument."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:db2_universal_database:7.2:*:linux:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-06T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0759",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/8553",
"name" : "8553",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0114.html",
"name" : "20030918 CORE-2003-0531: Multiple IBM DB2 Stack Overflow Vulnerabilities",
"refsource" : "VULNWATCH",
"tags" : [ ]
}, {
"url" : "http://www-3.ibm.com/cgi-bin/db2www/data/db2/udb/winos2unix/support/aparlib.d2w/display_apar_details?aparno=IY47653",
"name" : "IY47653",
"refsource" : "AIXAPAR",
"tags" : [ ]
}, {
"url" : "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2aixv7/FP10a_U495172/FixpakReadme.txt",
"name" : "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2aixv7/FP10a_U495172/FixpakReadme.txt",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.ciac.org/ciac/bulletins/n-154.shtml",
"name" : "N-154",
"refsource" : "CIAC",
"tags" : [ ]
}, {
"url" : "http://www.coresecurity.com/common/showdoc.php?idx=366&idxseccion=10",
"name" : "http://www.coresecurity.com/common/showdoc.php?idx=366&idxseccion=10",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106389919618721&w=2",
"name" : "20030918 CORE-2003-0531: Multiple IBM DB2 Stack Overflow Vulnerabilities",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in db2licm in IBM DB2 Universal Data Base 7.2 before Fixpak 10a allows local users to gain root privileges via a long command line argument."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:db2_universal_database:7.2:*:linux:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-06T04:00Z",
"lastModifiedDate" : "2016-10-18T02:37Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0760",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securiteam.com/windowsntfocus/5RP0N15AUC.html",
"name" : "http://www.securiteam.com/windowsntfocus/5RP0N15AUC.html",
"refsource" : "MISC",
"tags" : [ "Exploit", "Patch" ]
}, {
"url" : "http://www.securityfocus.com/bid/8482",
"name" : "8482",
"refsource" : "BID",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13012",
"name" : "blubster-port701-dos(13012)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Blubster 2.5 allows remote attackers to cause a denial of service (crash) via a flood of connections to UDP port 701."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:optisoft:blubster:2.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-09-17T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0761",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.atstake.com/research/advisories/2003/a090403-1.txt",
"name" : "A090403-1",
"refsource" : "ATSTAKE",
"tags" : [ "Exploit", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in the get_msg_text of chan_sip.c in the Session Initiation Protocol (SIP) protocol implementation for Asterisk releases before August 15, 2003, allows remote attackers to execute arbitrary code via certain (1) MESSAGE or (2) INFO requests."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:digium:asterisk:1.2.13:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-09-17T04:00Z",
"lastModifiedDate" : "2008-09-05T20:35Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0762",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0096.html",
"name" : "20030905 [SCAN Associates Sdn Bhd Security Advisory] Foxweb 2.5 bufferoverflow in CGI and ISAPI extension",
"refsource" : "VULNWATCH",
"tags" : [ "Exploit", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in (1) foxweb.dll and (2) foxweb.exe of Foxweb 2.5 allows remote attackers to execute arbitrary code via a long URL (PATH_INFO value)."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:foxweb:foxweb:2.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-09-17T04:00Z",
"lastModifiedDate" : "2008-09-10T19:20Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0763",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=106312344631197&w=2",
"name" : "20030909 Escapade Scripting Engine XSS Vulnerability and Path Disclosure",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in Escapade Scripting Engine (ESP) allows remote attackers to inject arbitrary script via the method parameter, as demonstrated using the PAGE parameter."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:squished_mosquito:escapade:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-09-17T04:00Z",
"lastModifiedDate" : "2016-10-18T02:37Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0764",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=106312344631197&w=2",
"name" : "20030909 Escapade Scripting Engine XSS Vulnerability and Path Disclosure",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Escapade Scripting Engine (ESP) allows remote attackers to obtain sensitive path information via a malformed request, which leaks the information in an error message, as demonstrated using the PAGE parameter."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:squished_mosquito:escapade:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-09-17T04:00Z",
"lastModifiedDate" : "2016-10-18T02:37Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0765",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=106305643432112&w=2",
"name" : "20030908 Winamp 2.91 lets code execution through MIDI files",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The IN_MIDI.DLL plugin 3.01 and earlier, as used in Winamp 2.91, allows remote attackers to execute arbitrary code via a MIDI file with a large \"Track data size\" value."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:nullsoft:winamp:3.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:nullsoft:winamp:3.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:nullsoft:winamp:2.81:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:nullsoft:winamp:2.91:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-09-17T04:00Z",
"lastModifiedDate" : "2016-10-18T02:37Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0766",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=106305502230604&w=2",
"name" : "20030908 Multiple Heap Overflows in FTP Desktop",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple heap-based buffer overflows in FTP Desktop client 3.5, and possibly earlier versions, allow remote malicious servers to execute arbitrary code via (1) a long FTP banner, (2) a long response to a USER command, or (3) a long response to a PASS command."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ftp_desktop:ftp_desktop:3.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-09-17T04:00Z",
"lastModifiedDate" : "2017-04-29T01:59Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0767",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=106304902323758&w=2",
"name" : "20030908 Rogerwilco: server's buffer overflow",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in RogerWilco graphical server 1.4.1.6 and earlier, dedicated server 0.32a and earlier for Windows, and 0.27 and earlier for Linux and BSD, allows remote attackers to cause a denial of service and execute arbitrary code via a client request with a large length value."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gamespy:roger_wilco_dedicated_server:0.30a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gamespy:roger_wilco_graphical_server:1.4.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gamespy:roger_wilco_dedicated_server:0.26:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gamespy:roger_wilco_dedicated_server:0.27:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gamespy:roger_wilco_graphical_server:1.4.1.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gamespy:roger_wilco_graphical_server:1.4.1.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gamespy:roger_wilco_graphical_server:1.4.1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gamespy:roger_wilco_graphical_server:1.4.1.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gamespy:roger_wilco_dedicated_server:0.28:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gamespy:roger_wilco_dedicated_server:0.29:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gamespy:roger_wilco_graphical_server:1.4.1.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-09-17T04:00Z",
"lastModifiedDate" : "2016-10-18T02:37Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0768",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=106304326916062&w=2",
"name" : "20030908 Advisory: Incorrect Handling of XSS Protection in ASP.Net",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Microsoft ASP.Net 1.1 allows remote attackers to bypass the Cross-Site Scripting (XSS) and Script Injection protection feature via a null character in the beginning of a tag name."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:asp.net:1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 6.8
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-09-22T04:00Z",
"lastModifiedDate" : "2016-10-18T02:37Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0769",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in the ICQ Web Front guestbook (guestbook.html) allows remote attackers to insert arbitrary web script and HTML via the message field."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2003a_build3777:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2003a_build3799:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mirabilis:icq:2003a_build3800:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-09-22T04:00Z",
"lastModifiedDate" : "2008-09-10T19:20Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0770",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/317234",
"name" : "20030401 IkonBoard v3.1.1: arbitrary command execution",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/archive/1/336598",
"name" : "20030908 IkonBoard 3.1.2a arbitrary command execution",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106381136115972&w=2",
"name" : "20030917 Exploit: IkonBoard 3.1.1/3.1.2a arbitrary command execution",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "FUNC.pm in IkonBoard 3.1.2a and earlier, including 3.1.1, does not properly cleanse the \"lang\" cookie when it contains illegal characters, which allows remote attackers to execute arbitrary code when the cookie is inserted into a Perl \"eval\" statement."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ikonboard.com:ikonboard:3.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ikonboard.com:ikonboard:3.1.2a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-09-22T04:00Z",
"lastModifiedDate" : "2016-10-18T02:37Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0771",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=106304236914921&w=2",
"name" : "20030907 Apache::Gallery local webserver compromise, privilege escalation",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary filenames when running Inline::C, which allows local users to execute arbitrary code by creating and modifying the files before Apache::Gallery does."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache_gallery:apache_gallery:0.4.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache_gallery:apache_gallery:0.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache_gallery:apache_gallery:0.5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache_gallery:apache_gallery:0.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache_gallery:apache_gallery:0.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-09-22T04:00Z",
"lastModifiedDate" : "2016-10-18T02:37Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0772",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/8542",
"name" : "8542",
"refsource" : "BID",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/219140",
"name" : "VU#219140",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/792284",
"name" : "VU#792284",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://secunia.com/advisories/9671",
"name" : "9671",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106288825902868&w=2",
"name" : "20030906 Remote and Local Vulnerabilities In WS_FTP Server",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13119",
"name" : "wsftp-ftp-command-bo(13119)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple buffer overflows in WS_FTP 3 and 4 allow remote authenticated users to cause a denial of service and possibly execute arbitrary code via long (1) APPE (append) or (2) STAT (status) arguments."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:progress:ipswitch_ws_ftp_server:3.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ipswitch:ws_ftp_server:4.01:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-09-22T04:00Z",
"lastModifiedDate" : "2019-08-13T14:39Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0773",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/8595",
"name" : "8595",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-278.html",
"name" : "RHSA-2003:278",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-285.html",
"name" : "RHSA-2003:285",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.novell.com/linux/security/advisories/2003_046_sane.html",
"name" : "SuSE-SA:2003:046",
"refsource" : "SUSE",
"tags" : [ ]
}, {
"url" : "ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-005.0/CSSA-2004-005.0.txt",
"name" : "CSSA-2004-005.0",
"refsource" : "SCO",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:099",
"name" : "MDKSA-2003:099",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/8593",
"name" : "8593",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-379",
"name" : "DSA-379",
"refsource" : "DEBIAN",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "saned in sane-backends 1.0.7 and earlier does not check the IP address of the connecting host during the SANE_NET_INIT RPC call, which allows remote attackers to use that call even if they are restricted in saned.conf."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.7_beta1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.7_beta2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sane:sane-backend:1.0.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-09-22T04:00Z",
"lastModifiedDate" : "2013-08-23T04:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0774",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-379",
"name" : "DSA-379",
"refsource" : "DEBIAN",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-278.html",
"name" : "RHSA-2003:278",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-285.html",
"name" : "RHSA-2003:285",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.novell.com/linux/security/advisories/2003_046_sane.html",
"name" : "SuSE-SA:2003:046",
"refsource" : "SUSE",
"tags" : [ ]
}, {
"url" : "ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-005.0/CSSA-2004-005.0.txt",
"name" : "CSSA-2004-005.0",
"refsource" : "SCO",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:099",
"name" : "MDKSA-2003:099",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/8593",
"name" : "8593",
"refsource" : "BID",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "saned in sane-backends 1.0.7 and earlier does not quickly handle connection drops, which allows remote attackers to cause a denial of service (segmentation fault) when invalid memory is accessed."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.7_beta1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.7_beta2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sane:sane-backend:1.0.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-09-22T04:00Z",
"lastModifiedDate" : "2008-09-10T19:20Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0775",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-379",
"name" : "DSA-379",
"refsource" : "DEBIAN",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/8600",
"name" : "8600",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-278.html",
"name" : "RHSA-2003:278",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-285.html",
"name" : "RHSA-2003:285",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.novell.com/linux/security/advisories/2003_046_sane.html",
"name" : "SuSE-SA:2003:046",
"refsource" : "SUSE",
"tags" : [ ]
}, {
"url" : "ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-005.0/CSSA-2004-005.0.txt",
"name" : "CSSA-2004-005.0",
"refsource" : "SCO",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:099",
"name" : "MDKSA-2003:099",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/8593",
"name" : "8593",
"refsource" : "BID",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "saned in sane-backends 1.0.7 and earlier calls malloc with an arbitrary size value if a connection is dropped before the size value has been sent, which allows remote attackers to cause a denial of service (memory consumption or crash)."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sane:sane-backend:1.0.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.7_beta1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.7_beta2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-09-22T04:00Z",
"lastModifiedDate" : "2008-09-10T19:20Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0776",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-379",
"name" : "DSA-379",
"refsource" : "DEBIAN",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-278.html",
"name" : "RHSA-2003:278",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-285.html",
"name" : "RHSA-2003:285",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.novell.com/linux/security/advisories/2003_046_sane.html",
"name" : "SuSE-SA:2003:046",
"refsource" : "SUSE",
"tags" : [ ]
}, {
"url" : "ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-005.0/CSSA-2004-005.0.txt",
"name" : "CSSA-2004-005.0",
"refsource" : "SCO",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:099",
"name" : "MDKSA-2003:099",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/8593",
"name" : "8593",
"refsource" : "BID",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "saned in sane-backends 1.0.7 and earlier does not properly \"check the validity of the RPC numbers it gets before getting the parameters,\" with unknown consequences."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sane:sane-backend:1.0.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.7_beta1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.7_beta2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-09-22T04:00Z",
"lastModifiedDate" : "2008-09-10T19:20Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0777",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-379",
"name" : "DSA-379",
"refsource" : "DEBIAN",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-278.html",
"name" : "RHSA-2003:278",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-285.html",
"name" : "RHSA-2003:285",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.novell.com/linux/security/advisories/2003_046_sane.html",
"name" : "SuSE-SA:2003:046",
"refsource" : "SUSE",
"tags" : [ ]
}, {
"url" : "ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-005.0/CSSA-2004-005.0.txt",
"name" : "CSSA-2004-005.0",
"refsource" : "SCO",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:099",
"name" : "MDKSA-2003:099",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/8597",
"name" : "8597",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/8593",
"name" : "8593",
"refsource" : "BID",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "saned in sane-backends 1.0.7 and earlier, when debug messages are enabled, does not properly handle dropped connections, which can prevent strings from being null terminated and cause a denial of service (segmentation fault)."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sane:sane-backend:1.0.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.7_beta1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.7_beta2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-09-22T04:00Z",
"lastModifiedDate" : "2008-09-10T19:20Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0778",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-379",
"name" : "DSA-379",
"refsource" : "DEBIAN",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-278.html",
"name" : "RHSA-2003:278",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-285.html",
"name" : "RHSA-2003:285",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.novell.com/linux/security/advisories/2003_046_sane.html",
"name" : "SuSE-SA:2003:046",
"refsource" : "SUSE",
"tags" : [ ]
}, {
"url" : "ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-005.0/CSSA-2004-005.0.txt",
"name" : "CSSA-2004-005.0",
"refsource" : "SCO",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:099",
"name" : "MDKSA-2003:099",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/8596",
"name" : "8596",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/8593",
"name" : "8593",
"refsource" : "BID",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "saned in sane-backends 1.0.7 and earlier, and possibly later versions, does not properly allocate memory in certain cases, which could allow attackers to cause a denial of service (memory consumption)."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.7_beta2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sane:sane-backend:1.0.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sane:sane:1.0.7_beta1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-09-22T04:00Z",
"lastModifiedDate" : "2008-09-10T19:20Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0779",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.atstake.com/research/advisories/2003/a091103-1.txt",
"name" : "A091103-1",
"refsource" : "ATSTAKE",
"tags" : [ "Exploit", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "SQL injection vulnerability in the Call Detail Record (CDR) logging functionality for Asterisk allows remote attackers to execute arbitrary SQL via a CallerID string."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:digium:asterisk:0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:digium:asterisk:0.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:digium:asterisk:0.1.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:digium:asterisk:0.1.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:digium:asterisk:0.1.9.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:digium:asterisk:0.1.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:digium:asterisk:0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-09-22T04:00Z",
"lastModifiedDate" : "2008-09-10T19:20Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0780",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/337012",
"name" : "20030910 Buffer overflow in MySQL",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-381",
"name" : "DSA-381",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-281.html",
"name" : "RHSA-2003:281",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009819.html",
"name" : "20030910 Buffer overflow in MySQL",
"refsource" : "FULLDISC",
"tags" : [ ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000743",
"name" : "CLA-2003:743",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-282.html",
"name" : "RHSA-2003:282",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/516492",
"name" : "VU#516492",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://secunia.com/advisories/9709",
"name" : "9709",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:094",
"name" : "MDKSA-2003:094",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106381424420775&w=2",
"name" : "2003-0034",
"refsource" : "TRUSTIX",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106364207129993&w=2",
"name" : "20030913 exploit for mysql -- [get_salt_from_password] problem",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in get_salt_from_password from sql_acl.cc for MySQL 4.0.14 and earlier, and 3.23.x, allows attackers with ALTER TABLE privileges to execute arbitrary code via a long Password field."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.25:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.26:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.32:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.33:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.40:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.41:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.48:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.49:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.54a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.55:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:4.0.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mysql:mysql:4.1.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.22:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.28:gamma:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.29:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.37:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.38:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.44:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.45:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.52:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.53:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:4.0.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:4.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:4.0.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:4.0.5a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:4.0.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:4.0.8:gamma:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:4.0.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:4.0.11:gamma:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:4.0.14:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:conectiva:linux:9.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:conectiva:linux:8.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:conectiva:linux:7.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.23:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.24:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.27:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.28:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.30:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.31:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.34:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.36:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.39:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.42:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.43:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.46:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.47:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.50:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.51:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.53a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.54:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.56:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:4.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:4.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:4.0.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:4.0.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:4.0.7:gamma:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:4.0.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:4.0.9:gamma:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:4.0.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:4.0.12:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:4.0.13:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:4.1.0:alpha:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "SINGLE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 9.0
},
"severity" : "HIGH",
"exploitabilityScore" : 8.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-09-22T04:00Z",
"lastModifiedDate" : "2019-12-17T17:11Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0781",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2004/dsa-467",
"name" : "DSA-467",
"refsource" : "DEBIAN",
"tags" : [ "Patch" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12929",
"name" : "ecartis-subscribe-password-disclosure(12929)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unknown vulnerability in ecartis before 1.0.0 does not properly validate user input, which allows attackers to obtain mailing list passwords."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ecartis:ecartis:1.0.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-05-04T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0782",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2004/dsa-467",
"name" : "DSA-467",
"refsource" : "DEBIAN",
"tags" : [ "Patch" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12928",
"name" : "ecartis-multiple-bo(12928)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple buffer overflows in ecartis before 1.0.0 allow attackers to cause a denial of service and possibly execute arbitrary code."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ecartis:ecartis:1.0.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-05-04T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0783",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-385",
"name" : "DSA-385",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/8656",
"name" : "8656",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.osvdb.org/7119",
"name" : "7119",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://securitytracker.com/id?1007756",
"name" : "1007756",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://securitytracker.com/id?1007757",
"name" : "1007757",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/9792",
"name" : "9792",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106424495804417&w=2",
"name" : "20030921 Fw: 0x333hztty => hztty 2.0 local root exploit",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13243",
"name" : "hztty-bo(13243)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple buffer overflows in hztty 2.0 allow local users to gain root privileges."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:yongguang_zhang:hztty:2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-06T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0784",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=IY47764&apar=only",
"name" : "IY47764",
"refsource" : "AIXAPAR",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Format string vulnerability in tsm for the bos.rte.security fileset on AIX 5.2 allows remote attackers to gain root privileges via login, and local users to gain privileges via login, su, or passwd, with a username that contains format string specifiers."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:ibm:aix:4.3.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:ibm:aix:5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-06T04:00Z",
"lastModifiedDate" : "2008-09-10T19:20Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0785",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-389",
"name" : "DSA-389",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "ipmasq before 3.5.12, in certain configurations, may forward packets to the external interface even if the packets are not associated with an established connection, which could allow remote attackers to bypass intended filtering."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:brian_bassett:ipmasq:3.5.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-06T04:00Z",
"lastModifiedDate" : "2008-09-10T19:20Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0786",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010812.html",
"name" : "20030924 [OpenPKG-SA-2003.042] OpenPKG Security Advisory (openssh)",
"refsource" : "FULLDISC",
"tags" : [ ]
}, {
"url" : "http://www.openssh.com/txt/sshpam.adv",
"name" : "http://www.openssh.com/txt/sshpam.adv",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/602204",
"name" : "VU#602204",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://www.securityfocus.com/archive/1/338617",
"name" : "20030923 Multiple PAM vulnerabilities in portable OpenSSH",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/338616",
"name" : "20030923 Portable OpenSSH 3.7.1p2 released",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/8677",
"name" : "8677",
"refsource" : "BID",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and 3.7.1p1, when Privilege Separation is disabled, does not check the result of the authentication attempt, which can allow remote attackers to gain privileges."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openbsd:openssh:3.7.1p1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openbsd:openssh:3.7.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-17T05:00Z",
"lastModifiedDate" : "2008-09-10T19:20Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0787",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010812.html",
"name" : "20030924 [OpenPKG-SA-2003.042] OpenPKG Security Advisory (openssh)",
"refsource" : "FULLDISC",
"tags" : [ ]
}, {
"url" : "http://www.openssh.com/txt/sshpam.adv",
"name" : "http://www.openssh.com/txt/sshpam.adv",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/209807",
"name" : "VU#209807",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://www.securityfocus.com/archive/1/338617",
"name" : "20030923 Multiple PAM vulnerabilities in portable OpenSSH",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/338616",
"name" : "20030923 Portable OpenSSH 3.7.1p2 released",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/8677",
"name" : "8677",
"refsource" : "BID",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets an array of structures as an array of pointers, which allows attackers to modify the stack and possibly gain privileges."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openbsd:openssh:3.7.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openbsd:openssh:3.7.1p1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-17T05:00Z",
"lastModifiedDate" : "2008-09-10T19:20Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0788",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-275.html",
"name" : "RHSA-2003:275",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/8952",
"name" : "8952",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=97958",
"name" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=97958",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:104",
"name" : "MDKSA-2003:104",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://www.turbolinux.com/security/TLSA-2003-63.txt",
"name" : "TLSA-2003-63",
"refsource" : "TURBO",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10123",
"name" : "10123",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000788",
"name" : "CLA-2003:788",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000779",
"name" : "CLA-2003:779",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13584",
"name" : "cups-ipp-dos(13584)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unknown vulnerability in the Internet Printing Protocol (IPP) implementation in CUPS before 1.1.19 allows remote attackers to cause a denial of service (CPU consumption from a \"busy loop\") via certain inputs to the IPP port (TCP 631)."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:easy_software_products:cups:1.0.4_8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:easy_software_products:cups:1.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:easy_software_products:cups:1.1.17:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:easy_software_products:cups:1.1.18:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:easy_software_products:cups:1.1.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:easy_software_products:cups:1.1.12:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:easy_software_products:cups:1.1.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:easy_software_products:cups:1.1.4_2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:easy_software_products:cups:1.0.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:easy_software_products:cups:1.1.15:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:easy_software_products:cups:1.1.16:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:easy_software_products:cups:1.1.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:easy_software_products:cups:1.1.13:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:easy_software_products:cups:1.1.4_3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:easy_software_products:cups:1.1.4_5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:easy_software_products:cups:1.1.14:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:easy_software_products:cups:1.1.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-01T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0789",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://apache.secsup.org/dist/httpd/Announcement2.html",
"name" : "http://apache.secsup.org/dist/httpd/Announcement2.html",
"refsource" : "CONFIRM",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-320.html",
"name" : "RHSA-2003:320",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://lists.apple.com/mhonarc/security-announce/msg00045.html",
"name" : "http://lists.apple.com/mhonarc/security-announce/msg00045.html",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000775",
"name" : "CLA-2003:775",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://security.gentoo.org/glsa/glsa-200310-04.xml",
"name" : "200310-04",
"refsource" : "GENTOO",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/advisories/6079",
"name" : "HPSBUX0311-301",
"refsource" : "HP",
"tags" : [ ]
}, {
"url" : "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:103",
"name" : "MDKSA-2003:103",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://www.ciac.org/ciac/bulletins/o-015.shtml",
"name" : "O-015",
"refsource" : "CIAC",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/8926",
"name" : "8926",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/9504",
"name" : "9504",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://lists.apple.com/archives/security-announce/2004/Jan/msg00000.html",
"name" : "APPLE-SA-2004-01-26",
"refsource" : "APPLE",
"tags" : [ ]
}, {
"url" : "http://docs.info.apple.com/article.html?artnum=61798",
"name" : "http://docs.info.apple.com/article.html?artnum=61798",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106761802305141&w=2",
"name" : "20031031 GLSA: apache (200310-04)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13552",
"name" : "apache-modcgi-info-disclosure(13552)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r7035b7c9091c4b665a3b7205364775410646f12125d48e74e395f2ce@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1888194 [2/13] - /httpd/site/trunk/content/security/json/",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/re028d61fe612b0908595d658b9b39e74bca56f2a1ed3c5f06b5ab571@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073139 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/raa117ef183f0da9b3f46efbeaa66f7622bd68868a450cae4fd8ed594@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073149 [3/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "2.0.48",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-03T05:00Z",
"lastModifiedDate" : "2021-06-06T11:15Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0790",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ ]
} ]
},
"references" : {
"reference_data" : [ ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: the reported issue is not a vulnerability or exposure. Notes: This candidate was assigned to a \"head-reading\" bug in a component of fetchmail 6.2.4 and earlier, which was claimed to allow a denial of service. However, the bug is in a broken component of fetchmail that is not \"reachable\" by any execution path, so it cannot be triggered by any sort of attack and is not exploitable."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ ]
},
"impact" : { },
"publishedDate" : "2003-11-17T05:00Z",
"lastModifiedDate" : "2008-09-10T19:20Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0791",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=221526",
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=221526",
"refsource" : "MISC",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://secunia.com/advisories/11103/",
"name" : "11103",
"refsource" : "SECUNIA",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/advisories/6979",
"name" : "SCOSA-2004.8",
"refsource" : "SCO",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/9322",
"name" : "9322",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.osvdb.org/8390",
"name" : "8390",
"refsource" : "OSVDB",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:021",
"name" : "MDKSA-2004:021",
"refsource" : "MANDRAKE",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and earlier allows attackers to execute native methods by modifying the string used as input to the script.thaw JavaScript function, which is then deserialized and executed."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:0.9.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:0.9.48:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:1.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:1.0:rc1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:1.2:alpha:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:0.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:0.9.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:0.9.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:0.9.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:1.0:rc2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:0.9.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:0.9.35:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:1.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:0.9.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:1.1:beta:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:1.4:beta:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:1.2:beta:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:1.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:0.9.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:0.9.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:1.1:alpha:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:0.9.4.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:1.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:1.3.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:0.9.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sco:openserver:5.0.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-07T04:00Z",
"lastModifiedDate" : "2008-09-10T19:20Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0792",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-399"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/8843",
"name" : "8843",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://security.gentoo.org/glsa/glsa-200403-10.xml",
"name" : "GLSA-200403-10",
"refsource" : "GENTOO",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-004.0/CSSA-2004-004.0.txt",
"name" : "CSSA-2004-004.0",
"refsource" : "SCO",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/advisories/5987",
"name" : "IMNX-2003-7+-023-01",
"refsource" : "IMMUNIX",
"tags" : [ ]
}, {
"url" : "http://www.turbolinux.com/security/TLSA-2003-61.txt",
"name" : "TLSA-2003-61",
"refsource" : "TURBO",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:101",
"name" : "MDKSA-2003:101",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=107731542827401&w=2",
"name" : "20040220 LNSA-#2004-0002: Fetchmail 6.2.4 and earlier remote denial of service",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13450",
"name" : "fetchmail-email-dos(13450)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Fetchmail 6.2.4 and earlier does not properly allocate memory for long lines, which allows remote attackers to cause a denial of service (crash) via a certain email."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:6.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:6.2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.9.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.9.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.8.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.5.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.3.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.2.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.0.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:4.7.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.4.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:4.5.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.0.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:6.0.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.2.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:4.6.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.7.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.0.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.8.14:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:4.5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:6.1.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:4.6.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:4.7.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.7.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.2.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.8.13:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "6.2.4",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.0.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:4.6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.0.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.4.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:4.7.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.4.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.8.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.9.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.8.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:4.6.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.9.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.5.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.8.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:4.6.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.8.17:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.4.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.3.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.9.13:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:4.5.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.0.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.8.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:4.5.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.9.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.9.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.8.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:4.5.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.5.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.1.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:6.2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:4.6.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.3.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.3.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:4.7.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.1.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:4.6.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:6.1.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:4.5.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:4.7.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:4.7.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.5.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:6.2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:4.6.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:4.7.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:4.7.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:4.6.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.8.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:4.5.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:4.5.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:4.6.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fetchmail:fetchmail:5.7.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-17T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0793",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/8846",
"name" : "8846",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000766",
"name" : "CLA-2003:766",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS&rev=&root=/cvs/gnome",
"name" : "http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS&rev=&root=/cvs/gnome",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:100",
"name" : "MDKSA-2003:100",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13447",
"name" : "gdm-dos(13447)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not restrict the size of input, which allows attackers to cause a denial of service (memory consumption)."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnome:gdm:2.4.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnome:gdm:2.4.1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnome:gdm:2.2.5.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnome:gdm:2.4.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnome:gdm:2.4.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnome:gdm:2.4.1.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnome:gdm:2.4.1.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnome:gdm:2.4.1.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnome:gdm:2.4.1.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 2.1
},
"severity" : "LOW",
"exploitabilityScore" : 3.9,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-17T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0794",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/8846",
"name" : "8846",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000766",
"name" : "CLA-2003:766",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS&rev=&root=/cvs/gnome",
"name" : "http://cvs.gnome.org/bonsai/cvsblame.cgi?file=gdm2/NEWS&rev=&root=/cvs/gnome",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:100",
"name" : "MDKSA-2003:100",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13448",
"name" : "gdm-command-dos(13448)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not limit the number or duration of commands and uses a blocking socket connection, which allows attackers to cause a denial of service (resource exhaustion) by sending commands and not reading the results."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnome:gdm:2.2.5.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnome:gdm:2.4.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnome:gdm:2.4.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnome:gdm:2.4.1.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnome:gdm:2.4.1.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnome:gdm:2.4.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnome:gdm:2.4.1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnome:gdm:2.4.1.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnome:gdm:2.4.1.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 2.1
},
"severity" : "LOW",
"exploitabilityScore" : 3.9,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-17T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0795",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-20"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-305.html",
"name" : "RHSA-2003:305",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-307.html",
"name" : "RHSA-2003:307",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.debian.org/security/2004/dsa-415",
"name" : "DSA-415",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://secunia.com/advisories/10563",
"name" : "10563",
"refsource" : "SECUNIA",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106883387304266&w=2",
"name" : "20031114 Quagga remote vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, does not verify that sub-negotiation is taking place when processing the SE marker, which allows remote attackers to cause a denial of service (crash) via a malformed telnet command to the telnet CLI port, which may trigger a null dereference."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:zebra:0.92a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:zebra:0.93a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:quagga:quagga:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "0.96.3",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:quagga:quagga:0.95:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sgi:propack:2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:quagga:quagga:0.96.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:zebra:0.93b:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sgi:propack:2.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:zebra:0.91a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:quagga:quagga:0.96.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:quagga:quagga:0.96:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-15T05:00Z",
"lastModifiedDate" : "2016-10-18T02:37Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0796",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/9085",
"name" : "9085",
"refsource" : "BID",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20031102-01-P.asc",
"name" : "20031102-01-P",
"refsource" : "SGI",
"tags" : [ ]
}, {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20031102-02-P.asc",
"name" : "20031102-02-P",
"refsource" : "SGI",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13807",
"name" : "rpcmountd-mount-gain-access(13807)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unknown vulnerability in rpc.mountd SGI IRIX 6.5.18 through 6.5.22 allows remote attackers to mount from unprivileged ports even with the -n option disabled."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.15:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.16:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.20f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.13:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.14:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.19f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.19m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.17f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.12:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.18f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.21f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.21m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.17m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.20m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.18m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.22:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-03-29T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0797",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/9084",
"name" : "9084",
"refsource" : "BID",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20031102-01-P.asc",
"name" : "20031102-01-P",
"refsource" : "SGI",
"tags" : [ ]
}, {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20031102-02-P.asc",
"name" : "20031102-02-P",
"refsource" : "SGI",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/8520",
"name" : "8520",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13808",
"name" : "rpcmountd-dos(13808)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unknown vulnerability in rpc.mountd in SGI IRIX 6.5 through 6.5.22 allows remote attackers to cause a denial of service (process death) via unknown attack vectors."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.12:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.18:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.18f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.20m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.21:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.17f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.17m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.19f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.21f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.21m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.19:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.20:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.15:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.14:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.19m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.20f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.18m:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.22:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.13:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sgi:irix:6.5.16:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-03-29T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0798",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ ]
} ]
},
"references" : {
"reference_data" : [ ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ ]
},
"impact" : { },
"publishedDate" : "2017-05-11T14:29Z",
"lastModifiedDate" : "2017-05-11T14:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0799",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ ]
} ]
},
"references" : {
"reference_data" : [ ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ ]
},
"impact" : { },
"publishedDate" : "2017-05-11T14:29Z",
"lastModifiedDate" : "2017-05-11T14:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0800",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ ]
} ]
},
"references" : {
"reference_data" : [ ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ ]
},
"impact" : { },
"publishedDate" : "2017-05-11T14:29Z",
"lastModifiedDate" : "2017-05-11T14:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0801",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-79"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.atstake.com/research/advisories/2003/a091503-1.txt",
"name" : "A091503-1",
"refsource" : "ATSTAKE",
"tags" : [ "Exploit", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in Nokia Electronic Documentation (NED) 5.0 allows remote attackers to execute arbitrary web script and steal cookies via a URL to the docs/ directory that contains the script."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:nokia:electronic_documentation:5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : true
}
},
"publishedDate" : "2003-10-06T04:00Z",
"lastModifiedDate" : "2008-09-10T19:20Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0802",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.atstake.com/research/advisories/2003/a091503-1.txt",
"name" : "A091503-1",
"refsource" : "ATSTAKE",
"tags" : [ "Exploit", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Nokia Electronic Documentation (NED) 5.0 allows remote attackers to obtain a directory listing of the WebLogic web root, and the physical path of the NED server, via a \"retrieve\" action with a location parameter of . (dot)."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:nokia:electronic_documentation:5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-06T04:00Z",
"lastModifiedDate" : "2008-09-10T19:20Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0803",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.atstake.com/research/advisories/2003/a091503-1.txt",
"name" : "A091503-1",
"refsource" : "ATSTAKE",
"tags" : [ "Exploit", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Nokia Electronic Documentation (NED) 5.0 allows remote attackers to use NED as an open HTTP proxy via a URL in the location parameter, which NED accesses and returns to the user."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:nokia:electronic_documentation:5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-06T04:00Z",
"lastModifiedDate" : "2008-09-10T19:20Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0804",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:14.arp.asc",
"name" : "FreeBSD-SA-03:14",
"refsource" : "FREEBSD",
"tags" : [ ]
}, {
"url" : "http://docs.info.apple.com/article.html?artnum=61798",
"name" : "http://docs.info.apple.com/article.html?artnum=61798",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20040502-01-P.asc",
"name" : "20040502-01-P",
"refsource" : "SGI",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The arplookup function in FreeBSD 5.1 and earlier, Mac OS X before 10.2.8, and possibly other BSD-based systems, allows remote attackers on a local subnet to cause a denial of service (resource starvation and panic) via a flood of spoofed ARP requests."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:3.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:3.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:3.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.9:pre-release:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.6.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-17T05:00Z",
"lastModifiedDate" : "2008-09-10T19:20Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0805",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-387",
"name" : "DSA-387",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105804485302211&w=2",
"name" : "20030712 UMN gopherd[2.x.x/3.x.x]: ftp gateway, and GSisText() buffer",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106123498310717&w=2",
"name" : "20030818 FW: [gopher] UMN Gopher 3.0.6 released",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple buffer overflows in UMN gopher daemon (gopherd) 2.x and 3.x before 3.0.6 allows attackers to execute arbitrary code via (1) a long filename as a result of a LIST command, and (2) the GSisText function, which calculates the view-type."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:university_of_minnesota:gopherd:3.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:university_of_minnesota:gopherd:3.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:university_of_minnesota:gopherd:2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:university_of_minnesota:gopherd:2.3.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:university_of_minnesota:gopherd:2.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:university_of_minnesota:gopherd:2.0.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:university_of_minnesota:gopherd:3.0.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:university_of_minnesota:gopherd:3.0.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:university_of_minnesota:gopherd:3.0.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:university_of_minnesota:gopherd:3.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-06T04:00Z",
"lastModifiedDate" : "2016-10-18T02:37Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0806",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.us-cert.gov/cas/techalerts/TA04-104A.html",
"name" : "TA04-104A",
"refsource" : "CERT",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/471260",
"name" : "VU#471260",
"refsource" : "CERT-VN",
"tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.ciac.org/ciac/bulletins/o-114.shtml",
"name" : "O-114",
"refsource" : "CIAC",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/10126",
"name" : "10126",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15702",
"name" : "win-winlogon-bo(15702)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A896",
"name" : "oval:org.mitre.oval:def:896",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A895",
"name" : "oval:org.mitre.oval:def:895",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1054",
"name" : "oval:org.mitre.oval:def:1054",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-011",
"name" : "MS04-011",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in the Windows logon process (winlogon) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1, when a member of a domain, allows remote attackers to execute arbitrary code."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:fr:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-06-01T04:00Z",
"lastModifiedDate" : "2018-10-12T21:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0807",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.us-cert.gov/cas/techalerts/TA04-104A.html",
"name" : "TA04-104A",
"refsource" : "CERT",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/698564",
"name" : "VU#698564",
"refsource" : "CERT-VN",
"tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.ciac.org/ciac/bulletins/o-115.shtml",
"name" : "O-115",
"refsource" : "CIAC",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/10123",
"name" : "10123",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://securitytracker.com/alerts/2004/Apr/1009762.html",
"name" : "1009762",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15709",
"name" : "win-cis-rpc-http-dos(15709)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A995",
"name" : "oval:org.mitre.oval:def:995",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A969",
"name" : "oval:org.mitre.oval:def:969",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1030",
"name" : "oval:org.mitre.oval:def:1030",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-012",
"name" : "MS04-012",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in the COM Internet Services and in the RPC over HTTP Proxy components for Microsoft Windows NT Server 4.0, NT 4.0 Terminal Server Edition, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service via a crafted request."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:gold:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-06-01T04:00Z",
"lastModifiedDate" : "2018-10-12T21:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0809",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/8565",
"name" : "8565",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.osvdb.org/7887",
"name" : "7887",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13300",
"name" : "ie-xmlobject-code-execution(13300)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A123",
"name" : "oval:org.mitre.oval:def:123",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-040",
"name" : "MS03-040",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Internet Explorer 5.01 through 6.0 does not properly handle object tags returned from a Web server during XML data binding, which allows remote attackers to execute arbitrary code via an HTML e-mail message or web page."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-17T05:00Z",
"lastModifiedDate" : "2018-10-12T21:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0812",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.kb.cert.org/vuls/id/567620",
"name" : "VU#567620",
"refsource" : "CERT-VN",
"tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.securityfocus.com/bid/9011",
"name" : "9011",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.cisco.com/warp/public/707/cisco-sa-20040129-ms03-049.shtml",
"name" : "20040129 Buffer Overrun in Microsoft Windows 2000 Workstation Service (MS03-049)",
"refsource" : "CISCO",
"tags" : [ ]
}, {
"url" : "http://www.cert.org/advisories/CA-2003-28.html",
"name" : "CA-2003-28",
"refsource" : "CERT",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106859247713009&w=2",
"name" : "20031111 EEYE: Windows Workstation Service Remote Buffer Overflow",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106865197102041&w=2",
"name" : "20031112 Proof of concept for Windows Workstation Service overflow",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A575",
"name" : "oval:org.mitre.oval:def:575",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A331",
"name" : "oval:org.mitre.oval:def:331",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-049",
"name" : "MS03-049",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Stack-based buffer overflow in a logging function for Windows Workstation Service (WKSSVC.DLL) allows remote attackers to execute arbitrary code via RPC calls that cause long entries to be written to a debug log file (\"NetSetup.LOG\"), as demonstrated using the NetAddAlternateComputerName API."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:*:media_center:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-15T05:00Z",
"lastModifiedDate" : "2019-04-30T14:27Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0813",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.kb.cert.org/vuls/id/547820",
"name" : "VU#547820",
"refsource" : "CERT-VN",
"tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://xforce.iss.net/xforce/alerts/id/155",
"name" : "20031014 Microsoft RPC Race Condition Denial of Service",
"refsource" : "ISS",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/011870.html",
"name" : "20031010 Re : [VERY] BAD news on RPC DCOM Exploit",
"refsource" : "FULLDISC",
"tags" : [ ]
}, {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/011886.html",
"name" : "20031010 Re: Bad news on RPC DCOM vulnerability",
"refsource" : "FULLDISC",
"tags" : [ ]
}, {
"url" : "http://www.securitylab.ru/_exploits/rpc2.c.txt",
"name" : "http://www.securitylab.ru/_exploits/rpc2.c.txt",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/011901.html",
"name" : "20031011 Bad news on RPC DCOM2 vulnerability",
"refsource" : "FULLDISC",
"tags" : [ ]
}, {
"url" : "http://www.us-cert.gov/cas/techalerts/TA04-104A.html",
"name" : "TA04-104A",
"refsource" : "CERT",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://www.securityfocus.com/bid/8811",
"name" : "8811",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106579825211708&w=2",
"name" : "20031010 Bad news on RPC DCOM vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106588827513795&w=2",
"name" : "20031011 RE: Bad news on RPC DCOM vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=ntbugtraq&m=106580303918155&w=2",
"name" : "20031010 Bad news on RPC DCOM vulnerability",
"refsource" : "NTBUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A900",
"name" : "oval:org.mitre.oval:def:900",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A894",
"name" : "oval:org.mitre.oval:def:894",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A893",
"name" : "oval:org.mitre.oval:def:893",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-012",
"name" : "MS04-012",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "A multi-threaded race condition in the Windows RPC DCOM functionality with the MS03-039 patch installed allows remote attackers to cause a denial of service (crash or reboot) by causing two threads to process the same RPC request, which causes one thread to use memory after it has been freed, a different vulnerability than CVE-2003-0352 (Blaster/Nachi), CVE-2003-0715, and CVE-2003-0528, and as demonstrated by certain exploits against those vulnerabilities."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:r2:*:64-bit:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:*:embedded:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:sp1:embedded:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "HIGH",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.1
},
"severity" : "MEDIUM",
"exploitabilityScore" : 4.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-17T05:00Z",
"lastModifiedDate" : "2019-04-30T14:27Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0814",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.kb.cert.org/vuls/id/326412",
"name" : "VU#326412",
"refsource" : "CERT-VN",
"tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.securityfocus.com/archive/1/337086",
"name" : "20030911 LiuDieYu's missing files are here.",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.safecenter.net/liudieyu/BodyRefreshLoadsJPU/BodyRefreshLoadsJPU-Content.htm",
"name" : "http://www.safecenter.net/liudieyu/BodyRefreshLoadsJPU/BodyRefreshLoadsJPU-Content.htm",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0177.html",
"name" : "20030910 MSIE->BodyRefreshLoadsJPU:refresh is a new navigation method",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://securitytracker.com/id?1007687",
"name" : "1007687",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10192",
"name" : "10192",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A392",
"name" : "oval:org.mitre.oval:def:392",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A349",
"name" : "oval:org.mitre.oval:def:349",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A344",
"name" : "oval:org.mitre.oval:def:344",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A343",
"name" : "oval:org.mitre.oval:def:343",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A342",
"name" : "oval:org.mitre.oval:def:342",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A341",
"name" : "oval:org.mitre.oval:def:341",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A335",
"name" : "oval:org.mitre.oval:def:335",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048",
"name" : "MS03-048",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's \"href\" to the malicious Javascript, then calling execCommand(\"Refresh\") to refresh the page, aka BodyRefreshLoadsJPU or the \"ExecCommand Cross Domain\" vulnerability."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-02-03T05:00Z",
"lastModifiedDate" : "2018-10-12T21:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0815",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/9014",
"name" : "9014",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/archive/1/337086",
"name" : "20030911 LiuDieYu's missing files are here.",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.safecenter.net/UMBRELLAWEBV4/LinkillerSaveRef/LinkillerSaveRef-Content.HTM",
"name" : "http://www.safecenter.net/UMBRELLAWEBV4/LinkillerSaveRef/LinkillerSaveRef-Content.HTM",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.safecenter.net/UMBRELLAWEBV4/LinkillerJPU/LinkillerJPU-Content.HTM",
"name" : "http://www.safecenter.net/UMBRELLAWEBV4/LinkillerJPU/LinkillerJPU-Content.HTM",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.safecenter.net/UMBRELLAWEBV4/Linkiller/Linkiller-Content.HTM",
"name" : "http://www.safecenter.net/UMBRELLAWEBV4/Linkiller/Linkiller-Content.HTM",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0150.html",
"name" : "20030910 MSIE->LinkillerSaveRef:another caller-based authorization",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.ciac.org/ciac/bulletins/o-021.shtml",
"name" : "O-021",
"refsource" : "CIAC",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/7888",
"name" : "7888",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/7889",
"name" : "7889",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://securitytracker.com/id?1007687",
"name" : "1007687",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10192",
"name" : "10192",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106322542104656&w=2",
"name" : "20030910 MSIE->Findeath: break caller-based authorization",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106321757619047&w=2",
"name" : "20030910 MSIE->LinkillerJPU:another caller-based authorization(is broken).",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13676",
"name" : "ie-pointer-zone-bypass(13676)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A472",
"name" : "oval:org.mitre.oval:def:472",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A359",
"name" : "oval:org.mitre.oval:def:359",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A357",
"name" : "oval:org.mitre.oval:def:357",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A356",
"name" : "oval:org.mitre.oval:def:356",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A353",
"name" : "oval:org.mitre.oval:def:353",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A352",
"name" : "oval:org.mitre.oval:def:352",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A351",
"name" : "oval:org.mitre.oval:def:351",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048",
"name" : "MS03-048",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the \"Function Pointer Override Cross Domain\" vulnerability."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-02-03T05:00Z",
"lastModifiedDate" : "2018-10-12T21:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0816",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.kb.cert.org/vuls/id/652452",
"name" : "VU#652452",
"refsource" : "CERT-VN",
"tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.safecenter.net/UMBRELLAWEBV4/NAFfileJPU/NAFfileJPU-Content.htm",
"name" : "http://www.safecenter.net/UMBRELLAWEBV4/NAFfileJPU/NAFfileJPU-Content.htm",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.safecenter.net/UMBRELLAWEBV4/WsOpenFileJPU/WsOpenFileJPU-Content.HTM",
"name" : "http://www.safecenter.net/UMBRELLAWEBV4/WsOpenFileJPU/WsOpenFileJPU-Content.HTM",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.safecenter.net/liudieyu/WsBASEjpu/WsBASEjpu-Content.HTM",
"name" : "http://www.safecenter.net/liudieyu/WsBASEjpu/WsBASEjpu-Content.HTM",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.safecenter.net/liudieyu/WsFakeSrc/WsFakeSrc-Content.HTM",
"name" : "http://www.safecenter.net/liudieyu/WsFakeSrc/WsFakeSrc-Content.HTM",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.safecenter.net/liudieyu/WsOpenJpuInHistory/WsOpenJpuInHistory-Content.HTM",
"name" : "http://www.safecenter.net/liudieyu/WsOpenJpuInHistory/WsOpenJpuInHistory-Content.HTM",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.safecenter.net/liudieyu/NAFjpuInHistory/NAFjpuInHistory-Content.HTM",
"name" : "http://www.safecenter.net/liudieyu/NAFjpuInHistory/NAFjpuInHistory-Content.HTM",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.safecenter.net/liudieyu/BackMyParent2/BackMyParent2-Content.HTM",
"name" : "http://www.safecenter.net/liudieyu/BackMyParent2/BackMyParent2-Content.HTM",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.safecenter.net/liudieyu/BackMyParent/BackMyParent-content.htm",
"name" : "http://www.safecenter.net/liudieyu/BackMyParent/BackMyParent-content.htm",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.safecenter.net/liudieyu/RefBack/RefBack-Content.HTM",
"name" : "http://www.safecenter.net/liudieyu/RefBack/RefBack-Content.HTM",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/337086",
"name" : "20030911 LiuDieYu's missing files are here.",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/771604",
"name" : "VU#771604",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://www.securityfocus.com/archive/1/336937",
"name" : "20030910 MSIE->NAFfileJPU",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-09/0146.html",
"name" : "20030910 MSIE->WsOpenJpuInHistory",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://securitytracker.com/id?1007687",
"name" : "1007687",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10192",
"name" : "10192",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106321882821788&w=2",
"name" : "20030910 MSIE->WsOpenFileJPU",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106322240132721&w=2",
"name" : "20030910 MSIE->BackMyParent2:Multi-Thread version",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106322063729496&w=2",
"name" : "20030910 MSIE->WsBASEjpu",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106321781819727&w=2",
"name" : "20030910 MSIE->WsFakeSrc",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106321638416884&w=2",
"name" : "20030910 MSIE->RefBack",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106321693517858&w=2",
"name" : "20030910 MSIE->NAFjpuInHistory",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A479",
"name" : "oval:org.mitre.oval:def:479",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A459",
"name" : "oval:org.mitre.oval:def:459",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A416",
"name" : "oval:org.mitre.oval:def:416",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A409",
"name" : "oval:org.mitre.oval:def:409",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A363",
"name" : "oval:org.mitre.oval:def:363",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A362",
"name" : "oval:org.mitre.oval:def:362",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A361",
"name" : "oval:org.mitre.oval:def:361",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048",
"name" : "MS03-048",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the \"Script URLs Cross Domain\" vulnerability."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-02-03T05:00Z",
"lastModifiedDate" : "2018-10-12T21:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0817",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/9012",
"name" : "9012",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://secunia.com/advisories/10192",
"name" : "10192",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A566",
"name" : "oval:org.mitre.oval:def:566",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A556",
"name" : "oval:org.mitre.oval:def:556",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A549",
"name" : "oval:org.mitre.oval:def:549",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A548",
"name" : "oval:org.mitre.oval:def:548",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A543",
"name" : "oval:org.mitre.oval:def:543",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A520",
"name" : "oval:org.mitre.oval:def:520",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A508",
"name" : "oval:org.mitre.oval:def:508",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048",
"name" : "MS03-048",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-02-03T05:00Z",
"lastModifiedDate" : "2018-10-12T21:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0818",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.kb.cert.org/vuls/id/216324",
"name" : "VU#216324",
"refsource" : "CERT-VN",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/583108",
"name" : "VU#583108",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://www.us-cert.gov/cas/techalerts/TA04-041A.html",
"name" : "TA04-041A",
"refsource" : "CERT",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://marc.info/?l=ntbugtraq&m=107650972617367&w=2",
"name" : "20040210 EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption",
"refsource" : "NTBUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=107643892224825&w=2",
"name" : "20040210 EEYE: Microsoft ASN.1 Library Bit String Heap Corruption",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=107643836125615&w=2",
"name" : "20040210 EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=ntbugtraq&m=107650972723080&w=2",
"name" : "20040210 EEYE: Microsoft ASN.1 Library Bit String Heap Corruption",
"refsource" : "NTBUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A799",
"name" : "oval:org.mitre.oval:def:799",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A797",
"name" : "oval:org.mitre.oval:def:797",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A796",
"name" : "oval:org.mitre.oval:def:796",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A653",
"name" : "oval:org.mitre.oval:def:653",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-007",
"name" : "MS04-007",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:r2:*:64-bit:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:workstation:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-03-03T05:00Z",
"lastModifiedDate" : "2019-04-30T14:27Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0819",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-119"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.kb.cert.org/vuls/id/749342",
"name" : "VU#749342",
"refsource" : "CERT-VN",
"tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.cert.org/advisories/CA-2004-01.html",
"name" : "CA-2004-01",
"refsource" : "CERT",
"tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.securityfocus.com/bid/9408",
"name" : "9408",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.uniras.gov.uk/vuls/2004/006489/h323.htm",
"name" : "http://www.uniras.gov.uk/vuls/2004/006489/h323.htm",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/9406",
"name" : "9406",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.securitytracker.com/id?1008698",
"name" : "1008698",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10611",
"name" : "10611",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A478",
"name" : "oval:org.mitre.oval:def:478",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-001",
"name" : "MS04-001",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in the H.323 filter of Microsoft Internet Security and Acceleration Server 2000 allows remote attackers to execute arbitrary code in the Microsoft Firewall Service via certain H.323 traffic, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:proxy_server:2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:proxy_server:2.0:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-02-17T05:00Z",
"lastModifiedDate" : "2018-10-12T21:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0820",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-10/0163.html",
"name" : "20031015 Few issues previously unpublished in English",
"refsource" : "BUGTRAQ",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/8835",
"name" : "8835",
"refsource" : "BID",
"tags" : [ "Patch", "Third Party Advisory", "VDB Entry", "Vendor Advisory" ]
}, {
"url" : "http://www.security.nnov.ru/search/document.asp?docid=5243",
"name" : "http://www.security.nnov.ru/search/document.asp?docid=5243",
"refsource" : "MISC",
"tags" : [ "Third Party Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13682",
"name" : "word-macro-execute-code(13682)",
"refsource" : "XF",
"tags" : [ "Third Party Advisory", "VDB Entry" ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A668",
"name" : "oval:org.mitre.oval:def:668",
"refsource" : "OVAL",
"tags" : [ "Third Party Advisory" ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A586",
"name" : "oval:org.mitre.oval:def:586",
"refsource" : "OVAL",
"tags" : [ "Third Party Advisory" ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A585",
"name" : "oval:org.mitre.oval:def:585",
"refsource" : "OVAL",
"tags" : [ "Third Party Advisory" ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A336",
"name" : "oval:org.mitre.oval:def:336",
"refsource" : "OVAL",
"tags" : [ "Third Party Advisory" ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-050",
"name" : "MS03-050",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites 2001 through 2004, do not properly check the length of the \"Macro names\" data value, which could allow remote attackers to execute arbitrary code via a buffer overflow attack."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:word:98:*:*:zh:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:word:98:*:*:ja:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:word:2000:*:*:ko:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:word:2000:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:works:2001:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:works:2002:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:word:97:*:*:ja:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:word:97:*:*:ko:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:word:97:sr1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:word:98:sr2:*:ja:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:word:2000:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:word:97:sr2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:word:2002:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:word:2000:sr1a:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:word:98:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:word:97:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:word:2000:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:word:2002:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:works:2003:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:word:2002:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:word:2000:sr1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:works:2004:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:word:97:*:*:zh:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:word:98:*:*:ko:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:word:2000:*:*:zh:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:word:2000:*:*:ja:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:word:98:sr1:*:ja:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-15T05:00Z",
"lastModifiedDate" : "2018-10-12T21:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0821",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/9010",
"name" : "9010",
"refsource" : "BID",
"tags" : [ "Third Party Advisory", "VDB Entry" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13681",
"name" : "excel-macro-execute-code(13681)",
"refsource" : "XF",
"tags" : [ "Third Party Advisory", "VDB Entry" ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A695",
"name" : "oval:org.mitre.oval:def:695",
"refsource" : "OVAL",
"tags" : [ "Third Party Advisory" ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A675",
"name" : "oval:org.mitre.oval:def:675",
"refsource" : "OVAL",
"tags" : [ "Third Party Advisory" ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A636",
"name" : "oval:org.mitre.oval:def:636",
"refsource" : "OVAL",
"tags" : [ "Third Party Advisory" ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-050",
"name" : "MS03-050",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Microsoft Excel 97, 2000, and 2002 allows remote attackers to execute arbitrary code via a spreadsheet with a malicious XLM (Excel 4) macro that bypasses the macro security model."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:word:97:*:*:zh:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:word:97:*:*:ja:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:word:98:sr1:*:ja:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:word:98:sr2:*:ja:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:word:2000:sr1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:word:2000:sr1a:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:works:2004:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:word:97:sr2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:word:98:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:word:2000:*:*:ja:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:word:2000:*:*:ko:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:word:2002:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:word:2000:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:word:97:sr1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:works:2001:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:word:97:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:works:2002:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:word:2000:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:word:2002:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:works:2003:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:word:2000:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:word:2002:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:word:97:*:*:ko:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:word:98:*:*:zh:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:word:98:*:*:ja:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:word:98:*:*:ko:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:word:2000:*:*:zh:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-15T05:00Z",
"lastModifiedDate" : "2018-10-12T21:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0822",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.kb.cert.org/vuls/id/279156",
"name" : "VU#279156",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://secunia.com/advisories/10195",
"name" : "10195",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106865318904055&w=2",
"name" : "20031112 Frontpage Extensions Remote Command Execution",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=ntbugtraq&m=106862654906759&w=2",
"name" : "20031112 Frontpage Extensions Remote Command Execution",
"refsource" : "NTBUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13674",
"name" : "fpse-debug-bo(13674)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A743",
"name" : "oval:org.mitre.oval:def:743",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A699",
"name" : "oval:org.mitre.oval:def:699",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A367",
"name" : "oval:org.mitre.oval:def:367",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A366",
"name" : "oval:org.mitre.oval:def:366",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A364",
"name" : "oval:org.mitre.oval:def:364",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-051",
"name" : "MS03-051",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in the debug functionality in fp30reg.dll of Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to execute arbitrary code via a crafted chunked encoded request."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:frontpage_server_extensions:2000:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:frontpage_server_extensions:2002:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:sharepoint_team_services:2002:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-15T05:00Z",
"lastModifiedDate" : "2019-04-30T14:27Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0823",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/337086",
"name" : "20030911 LiuDieYu's missing files are here.",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/413886",
"name" : "VU#413886",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://secunia.com/advisories/10192",
"name" : "10192",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://www.securitytracker.com/id?1006036",
"name" : "1006036",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106322197932006&w=2",
"name" : "20030910 MSIE->HijackClick: 1+1=2",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A733",
"name" : "oval:org.mitre.oval:def:733",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A588",
"name" : "oval:org.mitre.oval:def:588",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A372",
"name" : "oval:org.mitre.oval:def:372",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A371",
"name" : "oval:org.mitre.oval:def:371",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A370",
"name" : "oval:org.mitre.oval:def:370",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A369",
"name" : "oval:org.mitre.oval:def:369",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A368",
"name" : "oval:org.mitre.oval:def:368",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-048",
"name" : "MS03-048",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Internet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-02-03T05:00Z",
"lastModifiedDate" : "2018-10-12T21:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0824",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.kb.cert.org/vuls/id/179012",
"name" : "VU#179012",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://secunia.com/advisories/10195",
"name" : "10195",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13680",
"name" : "fpse-smarthtml-dos(13680)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A762",
"name" : "oval:org.mitre.oval:def:762",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A625",
"name" : "oval:org.mitre.oval:def:625",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A606",
"name" : "oval:org.mitre.oval:def:606",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A591",
"name" : "oval:org.mitre.oval:def:591",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A308",
"name" : "oval:org.mitre.oval:def:308",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-051",
"name" : "MS03-051",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in Microsoft FrontPage Server Extensions 2000 and 2002, and Microsoft SharePoint Team Services 2002, allows remote attackers to cause a denial of service (response failure) via a certain request."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:frontpage_server_extensions:2002:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:sharepoint_team_services:2002:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:frontpage_server_extensions:2000:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-15T05:00Z",
"lastModifiedDate" : "2019-04-30T14:27Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0825",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-20"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/9624",
"name" : "9624",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/445214",
"name" : "VU#445214",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://www.ciac.org/ciac/bulletins/o-077.shtml",
"name" : "O-077",
"refsource" : "CIAC",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/3903",
"name" : "3903",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A802",
"name" : "oval:org.mitre.oval:def:802",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A801",
"name" : "oval:org.mitre.oval:def:801",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A800",
"name" : "oval:org.mitre.oval:def:800",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A704",
"name" : "oval:org.mitre.oval:def:704",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15037",
"name" : "win-wins-gsflag-dos(15037)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-006",
"name" : "MS04-006",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The Windows Internet Naming Service (WINS) for Microsoft Windows Server 2003, and possibly Windows NT and Server 2000, does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:*:r2:x64:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp4:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp1:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp2:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp3:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp5:terminal_server:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 9.3
},
"severity" : "HIGH",
"exploitabilityScore" : 8.6,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-03-03T05:00Z",
"lastModifiedDate" : "2019-04-30T14:27Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0826",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010496.html",
"name" : "20030919 lsh patch (was Re: [Full-Disclosure] new ssh exploit?)",
"refsource" : "FULLDISC",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2005/dsa-717",
"name" : "DSA-717",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://lists.lysator.liu.se/pipermail/lsh-bugs/2003q3/000120.html",
"name" : "http://lists.lysator.liu.se/pipermail/lsh-bugs/2003q3/000120.html",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://bugs.debian.org/211662",
"name" : "http://bugs.debian.org/211662",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106407188509874&w=2",
"name" : "20030920 LSH: Buffer overrun and remote root compromise in lshd",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106398939512178&w=2",
"name" : "20030919 Remote root vuln in lsh 1.4.x",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "lsh daemon (lshd) does not properly return from certain functions in (1) read_line.c, (2) channel_commands.c, or (3) client_keyexchange.c when long input is provided, which could allow remote attackers to execute arbitrary code via a heap-based buffer overflow attack."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:lsh:1.4.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:lsh:1.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:lsh:1.4.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-06T04:00Z",
"lastModifiedDate" : "2016-10-18T02:37Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0827",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=IY47686&apar=only",
"name" : "IY47686",
"refsource" : "AIXAPAR",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106399616919636&w=2",
"name" : "20030919 AppSecInc Security Alert: Denial of Service Vulnerability in DB2 Discovery Service",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The DB2 Discovery Service for IBM DB2 before FixPak 10a allows remote attackers to cause a denial of service (crash) via a long packet to UDP port 523."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:db2_universal_database:7.1:*:linux:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:db2_universal_database:7.2:*:linux:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-06T04:00Z",
"lastModifiedDate" : "2016-10-18T02:37Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0828",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-391",
"name" : "DSA-391",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/8716",
"name" : "8716",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13301",
"name" : "freesweep-bo(13301)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in freesweep in Debian GNU/Linux 3.0 allows local users to gain \"games\" group privileges when processing environment variables."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gus_and_psilord:freesweep:0.90:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gus_and_psilord:freesweep:0.88:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-03-29T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0830",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-390",
"name" : "DSA-390",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in marbles 1.0.2 and earlier allows local users to gain privileges via a long HOME environment variable."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:marbles:marbles:1.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-17T05:00Z",
"lastModifiedDate" : "2008-09-10T19:20Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0831",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-119"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://xforce.iss.net/xforce/alerts/id/154",
"name" : "20030923 ProFTPD ASCII File Remote Compromise Vulnerability",
"refsource" : "ISS",
"tags" : [ ]
}, {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012072.html",
"name" : "20031014 Another ProFTPd root EXPLOIT ?",
"refsource" : "FULLDISC",
"tags" : [ ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/405348",
"name" : "VU#405348",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://secunia.com/advisories/9829",
"name" : "9829",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:095",
"name" : "MDKSA-2003:095",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106606885611269&w=2",
"name" : "20031013 Remote root exploit for proftpd \\n bug",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106441655617816&w=2",
"name" : "20030924 [slackware-security] ProFTPD Security Advisory (SSA:2003-259-02)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12200",
"name" : "proftpd-ascii-xfer-newline-bo(12200)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://www.exploit-db.com/exploits/107/",
"name" : "107",
"refsource" : "EXPLOIT-DB",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "ProFTPD 1.2.7 through 1.2.9rc2 does not properly translate newline characters when transferring files in ASCII mode, which allows remote attackers to execute arbitrary code via a buffer overflow using certain files."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:proftpd_project:proftpd:1.2.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:proftpd_project:proftpd:1.2.9_rc2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:proftpd_project:proftpd:1.2.8_rc2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:proftpd_project:proftpd:1.2.9_rc1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:proftpd_project:proftpd:1.2.7_rc1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:proftpd_project:proftpd:1.2.7_rc2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:proftpd_project:proftpd:1.2.7_rc3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:proftpd_project:proftpd:1.2.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:proftpd_project:proftpd:1.2.8_rc1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "SINGLE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 9.0
},
"severity" : "HIGH",
"exploitabilityScore" : 8.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-17T05:00Z",
"lastModifiedDate" : "2017-10-05T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0832",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-392",
"name" : "DSA-392",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Directory traversal vulnerability in webfs before 1.20 allows remote attackers to read arbitrary files via .. (dot dot) sequences in a Hostname header."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:webfs:webfs:1.17:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:webfs:webfs:1.18:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:webfs:webfs:1.19:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:webfs:webfs:1.20:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-17T05:00Z",
"lastModifiedDate" : "2008-09-10T19:20Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0833",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-392",
"name" : "DSA-392",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Stack-based buffer overflow in webfs before 1.20 allows attackers to execute arbitrary code by creating directories that result in a long pathname."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:webfs:webfs:1.17:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:webfs:webfs:1.19:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:webfs:webfs:1.18:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:webfs:webfs:1.20:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-17T05:00Z",
"lastModifiedDate" : "2008-09-10T19:20Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0834",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.kb.cert.org/vuls/id/575804",
"name" : "VU#575804",
"refsource" : "CERT-VN",
"tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.securityfocus.com/bid/8973",
"name" : "8973",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://archives.neohapsis.com/archives/hp/2003-q4/0047.html",
"name" : "HPSBUX0311-297",
"refsource" : "HP",
"tags" : [ ]
}, {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20040801-01-P",
"name" : "20040801-01-P",
"refsource" : "SGI",
"tags" : [ ]
}, {
"url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57414",
"name" : "57414",
"refsource" : "SUNALERT",
"tags" : [ ]
}, {
"url" : "http://www.idefense.com/application/poi/display?id=134&type=vulnerabilities&flashstatus=false",
"name" : "20040825 CDE libDtHelp LOGNAME Buffer Overflow Vulnerability",
"refsource" : "IDEFENSE",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5141",
"name" : "oval:org.mitre.oval:def:5141",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in CDE libDtHelp library allows local users to execute arbitrary code via (1) a modified DTHELPUSERSEARCHPATH environment variable and the Help feature, (2) DTSEARCHPATH, or (3) LOGNAME."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sco:unixware:7.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sco:unixware:7.1.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sco:open_unix:8.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-01T05:00Z",
"lastModifiedDate" : "2018-05-03T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0835",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.mplayerhq.hu/homepage/design6/news.html",
"name" : "http://www.mplayerhq.hu/homepage/design6/news.html",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000760",
"name" : "CLA-2003:760",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106454257221455&w=2",
"name" : "20030925 MPlayer Security Advisory #01: Remotely exploitable buffer overflow",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106485005213109&w=2",
"name" : "20030929 GLSA: media-video/mplayer (200309-15)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106460912721618&w=2",
"name" : "20030926 Mplayer Buffer Overflow",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple buffer overflows in asf_http_request of MPlayer before 0.92 allows remote attackers to execute arbitrary code via an ASX header with a long hostname."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mplayer:mplayer:1.0_pre1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mplayer:mplayer:0.90_rc4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mplayer:mplayer:0.91:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mplayer:mplayer:0.90:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mplayer:mplayer:0.90_pre:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mplayer:mplayer:0.90_rc:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-17T05:00Z",
"lastModifiedDate" : "2016-10-18T02:37Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0836",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2 before Fixpak 10 and 10a, and 8.1 before Fixpak 2, allows attackers with \"Connect\" privileges to execute arbitrary code via a LOAD command."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:db2_universal_database:7.2:*:linux:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:db2_universal_database:8.1:*:aix:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-17T05:00Z",
"lastModifiedDate" : "2008-09-10T19:20Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0837",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/8743",
"name" : "8743",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106503709914622&w=2",
"name" : "20031001 ptl-2003-02: IBM DB2 INVOKE Command Stack Overflow Vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13331",
"name" : "db2-invoke-bo(13331)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2 for Windows, before Fixpak 10a, allows attackers with \"Connect\" privileges to execute arbitrary code via the INVOKE command."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:db2_universal_database:7.2:*:linux:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-17T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0838",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009639.html",
"name" : "20030907 BAD NEWS: Microsoft Security Bulletin MS03-032",
"refsource" : "FULLDISC",
"tags" : [ ]
}, {
"url" : "http://securityresponse.symantec.com/avcenter/venc/data/trojan.qhosts.html",
"name" : "http://securityresponse.symantec.com/avcenter/venc/data/trojan.qhosts.html",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0310&L=ntbugtraq&F=P&S=&P=2169",
"name" : "20031001 DNS/Hosts file issues",
"refsource" : "NTBUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/8556",
"name" : "8556",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/7872",
"name" : "7872",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106304733121753&w=2",
"name" : "20030907 BAD NEWS: Microsoft Security Bulletin MS03-032",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=ntbugtraq&m=106302799428500&w=2",
"name" : "20030907 BAD NEWS: Microsoft Security Bulletin MS03-032",
"refsource" : "NTBUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106304876523459&w=2",
"name" : "20030908 Temporary Fix for IE Zero Day Malware RE: BAD NEWS: Microsoft Security Bulletin MS03-032",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13314",
"name" : "ie-popup-code-execution(13314)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A204",
"name" : "oval:org.mitre.oval:def:204",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-040",
"name" : "MS03-040",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Internet Explorer allows remote attackers to bypass zone restrictions to inject and execute arbitrary programs by creating a popup window and inserting ActiveX object code with a \"data\" tag pointing to the malicious code, which Internet Explorer treats as HTML or Javascript, but later executes as an HTA application, a different vulnerability than CVE-2003-0532, and as exploited using the QHosts Trojan horse (aka Trojan.Qhosts, QHosts-1, VBS.QHOSTS, or aolfix.exe)."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-17T05:00Z",
"lastModifiedDate" : "2018-10-12T21:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0839",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.geocities.co.jp/SiliconValley/1667/advisory08e.html",
"name" : "http://www.geocities.co.jp/SiliconValley/1667/advisory08e.html",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106563075612028&w=2",
"name" : "20031008 Microsoft Windows Server 2003 \"Shell Folders\" Directory Traversal Vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Directory traversal vulnerability in the \"Shell Folders\" capability in Microsoft Windows Server 2003 allows remote attackers to read arbitrary files via .. (dot dot) sequences in a \"shell:\" link."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-17T05:00Z",
"lastModifiedDate" : "2016-10-18T02:37Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0840",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=106563181313571&w=2",
"name" : "20031008 HPUX dtprintinfo buffer overflow vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in dtprintinfo on HP-UX 11.00, and possibly other operating systems, allows local users to gain root privileges via a long DISPLAY environment variable."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-17T05:00Z",
"lastModifiedDate" : "2016-10-18T02:37Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0841",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=106554919000847&w=2",
"name" : "20031007 PeopleSoft Grid Option Vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ "Mailing List" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The grid option in PeopleSoft 8.42 stores temporary .xls files in guessable directories under the web document root, which allows remote attackers to steal search results by directly accessing the files via a URL request."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:peopletools:8.42:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"acInsufInfo" : false,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-17T05:00Z",
"lastModifiedDate" : "2019-08-19T15:38Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0842",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=105457180009860&w=2",
"name" : "20030601 Mod_gzip Debug Mode Vulnerabilities",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Stack-based buffer overflow in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode, allows remote attackers to execute arbitrary code via a long filename in a GET request with an \"Accept-Encoding: gzip\" header."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:dag_apt_repository:mod_gzip:1.3.26.1a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-17T05:00Z",
"lastModifiedDate" : "2016-10-18T02:37Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0843",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=105457180009860&w=2",
"name" : "20030601 Mod_gzip Debug Mode Vulnerabilities",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an \"Accept-Encoding: gzip\" header."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:dag_apt_repository:mod_gzip:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "1.3.26.1a",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-17T05:00Z",
"lastModifiedDate" : "2016-10-18T02:37Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0844",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=105457180009860&w=2",
"name" : "20030601 Mod_gzip Debug Mode Vulnerabilities",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the \"Strengthen default permissions of internal system objects\" policy is not enabled."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:dag_apt_repository:mod_gzip:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "1.3.26.1a",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 2.1
},
"severity" : "LOW",
"exploitabilityScore" : 3.9,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-17T05:00Z",
"lastModifiedDate" : "2016-10-18T02:37Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0845",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-89"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/8773",
"name" : "8773",
"refsource" : "BID",
"tags" : [ "Patch", "Third Party Advisory", "VDB Entry", "Vendor Advisory" ]
}, {
"url" : "http://sourceforge.net/docman/display_doc.php?docid=19314&group_id=22866",
"name" : "http://sourceforge.net/docman/display_doc.php?docid=19314&group_id=22866",
"refsource" : "CONFIRM",
"tags" : [ "Broken Link" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2007-1048.html",
"name" : "RHSA-2007:1048",
"refsource" : "REDHAT",
"tags" : [ "Third Party Advisory" ]
}, {
"url" : "http://secunia.com/advisories/27914",
"name" : "27914",
"refsource" : "SECUNIA",
"tags" : [ "Not Applicable" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106547728803252&w=2",
"name" : "20031006 Update JBoss 308 & 321: Remote Command Injection",
"refsource" : "BUGTRAQ",
"tags" : [ "Mailing List", "Third Party Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106546044416498&w=2",
"name" : "20031005 JBoss 3.2.1: Remote Command Injection",
"refsource" : "BUGTRAQ",
"tags" : [ "Mailing List", "Third Party Advisory" ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11300",
"name" : "oval:org.mitre.oval:def:11300",
"refsource" : "OVAL",
"tags" : [ "Tool Signature" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unknown vulnerability in the HSQLDB component in JBoss 3.2.1 and 3.0.8 on Java 1.4.x platforms, when running in the default configuration, allows remote attackers to conduct unauthorized activities and possibly execute arbitrary code via certain SQL statements to (1) TCP port 1701 in JBoss 3.2.1, and (2) port 1476 in JBoss 3.0.8."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:jboss:jboss:3.0.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:jboss:jboss:3.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-17T05:00Z",
"lastModifiedDate" : "2020-03-24T14:57Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0846",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=106546177518140&w=2",
"name" : "20031006 Local root exploit in SuSE Linux 7.3Pro",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106546531922379&w=2",
"name" : "20031006 Re: Local root exploit in SuSE Linux 8.2Pro",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "SuSEconfig.javarunt in the javarunt package on SuSE Linux 7.3Pro allows local users to overwrite arbitrary files via a symlink attack on the .java_wrapper temporary file."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:suse:suse_linux:7.3:*:pro:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-17T05:00Z",
"lastModifiedDate" : "2016-10-18T02:37Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0847",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=106545972615578&w=2",
"name" : "20031006 Local root exploit in SuSE Linux 8.2Pro",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106546531922379&w=2",
"name" : "20031006 Re: Local root exploit in SuSE Linux 8.2Pro",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "SuSEconfig.susewm in the susewm package on SuSE Linux 8.2Pro allows local users to overwrite arbitrary files via a symlink attack on the susewm.$$ temporary file."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:suse:suse_linux:8.2:*:professional:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-17T05:00Z",
"lastModifiedDate" : "2016-10-18T02:37Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0848",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2004/dsa-428",
"name" : "DSA-428",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.ebitech.sk/patrik/SA/SA-20031006.txt",
"name" : "http://www.ebitech.sk/patrik/SA/SA-20031006.txt",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.ebitech.sk/patrik/SA/SA-20031006-A.txt",
"name" : "http://www.ebitech.sk/patrik/SA/SA-20031006-A.txt",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.trustix.org/errata/misc/2004/TSL-2004-0005-slocate.asc.txt",
"name" : "2004-0005",
"refsource" : "TRUSTIX",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2004-041.html",
"name" : "RHSA-2004:041",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc",
"name" : "20040201-01-U",
"refsource" : "SGI",
"tags" : [ ]
}, {
"url" : "ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2004-001.0/CSSA-2004-001.0.txt",
"name" : "CSSA-2004-001.0",
"refsource" : "SCO",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/archives/fedora-announce-list/2004-January/msg00009.html",
"name" : "FEDORA-2004-059",
"refsource" : "FEDORA",
"tags" : [ ]
}, {
"url" : "http://rhn.redhat.com/errata/RHSA-2004-040.html",
"name" : "RHSA-2004:040",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc",
"name" : "20040202-01-U",
"refsource" : "SGI",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:004",
"name" : "MDKSA-2004:004",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10670",
"name" : "10670",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10683",
"name" : "10683",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10686",
"name" : "10686",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10698",
"name" : "10698",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10702",
"name" : "10702",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10720",
"name" : "10720",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10722",
"name" : "10722",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/9962/",
"name" : "9962",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106589631819348&w=2",
"name" : "20031011 SA-20031006 slocate buffer overflow - exploitation proof",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106546447321274&w=2",
"name" : "20031006 SA-20031006 slocate vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A821",
"name" : "oval:org.mitre.oval:def:821",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11033",
"name" : "oval:org.mitre.oval:def:11033",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Heap-based buffer overflow in main.c of slocate 2.6, and possibly other versions, may allow local users to gain privileges via a modified slocate database that causes a negative \"pathlen\" value to be used."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:slocate:slocate:2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:slocate:slocate:2.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:slocate:slocate:2.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:slocate:slocate:2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:slocate:slocate:2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:slocate:slocate:2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-17T05:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0849",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=106546086216984&w=2",
"name" : "20031005 GLSA: cfengine (200310-02)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106451047819552&w=2",
"name" : "20030925 Cfengine2 cfservd remote stack overflow",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106485375218280&w=2",
"name" : "20030928 cfengine2-2.0.3 remote exploit for redhat",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in net.c for cfengine 2.x before 2.0.8 allows remote attackers to execute arbitrary code via certain packets with modified length values, which is trusted by the ReceiveTransaction function when using a buffer provided by the BusyWithConnection function."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:cfengine:2.0.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:cfengine:2.0.5:pre:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:cfengine:2.0.5:pre2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:cfengine:2.1.0:a8:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:cfengine:2.1.0:a9:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:cfengine:2.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:cfengine:2.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:cfengine:2.0.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:cfengine:2.0.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:cfengine:2.0.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:cfengine:2.0.5:b1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:cfengine:2.0.7:p1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:cfengine:2.1.0:a6:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:cfengine:2.0.7:p2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:cfengine:2.0.7:p3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:cfengine:2.0.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:cfengine:2.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-17T05:00Z",
"lastModifiedDate" : "2016-10-18T02:38Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0850",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://sourceforge.net/project/shownotes.php?release_id=191323",
"name" : "http://sourceforge.net/project/shownotes.php?release_id=191323",
"refsource" : "CONFIRM",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.debian.org/security/2004/dsa-410",
"name" : "DSA-410",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000773",
"name" : "CLA-2003:773",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10543",
"name" : "10543",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106728224210446&w=2",
"name" : "20031027 Libnids <= 1.17 buffer overflow",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The TCP reassembly functionality in libnids before 1.18 allows remote attackers to cause \"memory corruption\" and possibly execute arbitrary code via \"overlarge TCP packets.\""
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:rafal_wojtczuk:libnids:1.17:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:dug_song:dsniff:2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:rafal_wojtczuk:libnids:1.14:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:rafal_wojtczuk:libnids:1.16:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:rafal_wojtczuk:libnids:1.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:rafal_wojtczuk:libnids:1.12:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:rafal_wojtczuk:libnids:1.13:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-17T05:00Z",
"lastModifiedDate" : "2016-10-18T02:38Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0851",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.openssl.org/news/secadv_20031104.txt",
"name" : "http://www.openssl.org/news/secadv_20031104.txt",
"refsource" : "CONFIRM",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/412478",
"name" : "VU#412478",
"refsource" : "CERT-VN",
"tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.securityfocus.com/bid/8970",
"name" : "8970",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.cisco.com/warp/public/707/cisco-sa-20030930-ssl.shtml",
"name" : "20030930 SSL Implementation Vulnerabilities",
"refsource" : "CISCO",
"tags" : [ ]
}, {
"url" : "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-003.txt.asc",
"name" : "NetBSD-SA2004-003",
"refsource" : "NETBSD",
"tags" : [ ]
}, {
"url" : "http://rhn.redhat.com/errata/RHSA-2004-119.html",
"name" : "RHSA-2004:119",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20040304-01-U.asc",
"name" : "20040304-01-U",
"refsource" : "SGI",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00087.html",
"name" : "FEDORA-2005-1042",
"refsource" : "FEDORA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/17381",
"name" : "17381",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106796246511667&w=2",
"name" : "20031104 [OpenSSL Advisory] Denial of Service in ASN.1 parsing",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=108403850228012&w=2",
"name" : "20040508 [FLSA-2004:1395] Updated OpenSSL resolves security vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5528",
"name" : "oval:org.mitre.oval:def:5528",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "AND",
"children" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1\\(11\\)e:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2sy:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1\\(11b\\)e:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2sx:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cisco:css11000_content_services_switch:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cisco:pix_firewall:6.2.2_.111:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(1\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(2\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(3\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(1\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(3.102\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(4.101\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(2\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(5\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(3\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(3\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(4\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(2\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(4\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(1\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(1\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ],
"cpe_match" : [ ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-01T05:00Z",
"lastModifiedDate" : "2018-10-30T16:26Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0852",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/8877",
"name" : "8877",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012542.html",
"name" : "20031022 Sylpheed-claws format string bug, yet still sylpheed much better than windows",
"refsource" : "FULLDISC",
"tags" : [ ]
}, {
"url" : "http://www.guninski.com/sylph.html",
"name" : "http://www.guninski.com/sylph.html",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://sylpheed.good-day.net/#changes",
"name" : "http://sylpheed.good-day.net/#changes",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13508",
"name" : "sylpheed-smtp-format-string(13508)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Format string vulnerability in send_message.c for Sylpheed-claws 0.9.4 through 0.9.6 allows remote SMTP servers to cause a denial of service (crash) in sylpheed via format strings in an error message."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sylpheed-claws:sylpheed-claws:0.9.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sylpheed-claws:sylpheed-claws:0.9.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sylpheed:sylpheed:0.9.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sylpheed:sylpheed:0.9.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sylpheed-claws:sylpheed-claws:0.9.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sylpheed:sylpheed:0.9.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-17T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0853",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/8875",
"name" : "8875",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012548.html",
"name" : "20031022 Fun with /bin/ls, yet still ls better than windows",
"refsource" : "FULLDISC",
"tags" : [ ]
}, {
"url" : "http://www.guninski.com/binls.html",
"name" : "http://www.guninski.com/binls.html",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-309.html",
"name" : "RHSA-2003:309",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-310.html",
"name" : "RHSA-2003:310",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/advisories/6014",
"name" : "IMNX-2003-7+-026-01",
"refsource" : "IMMUNIX",
"tags" : [ ]
}, {
"url" : "http://www.turbolinux.com/security/TLSA-2003-60.txt",
"name" : "TLSA-2003-60",
"refsource" : "TURBO",
"tags" : [ ]
}, {
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf",
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10126",
"name" : "10126",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/17069",
"name" : "17069",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000768",
"name" : "CLA-2003:768",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000771",
"name" : "CLA-2003:771",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:106",
"name" : "MDKSA-2003:106",
"refsource" : "MANDRAKE",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "An integer overflow in ls in the fileutils or coreutils packages may allow local users to cause a denial of service or execute arbitrary code via a large -w value, which could be remotely exploited via applications that use ls, such as wu-ftpd."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:fileutils:4.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:fileutils:4.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr12:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr14:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.6.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:fileutils:4.1.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:fileutils:4.1.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.4.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18:*:academ:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_vr17:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:fileutils:4.0.36:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_vr16:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr13:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr15:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.6.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta2:*:academ:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-17T05:00Z",
"lastModifiedDate" : "2008-09-10T19:20Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0854",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012548.html",
"name" : "20031022 Fun with /bin/ls, yet still ls better than windows",
"refsource" : "FULLDISC",
"tags" : [ ]
}, {
"url" : "http://www.guninski.com/binls.html",
"name" : "http://www.guninski.com/binls.html",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2005/dsa-705",
"name" : "DSA-705",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-309.html",
"name" : "RHSA-2003:309",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-310.html",
"name" : "RHSA-2003:310",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/advisories/6014",
"name" : "IMNX-2003-7+-026-01",
"refsource" : "IMMUNIX",
"tags" : [ ]
}, {
"url" : "http://www.turbolinux.com/security/TLSA-2003-60.txt",
"name" : "TLSA-2003-60",
"refsource" : "TURBO",
"tags" : [ ]
}, {
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf",
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10126",
"name" : "10126",
"refsource" : "SECUNIA",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://secunia.com/advisories/17069",
"name" : "17069",
"refsource" : "SECUNIA",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000768",
"name" : "CLA-2003:768",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000771",
"name" : "CLA-2003:771",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:106",
"name" : "MDKSA-2003:106",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "https://www.exploit-db.com/exploits/115",
"name" : "115",
"refsource" : "EXPLOIT-DB",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18:*:academ:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.6.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:fileutils:4.1.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.4.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr15:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:fileutils:4.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr14:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_vr17:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:fileutils:4.0.36:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:fileutils:4.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_vr16:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.6.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:fileutils:4.1.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr12:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr13:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta2:*:academ:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.4.2_beta18_vr8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 2.1
},
"severity" : "LOW",
"exploitabilityScore" : 3.9,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-17T05:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0855",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://bugzilla.gnome.org/show_bug.cgi?id=107025",
"name" : "http://bugzilla.gnome.org/show_bug.cgi?id=107025",
"refsource" : "CONFIRM",
"tags" : [ "Exploit", "Patch" ]
}, {
"url" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=107519",
"name" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=107519",
"refsource" : "CONFIRM",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-311.html",
"name" : "RHSA-2003:311",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-312.html",
"name" : "RHSA-2003:312",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc",
"name" : "20040202-01-U",
"refsource" : "SGI",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Pan 0.13.3 and earlier allows remote attackers to cause a denial of service (crash) via a news post with a long author email address."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:charles_kerr:pan:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "0.13.3",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.8
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-03T05:00Z",
"lastModifiedDate" : "2008-09-05T20:35Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0856",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-317.html",
"name" : "RHSA-2003:317",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.debian.org/security/2004/dsa-492",
"name" : "DSA-492",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-316.html",
"name" : "RHSA-2003:316",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/archives/fedora-announce-list/2004-May/msg00004.html",
"name" : "FEDORA-2004-115",
"refsource" : "FEDORA",
"tags" : [ ]
}, {
"url" : "http://www.novell.com/linux/security/advisories/2005_01_sr.html",
"name" : "SUSE-SR:2005:001",
"refsource" : "SUSE",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10912",
"name" : "oval:org.mitre.oval:def:10912",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "iproute 2.4.7 and earlier allows local users to cause a denial of service via spoofed messages as other users to the kernel netlink interface."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:stephen_hemminger:iproute:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "2.4.7",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 4.9
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-15T05:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0857",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-264"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=108574",
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=108574",
"refsource" : "CONFIRM",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The (1) ipq_read and (2) ipulog_read functions in iptables allow local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:3.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:35Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0858",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-399"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-305.html",
"name" : "RHSA-2003:305",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-307.html",
"name" : "RHSA-2003:307",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-315.html",
"name" : "RHSA-2003:315",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.debian.org/security/2004/dsa-415",
"name" : "DSA-415",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://secunia.com/advisories/10563",
"name" : "10563",
"refsource" : "SECUNIA",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10169",
"name" : "oval:org.mitre.oval:def:10169",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Zebra 0.93b and earlier, and quagga before 0.95, allows local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:zebra:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "0.91",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:quagga:quagga_routing_software_suite:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "0.95",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 2.1
},
"severity" : "LOW",
"exploitabilityScore" : 3.9,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-15T05:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0859",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-325.html",
"name" : "RHSA-2003:325",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-334.html",
"name" : "RHSA-2003:334",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11337",
"name" : "oval:org.mitre.oval:def:11337",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The getifaddrs function in GNU libc (glibc) 2.2.4 and earlier allows local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:zebra:0.93b:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:quagga:quagga_routing_software_suite:0.96.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sgi:propack:2.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sgi:propack:2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:zebra:0.92a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:zebra:0.93a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:glibc:2.3.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:zebra:0.91a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_servers:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:linux_advanced_workstation:2.1:*:itanium_processor:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:intel:ia64:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 4.9
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-15T05:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0860",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.php.net/release_4_3_3.php",
"name" : "http://www.php.net/release_4_3_3.php",
"refsource" : "CONFIRM",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.php.net/ChangeLog-4.php#4.3.3",
"name" : "http://www.php.net/ChangeLog-4.php#4.3.3",
"refsource" : "CONFIRM",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflows in PHP before 4.3.3 have unknown impact and unknown attack vectors."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php:php:4.0.1:patch1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php:php:4.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php:php:4.0.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php:php:4.0.7:rc1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php:php:4.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php:php:4.2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php:php:4.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php:php:4.0.3:patch1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php:php:4.0.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php:php:4.0.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php:php:4.3.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php:php:4.2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php:php:4.1.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php:php:4.0.7:rc2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php:php:4.2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php:php:4.3.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php:php:4.0.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php:php:4.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php:php:4.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php:php:4.0.1:patch2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php:php:4.1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php:php:4.0.7:rc3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php:php:4.3.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php:php:4.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php:php:4.2:*:dev:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-17T05:00Z",
"lastModifiedDate" : "2018-10-30T16:25Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0861",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.php.net/release_4_3_3.php",
"name" : "http://www.php.net/release_4_3_3.php",
"refsource" : "CONFIRM",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.php.net/ChangeLog-4.php#4.3.3",
"name" : "http://www.php.net/ChangeLog-4.php#4.3.3",
"refsource" : "CONFIRM",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Integer overflows in (1) base64_encode and (2) the GD library for PHP before 4.3.3 have unknown impact and unknown attack vectors."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php:php:4.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php:php:4.0.1:patch2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php:php:4.0.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php:php:4.0.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php:php:4.2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php:php:4.2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php:php:4.0.7:rc2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php:php:4.0.7:rc3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php:php:4.1.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php:php:4.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php:php:4.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php:php:4.0.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php:php:4.3.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php:php:4.0.7:rc1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php:php:4.3.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php:php:4.0.3:patch1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php:php:4.2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php:php:4.0.1:patch1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php:php:4.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php:php:4.0.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php:php:4.1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php:php:4.3.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php:php:4.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php:php:4.2:*:dev:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php:php:4.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-17T05:00Z",
"lastModifiedDate" : "2018-10-30T16:25Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0862",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ ]
} ]
},
"references" : {
"reference_data" : [ ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2003-0813. Reason: This candidate is a duplicate of CVE-2003-0813. Notes: All CVE users should reference CVE-2003-0813 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ ]
},
"impact" : { },
"publishedDate" : "2003-11-17T05:00Z",
"lastModifiedDate" : "2008-09-10T19:20Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0863",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=105839111204227",
"name" : "20030716 PHP safe mode broken?",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The php_check_safe_mode_include_dir function in fopen_wrappers.c of PHP 4.3.x returns a success value (0) when the safe_mode_include_dir variable is not specified in configuration, which differs from the previous failure value and may allow remote attackers to exploit file include vulnerabilities in PHP applications."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php:php:4.3.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php:php:4.3.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php:php:4.3.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-17T05:00Z",
"lastModifiedDate" : "2018-10-30T16:25Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0864",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/8817",
"name" : "8817",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "ftp://ftp.irc.org/irc/server/ChangeLog",
"name" : "ftp://ftp.irc.org/irc/server/ChangeLog",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000765",
"name" : "CLA-2003:765",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106606129601446&w=2",
"name" : "20031012 buffer overflow in IRCD software",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106667431021928&w=2",
"name" : "20031019 [OpenPKG-SA-2003.045] OpenPKG Security Advisory (ircd)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13408",
"name" : "ircd-mjoin-bo(13408)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in m_join in channel.c for IRCnet IRCD 2.10.x to 2.10.3p3 allows remote attackers to cause a denial of service."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ircnet:ircnet_ircd:2.10.3_p3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ircnet:ircnet_ircd:2.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-17T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0865",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/338641",
"name" : "20030923 mpg123[v0.59r,v0.59s]: remote client-side heap corruption exploit.",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/8680",
"name" : "8680",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.debian.org/security/2004/dsa-435",
"name" : "DSA-435",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-002.0/CSSA-2004-002.0.txt",
"name" : "CSSA-2004-002.0",
"refsource" : "SCO",
"tags" : [ ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000781",
"name" : "CLA-2003:781",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106493686331198&w=2",
"name" : "20030930 GLSA: mpg123 (200309-17)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Heap-based buffer overflow in readstring of httpget.c for mpg123 0.59r and 0.59s allows remote attackers to execute arbitrary code via a long request."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mpg123:mpg123:0.59r:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mpg123:mpg123:0.59s:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-17T05:00Z",
"lastModifiedDate" : "2016-10-18T02:38Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0866",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=215506",
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=215506",
"refsource" : "CONFIRM",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-395",
"name" : "DSA-395",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/8824",
"name" : "8824",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://tomcat.apache.org/security-4.html",
"name" : "http://tomcat.apache.org/security-4.html",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1",
"name" : "239312",
"refsource" : "SUNALERT",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/30908",
"name" : "30908",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/30899",
"name" : "30899",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://www.vupen.com/english/advisories/2008/1979/references",
"name" : "ADV-2008-1979",
"refsource" : "VUPEN",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13429",
"name" : "tomcat-non-http-dos(13429)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E",
"name" : "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E",
"name" : "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E",
"name" : "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/",
"refsource" : "MLIST",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:tomcat:4.0.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:tomcat:4.0.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:tomcat:4.0.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:tomcat:4.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:tomcat:4.0.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:tomcat:4.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:tomcat:4.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-17T05:00Z",
"lastModifiedDate" : "2019-03-25T11:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0867",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ ]
} ]
},
"references" : {
"reference_data" : [ ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2003-0662. Reason: This candidate is a duplicate of CVE-2003-0662. Notes: All CVE users should reference CVE-2003-0662 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ ]
},
"impact" : { },
"publishedDate" : "2003-11-17T05:00Z",
"lastModifiedDate" : "2008-09-10T19:20Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0868",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ ]
} ]
},
"references" : {
"reference_data" : [ ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ ]
},
"impact" : { },
"publishedDate" : "2017-05-11T14:29Z",
"lastModifiedDate" : "2017-05-11T14:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0869",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ ]
} ]
},
"references" : {
"reference_data" : [ ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ ]
},
"impact" : { },
"publishedDate" : "2017-05-11T14:29Z",
"lastModifiedDate" : "2017-05-11T14:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0870",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.atstake.com/research/advisories/2003/a102003-1.txt",
"name" : "A102003-1",
"refsource" : "ATSTAKE",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/8853",
"name" : "8853",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0016.html",
"name" : "20031020 Opera HREF escaped server name overflow",
"refsource" : "VULNWATCH",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13458",
"name" : "opera-escape-heap-overflow(13458)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Heap-based buffer overflow in Opera 7.11 and 7.20 allows remote attackers to execute arbitrary code via an HREF with a large number of escaped characters in the server name."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:7.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:7.20:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-17T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0871",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/8922",
"name" : "8922",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://lists.apple.com/mhonarc/security-announce/msg00039.html",
"name" : "APPLE-SA-2003-10-28",
"refsource" : "APPLE",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unknown vulnerability in QuickTime Java in Mac OS X v10.3 and Mac OS X Server 10.3 allows attackers to gain \"unauthorized access to a system.\""
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-03T05:00Z",
"lastModifiedDate" : "2008-09-10T19:20Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0872",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.27/CSSA-2003-SCO.27.txt",
"name" : "CSSA-2003-SCO.27",
"refsource" : "SCO",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/8864",
"name" : "8864",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Certain scripts in OpenServer before 5.0.6 allow local users to overwrite files and conduct other unauthorized activities via a symlink attack on temporary files."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sco:openserver:5.0.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 2.1
},
"severity" : "LOW",
"exploitabilityScore" : 3.9,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-17T05:00Z",
"lastModifiedDate" : "2008-09-05T20:35Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0873",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ ]
} ]
},
"references" : {
"reference_data" : [ ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ ]
},
"impact" : { },
"publishedDate" : "2017-05-11T14:29Z",
"lastModifiedDate" : "2017-05-11T14:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0874",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/8856",
"name" : "8856",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securiteam.com/unixfocus/6R0052K8KM.html",
"name" : "http://www.securiteam.com/unixfocus/6R0052K8KM.html",
"refsource" : "MISC",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0017.html",
"name" : "20031020 Multiple SQL Injection Vulnerabilities in DeskPRO",
"refsource" : "VULNWATCH",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106667525623311&w=2",
"name" : "20031020 Multiple SQL Injection Vulnerabilities in DeskPRO",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13391",
"name" : "deskpro-multiple-sql-injection(13391)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple SQL injection vulnerabilities in DeskPRO 1.1.0 and earlier allow remote attackers to insert arbitrary SQL and conduct unauthorized activities via (1) the cat parameter in faq.php, (2) the article parameter in faq.php, (3) the tickedid parameter in view.php, and (4) the Password entry on the logon screen."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:deskpro:deskpro:1.1_.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-17T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0875",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000723",
"name" : "CLA-2003:723",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106123103606336&w=2",
"name" : "20030818 OpenSLP initscript symlink vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Symbolic link vulnerability in the slpd script slpd.all_init for OpenSLP before 1.0.11 allows local users to overwrite arbitrary files via the route.check temporary file."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openslp:openslp:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "1.0.11",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 2.1
},
"severity" : "LOW",
"exploitabilityScore" : 3.9,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-17T05:00Z",
"lastModifiedDate" : "2016-10-18T02:38Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0876",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/8916",
"name" : "8916",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/8917",
"name" : "8917",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.atstake.com/research/advisories/2003/a102803-1.txt",
"name" : "A102803-1",
"refsource" : "ATSTAKE",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13537",
"name" : "macos-insecure-file-permissions(13537)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Finder in Mac OS X 10.2.8 and earlier sets global read/write/execute permissions on directories when they are dragged (copied) from a mounted volume such as a disk image (DMG), which could cause the directories to have less restrictive permissions than intended."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.1.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.1.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.1.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.0.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 2.1
},
"severity" : "LOW",
"exploitabilityScore" : 3.9,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-03T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0877",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.atstake.com/research/advisories/2003/a102803-1.txt",
"name" : "A102803-1",
"refsource" : "ATSTAKE",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/8914",
"name" : "8914",
"refsource" : "BID",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/8917",
"name" : "8917",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13542",
"name" : "macos-core-files-symlink(13542)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Mac OS X before 10.3 with core files enabled allows local users to overwrite arbitrary files and read core files via a symlink attack on core files that are created with predictable names in the /cores directory."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.0.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.1.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.1.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.1.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-03T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0878",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://docs.info.apple.com/article.html?artnum=61798",
"name" : "http://docs.info.apple.com/article.html?artnum=61798",
"refsource" : "CONFIRM",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://lists.apple.com/mhonarc/security-announce/msg00038.html",
"name" : "http://lists.apple.com/mhonarc/security-announce/msg00038.html",
"refsource" : "CONFIRM",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "slpd daemon in Mac OS X before 10.3 allows local users to overwrite arbitrary files via a symlink attack on a temporary file, a different vulnerability than CVE-2003-0875."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "10.3",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 2.1
},
"severity" : "LOW",
"exploitabilityScore" : 3.9,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-03T05:00Z",
"lastModifiedDate" : "2008-09-05T20:35Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0879",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ ]
} ]
},
"references" : {
"reference_data" : [ ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2003-0518. Reason: This candidate is a reservation duplicate of CVE-2003-0518. Notes: All CVE users should reference CVE-2003-0518 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ ]
},
"impact" : { },
"publishedDate" : "2003-11-17T05:00Z",
"lastModifiedDate" : "2008-09-10T19:20Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0880",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://docs.info.apple.com/article.html?artnum=61798",
"name" : "http://docs.info.apple.com/article.html?artnum=61798",
"refsource" : "CONFIRM",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://lists.apple.com/mhonarc/security-announce/msg00038.html",
"name" : "http://lists.apple.com/mhonarc/security-announce/msg00038.html",
"refsource" : "CONFIRM",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unknown vulnerability in Mac OS X before 10.3 allows local users to access Dock functions from behind Screen Effects when Full Keyboard Access is enabled using the Keyboard pane in System Preferences."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "10.3",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-03T05:00Z",
"lastModifiedDate" : "2008-09-05T20:35Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0881",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://docs.info.apple.com/article.html?artnum=61798",
"name" : "http://docs.info.apple.com/article.html?artnum=61798",
"refsource" : "CONFIRM",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://lists.apple.com/mhonarc/security-announce/msg00038.html",
"name" : "http://lists.apple.com/mhonarc/security-announce/msg00038.html",
"refsource" : "CONFIRM",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Mail in Mac OS X before 10.3, when configured to use MD5 Challenge Response, uses plaintext authentication if the CRAM-MD5 hashed login fails, which could allow remote attackers to gain privileges by sniffing the password."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "10.3",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-03T05:00Z",
"lastModifiedDate" : "2008-09-05T20:35Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0882",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://docs.info.apple.com/article.html?artnum=61798",
"name" : "http://docs.info.apple.com/article.html?artnum=61798",
"refsource" : "CONFIRM",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://lists.apple.com/mhonarc/security-announce/msg00038.html",
"name" : "http://lists.apple.com/mhonarc/security-announce/msg00038.html",
"refsource" : "CONFIRM",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Mac OS X before 10.3 initializes the TCP timestamp with a constant number, which allows remote attackers to determine the system's uptime via the ID field in a TCP packet."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "10.3",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-03T05:00Z",
"lastModifiedDate" : "2008-09-05T20:35Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0883",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://docs.info.apple.com/article.html?artnum=61798",
"name" : "http://docs.info.apple.com/article.html?artnum=61798",
"refsource" : "CONFIRM",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://lists.apple.com/mhonarc/security-announce/msg00038.html",
"name" : "http://lists.apple.com/mhonarc/security-announce/msg00038.html",
"refsource" : "CONFIRM",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The System Preferences capability in Mac OS X before 10.3 allows local users to access secure Preference Panes for a short period after an administrator has authenticated to the system."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-03T05:00Z",
"lastModifiedDate" : "2008-09-05T20:35Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0885",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://bugs.gentoo.org/show_bug.cgi?id=41253",
"name" : "http://bugs.gentoo.org/show_bug.cgi?id=41253",
"refsource" : "CONFIRM",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=182286",
"name" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=182286",
"refsource" : "CONFIRM",
"tags" : [ "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Xscreensaver 4.14 contains certain debugging code that should have been omitted, which causes Xscreensaver to create temporary files insecurely in the (1) apple2, (2) xanalogtv, and (3) pong screensavers, and allows local users to overwrite arbitrary files via a symlink attack."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xscreensaver:xscreensaver:4.14:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 6.4
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 4.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:35Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0886",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-401",
"name" : "DSA-401",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.novell.com/linux/security/advisories/2003_045_hylafax.html",
"name" : "SuSE-SA:2003:045",
"refsource" : "SUSE",
"tags" : [ ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000783",
"name" : "CLA-2003:783",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:105",
"name" : "MDKSA-2003:105",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106858898708752&w=2",
"name" : "20031111 HylaFAX - Format String Vulnerability Fixed",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Format string vulnerability in hfaxd for Hylafax 4.1.7 and earlier allows remote attackers to execute arbitrary code."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hylafax:hylafax:4.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hylafax:hylafax:4.1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hylafax:hylafax:4.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hylafax:hylafax:4.1.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hylafax:hylafax:4.1.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hylafax:hylafax:4.1.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hylafax:hylafax:4.1.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-01T05:00Z",
"lastModifiedDate" : "2016-10-18T02:38Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0887",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://cvs.mandriva.com/cgi-bin/viewcvs.cgi/SPECS/ez-ipupdate/ez-ipupdate.spec?rev=1.6",
"name" : "http://cvs.mandriva.com/cgi-bin/viewcvs.cgi/SPECS/ez-ipupdate/ez-ipupdate.spec?rev=1.6",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://cvs.mandriva.com/cgi-bin/viewcvs.cgi/SPECS/ez-ipupdate/ez-ipupdate.spec?r1=1.4&r2=1.5",
"name" : "http://cvs.mandriva.com/cgi-bin/viewcvs.cgi/SPECS/ez-ipupdate/ez-ipupdate.spec?r1=1.4&r2=1.5",
"refsource" : "CONFIRM",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "ez-ipupdate 3.0.11b7 and earlier creates insecure temporary cache files, which allows local users to conduct unauthorized operations via a symlink attack on the ez-ipupdate.cache file."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:angus_mackay:ez-ipupdate:3.0.11b5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:angus_mackay:ez-ipupdate:3.0.11b7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 2.1
},
"severity" : "LOW",
"exploitabilityScore" : 3.9,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:35Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0894",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://otn.oracle.com/deploy/security/pdf/2003alert59.pdf",
"name" : "http://otn.oracle.com/deploy/security/pdf/2003alert59.pdf",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/496340",
"name" : "VU#496340",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://securitytracker.com/id?1007956",
"name" : "1007956",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/8844",
"name" : "8844",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/8845",
"name" : "8845",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13451",
"name" : "oracle-oracleo-binaries-bo(13451)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in the (1) oracle and (2) oracleO programs in Oracle 9i Database 9.0.x and 9.2.x before 9.2.0.4 allows local users to execute arbitrary code via a long command line argument."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:standard_9.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:standard_9.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:personal_9.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:standard_9.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-17T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0895",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/8913",
"name" : "8913",
"refsource" : "BID",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://lists.apple.com/mhonarc/security-announce/msg00038.html",
"name" : "http://lists.apple.com/mhonarc/security-announce/msg00038.html",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.atstake.com/research/advisories/2003/a102803-3.txt",
"name" : "A102803-3",
"refsource" : "ATSTAKE",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13541",
"name" : "macos-long-command-bo(13541)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in the Mac OS X kernel 10.2.8 and earlier allows local users, and possibly remote attackers, to cause a denial of service (crash), access portions of memory, and possibly execute arbitrary code via a long command line argument (argv[])."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-03T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0896",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57221",
"name" : "57221",
"refsource" : "SUNALERT",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/advisories/6028",
"name" : "HPSBUX0311-295",
"refsource" : "HP",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/8879",
"name" : "8879",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/342580",
"name" : "20031027 Re: [LSD] Security vulnerability in SUN's Java Virtual Machine implementation",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/342583",
"name" : "20031027 Re: [LSD] Security vulnerability in SUN's Java Virtual Machineimplementation",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200356-1",
"name" : "200356",
"refsource" : "SUNALERT",
"tags" : [ ]
}, {
"url" : "http://lsd-pl.net/code/JVM/jre.tar.gz",
"name" : "http://lsd-pl.net/code/JVM/jre.tar.gz",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106692334503819&w=2",
"name" : "20021023 [LSD] Security vulnerability in SUN's Java Virtual Machine implementation",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The loadClass method of the sun.applet.AppletClassLoader class in the Java Virtual Machine (JVM) in Sun SDK and JRE 1.4.1_03 and earlier allows remote attackers to bypass sandbox restrictions and execute arbitrary code via a loaded class name that contains \"/\" (slash) instead of \".\" (dot) characters, which bypasses a call to the Security Manager's checkPackageAccess method."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jre:*:update3:*:*:*:*:*:*",
"versionEndIncluding" : "1.4.1",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-17T05:00Z",
"lastModifiedDate" : "2016-10-18T02:38Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0897",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=106692772510010&w=2",
"name" : "20031023 Shatter XP",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13558",
"name" : "winxp-commctl32-code-execution(13558)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "\"Shatter\" vulnerability in CommCtl32.dll in Windows XP may allow local users to execute arbitrary code by sending (1) BCM_GETTEXTMARGIN or (2) BCM_SETTEXTMARGIN button control messages to privileged applications."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:gold:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-17T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0898",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2aixv7/FP10a_U495172/FixpakReadme.txt",
"name" : "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/db2aixv7/FP10a_U495172/FixpakReadme.txt",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106010332721672&w=2",
"name" : "20030805 Local Vulnerability in IBM DB2 7.1 db2job binary",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "IBM DB2 7.2 before FixPak 10a, and earlier versions including 7.1, allows local users to overwrite arbitrary files and gain privileges via a symlink attack on (1) db2job and (2) db2job2."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:db2_universal_database:*:*:linux:*:*:*:*:*",
"versionEndIncluding" : "8.0",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:db2_universal_database:7.1:*:linux:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-17T05:00Z",
"lastModifiedDate" : "2016-10-18T02:38Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0899",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-119"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/8906",
"name" : "8906",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch" ]
}, {
"url" : "http://www.texonet.com/advisories/TEXONET-20030908.txt",
"name" : "http://www.texonet.com/advisories/TEXONET-20030908.txt",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/2729",
"name" : "2729",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10092",
"name" : "10092",
"refsource" : "SECUNIA",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106729188224252&w=2",
"name" : "20031027 Remote overflow in thttpd",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://www.debian.org/security/2003/dsa-396",
"name" : "DSA-396",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13530",
"name" : "thttpd-defang-bo(13530)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 allows remote attackers to execute arbitrary code via requests that contain '<' or '>' characters, which trigger the overflow when the characters are expanded to \"&lt;\" and \"&gt;\" sequences."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:acme_labs:thttpd:2.21:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:acme_labs:thttpd:2.21b:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:acme_labs:thttpd:2.22:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:acme_labs:thttpd:2.23b1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-03T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0900",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "https://bugzilla.redhat.com/bugzilla/long_list.cgi?buglist=108711",
"name" : "https://bugzilla.redhat.com/bugzilla/long_list.cgi?buglist=108711",
"refsource" : "CONFIRM",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Perl 5.8.1 on Fedora Core does not properly initialize the random number generator when forking, which makes it easier for attackers to predict random numbers."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:larry_wall:perl:5.8.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:35Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0901",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/8741",
"name" : "8741",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://developer.postgresql.org/cvsweb.cgi/pgsql-server/src/backend/utils/adt/ascii.c",
"name" : "http://developer.postgresql.org/cvsweb.cgi/pgsql-server/src/backend/utils/adt/ascii.c",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-397",
"name" : "DSA-397",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-313.html",
"name" : "RHSA-2003:313",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-314.html",
"name" : "RHSA-2003:314",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000772",
"name" : "CLSA-2003:772",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000784",
"name" : "CLA-2003:784",
"refsource" : "CONECTIVA",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in to_ascii for PostgreSQL 7.2.x, and 7.3.x before 7.3.4, allows remote attackers to execute arbitrary code."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:postgresql:postgresql:7.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:postgresql:postgresql:7.3.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:postgresql:postgresql:7.3.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:postgresql:postgresql:7.2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:postgresql:postgresql:7.2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:postgresql:postgresql:7.2.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:postgresql:postgresql:7.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:postgresql:postgresql:7.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:postgresql:postgresql:7.3.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-03T05:00Z",
"lastModifiedDate" : "2008-09-05T20:35Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0902",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-402",
"name" : "DSA-402",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unknown vulnerability in minimalist mailing list manager 2.4, 2.2, and possibly other versions, allows remote attackers to execute arbitrary commands."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:minimalist:minimalist:2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:minimalist:minimalist:2.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-02-03T05:00Z",
"lastModifiedDate" : "2008-09-10T19:20Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0903",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-119"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/9407",
"name" : "9407",
"refsource" : "BID",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/139150",
"name" : "VU#139150",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://www.osvdb.org/3457",
"name" : "3457",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A775",
"name" : "oval:org.mitre.oval:def:775",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A751",
"name" : "oval:org.mitre.oval:def:751",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A553",
"name" : "oval:org.mitre.oval:def:553",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A525",
"name" : "oval:org.mitre.oval:def:525",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14187",
"name" : "mdac-broadcastrequest-bo(14187)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-003",
"name" : "MS04-003",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in a component of Microsoft Data Access Components (MDAC) 2.5 through 2.8 allows remote attackers to execute arbitrary code via a malformed UDP response to a broadcast request."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:data_access_components:2.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:data_access_components:2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:data_access_components:2.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:data_access_components:2.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-02-17T05:00Z",
"lastModifiedDate" : "2018-10-12T21:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0904",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-200"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0311&L=ntbugtraq&F=P&S=&P=9281",
"name" : "20031114 Exchange 2003 OWA major security flaw",
"refsource" : "NTBUGTRAQ",
"tags" : [ "Third Party Advisory" ]
}, {
"url" : "http://www.microsoft.com/exchange/support/e2k3owa.asp",
"name" : "http://www.microsoft.com/exchange/support/e2k3owa.asp",
"refsource" : "CONFIRM",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/9118",
"name" : "9118",
"refsource" : "BID",
"tags" : [ "Third Party Advisory", "VDB Entry" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/530660",
"name" : "VU#530660",
"refsource" : "CERT-VN",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://secunia.com/advisories/10615",
"name" : "10615",
"refsource" : "SECUNIA",
"tags" : [ "Third Party Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/9409",
"name" : "9409",
"refsource" : "BID",
"tags" : [ "Third Party Advisory", "VDB Entry" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13869",
"name" : "exchange-owa-account-access(13869)",
"refsource" : "XF",
"tags" : [ "Third Party Advisory", "VDB Entry" ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A477",
"name" : "oval:org.mitre.oval:def:477",
"refsource" : "OVAL",
"tags" : [ "Third Party Advisory" ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-002",
"name" : "MS04-002",
"refsource" : "MS",
"tags" : [ "Patch", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. when SharePoint Services 2.0 is installed."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:exchange_server:2003:-:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:sharepoint_services:2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:enterprise:*:x64:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2003:-:*:*:*:datacenter:*:x64:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2003:-:*:*:*:standard:*:x64:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2003:-:*:*:*:web:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_server_2003:r2:*:*:*:*:*:x64:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "SINGLE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 6.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 6.8,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-01-20T05:00Z",
"lastModifiedDate" : "2020-04-09T13:49Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0905",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/9825",
"name" : "9825",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/982630",
"name" : "VU#982630",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A842",
"name" : "oval:org.mitre.oval:def:842",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15038",
"name" : "win-media-services-dos(15038)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-008",
"name" : "MS04-008",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unknown vulnerability in Windows Media Station Service and Windows Media Monitor Service components of Windows Media Services 4.1 allows remote attackers to cause a denial of service (disallowing new connections) via a certain sequence of TCP/IP packets."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:windows_media_services:4.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-04-15T04:00Z",
"lastModifiedDate" : "2018-10-12T21:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0906",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.us-cert.gov/cas/techalerts/TA04-104A.html",
"name" : "TA04-104A",
"refsource" : "CERT",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/547028",
"name" : "VU#547028",
"refsource" : "CERT-VN",
"tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.securityfocus.com/bid/10120",
"name" : "10120",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A959",
"name" : "oval:org.mitre.oval:def:959",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A897",
"name" : "oval:org.mitre.oval:def:897",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1064",
"name" : "oval:org.mitre.oval:def:1064",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-011",
"name" : "MS04-011",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1 allows remote attackers to execute arbitrary code via a malformed WMF or EMF image."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:fr:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:sp6a:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "HIGH",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.6
},
"severity" : "HIGH",
"exploitabilityScore" : 4.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : true
}
},
"publishedDate" : "2004-06-01T04:00Z",
"lastModifiedDate" : "2018-10-12T21:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0907",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.us-cert.gov/cas/techalerts/TA04-104A.html",
"name" : "TA04-104A",
"refsource" : "CERT",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/260588",
"name" : "VU#260588",
"refsource" : "CERT-VN",
"tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/020065.html",
"name" : "20040413 Microsoft Help and Support Center argument injection vulnerability",
"refsource" : "FULLDISC",
"tags" : [ ]
}, {
"url" : "http://www.ciac.org/ciac/bulletins/o-114.shtml",
"name" : "O-114",
"refsource" : "CIAC",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/10119",
"name" : "10119",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.idefense.com/application/poi/display?id=100&type=vulnerabilities",
"name" : "http://www.idefense.com/application/poi/display?id=100&type=vulnerabilities",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=108196864221676&w=2",
"name" : "20040413 [Full-Disclosure] iDEFENSE Security Advisory 04.13.04 - Microsoft Help and Support",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15704",
"name" : "win-hcpurl-code-execution(15704)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A904",
"name" : "oval:org.mitre.oval:def:904",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1000",
"name" : "oval:org.mitre.oval:def:1000",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-011",
"name" : "MS04-011",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Help and Support Center in Microsoft Windows XP SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code via quotation marks in an hcp:// URL, which are not quoted when constructing the argument list to HelpCtr.exe."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "HIGH",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.1
},
"severity" : "MEDIUM",
"exploitabilityScore" : 4.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : true
}
},
"publishedDate" : "2004-06-01T04:00Z",
"lastModifiedDate" : "2018-10-12T21:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0908",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.us-cert.gov/cas/techalerts/TA04-104A.html",
"name" : "TA04-104A",
"refsource" : "CERT",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/526084",
"name" : "VU#526084",
"refsource" : "CERT-VN",
"tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.appsecinc.com/resources/alerts/general/04-0001.html",
"name" : "http://www.appsecinc.com/resources/alerts/general/04-0001.html",
"refsource" : "MISC",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0082.html",
"name" : "20040414 [SHATTER Team Security Alert] Microsoft Windows Utility Manager Vulnerability",
"refsource" : "VULNWATCH",
"tags" : [ ]
}, {
"url" : "http://www.ciac.org/ciac/bulletins/o-114.shtml",
"name" : "O-114",
"refsource" : "CIAC",
"tags" : [ ]
}, {
"url" : "http://www.securiteam.com/windowsntfocus/5LP0C2ACKU.html",
"name" : "http://www.securiteam.com/windowsntfocus/5LP0C2ACKU.html",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/10124",
"name" : "10124",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15632",
"name" : "win2k-utilitymgr-gain-privileges(15632)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1046",
"name" : "oval:org.mitre.oval:def:1046",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-011",
"name" : "MS04-011",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe with system privileges, which allows local users to execute arbitrary code via a \"Shatter\" style attack using a Windows message that accesses the context sensitive help button in the GUI, as demonstrated using the File Open dialog in the Help window, a different vulnerability than CVE-2004-0213."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-06-01T04:00Z",
"lastModifiedDate" : "2018-10-12T21:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0909",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.us-cert.gov/cas/techalerts/TA04-104A.html",
"name" : "TA04-104A",
"refsource" : "CERT",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/206468",
"name" : "VU#206468",
"refsource" : "CERT-VN",
"tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.ciac.org/ciac/bulletins/o-114.shtml",
"name" : "O-114",
"refsource" : "CIAC",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/10125",
"name" : "10125",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15678",
"name" : "winxp-task-gain-privileges(15678)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1004",
"name" : "oval:org.mitre.oval:def:1004",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-011",
"name" : "MS04-011",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Windows XP allows local users to execute arbitrary programs by creating a task at an elevated privilege level through the eventtriggers.exe command-line tool or the Task Scheduler service, aka \"Windows Management Vulnerability.\""
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:gold:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-06-01T04:00Z",
"lastModifiedDate" : "2018-10-12T21:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0910",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.eeye.com/html/Research/Advisories/AD20040413D.html",
"name" : "AD20040413D",
"refsource" : "EEYE",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.us-cert.gov/cas/techalerts/TA04-104A.html",
"name" : "TA04-104A",
"refsource" : "CERT",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/122076",
"name" : "VU#122076",
"refsource" : "CERT-VN",
"tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/020068.html",
"name" : "20040413 EEYE: Windows Expand-Down Data Segment Local Privilege Escalation",
"refsource" : "FULLDISC",
"tags" : [ ]
}, {
"url" : "http://www.ciac.org/ciac/bulletins/o-114.shtml",
"name" : "O-114",
"refsource" : "CIAC",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/10122",
"name" : "10122",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15707",
"name" : "win-ldt-gain-privileges(15707)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A911",
"name" : "oval:org.mitre.oval:def:911",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A890",
"name" : "oval:org.mitre.oval:def:890",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-011",
"name" : "MS04-011",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The NtSetLdtEntries function in the programming interface for the Local Descriptor Table (LDT) in Windows NT 4.0 and Windows 2000 allows local attackers to gain access to kernel memory and execute arbitrary code via an expand-down data segment descriptor descriptor that points to protected memory."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-06-01T04:00Z",
"lastModifiedDate" : "2018-10-12T21:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0913",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://docs.info.apple.com/article.html?artnum=61798",
"name" : "http://docs.info.apple.com/article.html?artnum=61798",
"refsource" : "CONFIRM",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/8979",
"name" : "8979",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://docs.info.apple.com/article.html?artnum=120269",
"name" : "http://docs.info.apple.com/article.html?artnum=120269",
"refsource" : "CONFIRM",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://lists.apple.com/mhonarc/security-announce/msg00040.html",
"name" : "http://lists.apple.com/mhonarc/security-announce/msg00040.html",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13620",
"name" : "macos-terminal-gain-access(13620)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unknown vulnerability in the Terminal application for Mac OS X 10.3 (Client and Server) may allow \"unauthorized access.\""
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-01T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0914",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.kb.cert.org/vuls/id/734644",
"name" : "VU#734644",
"refsource" : "CERT-VN",
"tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.debian.org/security/2004/dsa-409",
"name" : "DSA-409",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57434",
"name" : "57434",
"refsource" : "SUNALERT",
"tags" : [ ]
}, {
"url" : "http://www.trustix.org/errata/misc/2003/TSL-2003-0044-bind.asc.txt",
"name" : "2003-0044",
"refsource" : "TRUSTIX",
"tags" : [ ]
}, {
"url" : "ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.33/CSSA-2003-SCO.33.txt",
"name" : "CSSA-2003-SCO.33",
"refsource" : "SCO",
"tags" : [ ]
}, {
"url" : "ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-003.0/CSSA-2004-003.0.txt",
"name" : "CSSA-2004-003.0",
"refsource" : "SCO",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10542",
"name" : "10542",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2011",
"name" : "oval:org.mitre.oval:def:2011",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote attackers to poison the cache via a malicious name server that returns negative responses with a large TTL (time-to-live) value."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:isc:bind:8.2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:isc:bind:8.3.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:isc:bind:8.3.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:nixu:namesurfer:suite_3.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:isc:bind:8.2.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:isc:bind:8.2.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:isc:bind:8.3.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:isc:bind:8.3.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:isc:bind:8.3.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:isc:bind:8.3.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:isc:bind:8.4.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:isc:bind:8.2.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:isc:bind:8.2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:nixu:namesurfer:standard_3.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:isc:bind:8.3.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:isc:bind:8.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1_pk3_bl17:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1a_pk3_bl3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1a_pk4_bl21:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.6.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.6.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:4.0f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1_pk4_bl18:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:current:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:4.0f_pk6_bl17:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:4.0g:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:4.0g_pk3_bl17:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:4.0f_pk8_bl22:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1_pk5_bl19:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sco:unixware:7.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:4.0g_pk4_bl22:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1a_pk5_bl23:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1b:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1a_pk2_bl2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:ibm:aix:5.1l:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:4.0f_pk7_bl18:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1a_pk1_bl1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1b_pk1_bl1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1_pk6_bl20:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1b_pk2_bl22:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:compaq:tru64:5.1a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : true
}
},
"publishedDate" : "2003-12-15T05:00Z",
"lastModifiedDate" : "2018-10-30T16:26Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0917",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ ]
} ]
},
"references" : {
"reference_data" : [ ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ ]
},
"impact" : { },
"publishedDate" : "2017-05-11T14:29Z",
"lastModifiedDate" : "2017-05-11T14:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0918",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ ]
} ]
},
"references" : {
"reference_data" : [ ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ ]
},
"impact" : { },
"publishedDate" : "2017-05-11T14:29Z",
"lastModifiedDate" : "2017-05-11T14:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0919",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ ]
} ]
},
"references" : {
"reference_data" : [ ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ ]
},
"impact" : { },
"publishedDate" : "2017-05-11T14:29Z",
"lastModifiedDate" : "2017-05-11T14:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0920",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ ]
} ]
},
"references" : {
"reference_data" : [ ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ ]
},
"impact" : { },
"publishedDate" : "2017-05-11T14:29Z",
"lastModifiedDate" : "2017-05-11T14:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0921",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ ]
} ]
},
"references" : {
"reference_data" : [ ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ ]
},
"impact" : { },
"publishedDate" : "2017-05-11T14:29Z",
"lastModifiedDate" : "2017-05-11T14:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0922",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ ]
} ]
},
"references" : {
"reference_data" : [ ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ ]
},
"impact" : { },
"publishedDate" : "2017-05-11T14:29Z",
"lastModifiedDate" : "2017-05-11T14:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0923",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ ]
} ]
},
"references" : {
"reference_data" : [ ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ ]
},
"impact" : { },
"publishedDate" : "2017-05-11T14:29Z",
"lastModifiedDate" : "2017-05-11T14:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0924",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2004/dsa-426",
"name" : "DSA-426",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/9442",
"name" : "9442",
"refsource" : "BID",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/487102",
"name" : "VU#487102",
"refsource" : "CERT-VN",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2004-030.html",
"name" : "RHSA-2004:030",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200410-02.xml",
"name" : "GLSA-200410-02",
"refsource" : "GENTOO",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2004-031.html",
"name" : "RHSA-2004:031",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc",
"name" : "20040201-01-U",
"refsource" : "SGI",
"tags" : [ ]
}, {
"url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:011",
"name" : "MDKSA-2004:011",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A810",
"name" : "oval:org.mitre.oval:def:810",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A804",
"name" : "oval:org.mitre.oval:def:804",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14874",
"name" : "netpbm-temp-insecure-file(14874)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "netpbm 9.25 and earlier does not properly create temporary files, which allows local users to overwrite arbitrary files."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:netpbm:netpbm:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "9.25",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:H/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "HIGH",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 3.7
},
"severity" : "LOW",
"exploitabilityScore" : 1.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-02-17T05:00Z",
"lastModifiedDate" : "2017-10-10T01:30Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0925",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.ethereal.com/appnotes/enpa-sa-00011.html",
"name" : "http://www.ethereal.com/appnotes/enpa-sa-00011.html",
"refsource" : "CONFIRM",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/8951",
"name" : "8951",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-323.html",
"name" : "RHSA-2003:323",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-407",
"name" : "DSA-407",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-324.html",
"name" : "RHSA-2003:324",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.turbolinux.com/security/TLSA-2003-64.txt",
"name" : "TLSA-2003-64",
"refsource" : "TURBO",
"tags" : [ ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000780",
"name" : "CLA-2003:780",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:114",
"name" : "MDKSA-2003:114",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10531",
"name" : "10531",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9692",
"name" : "oval:org.mitre.oval:def:9692",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in Ethereal 0.9.15 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed GTP MSISDN string."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.12:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.13:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.14:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.15:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-01T05:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0926",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.ethereal.com/appnotes/enpa-sa-00011.html",
"name" : "http://www.ethereal.com/appnotes/enpa-sa-00011.html",
"refsource" : "CONFIRM",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/8951",
"name" : "8951",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-324.html",
"name" : "RHSA-2003:324",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000780",
"name" : "CLA-2003:780",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-407",
"name" : "DSA-407",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-323.html",
"name" : "RHSA-2003:323",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.turbolinux.com/security/TLSA-2003-64.txt",
"name" : "TLSA-2003-64",
"refsource" : "TURBO",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:114",
"name" : "MDKSA-2003:114",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10531",
"name" : "10531",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11648",
"name" : "oval:org.mitre.oval:def:11648",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Ethereal 0.9.15 and earlier, and Tethereal, allows remote attackers to cause a denial of service (crash) via certain malformed (1) ISAKMP or (2) MEGACO packets."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.12:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.13:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.14:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.15:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-01T05:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0927",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.ethereal.com/appnotes/enpa-sa-00011.html",
"name" : "http://www.ethereal.com/appnotes/enpa-sa-00011.html",
"refsource" : "CONFIRM",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/8951",
"name" : "8951",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-323.html",
"name" : "RHSA-2003:323",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000780",
"name" : "CLA-2003:780",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-407",
"name" : "DSA-407",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-324.html",
"name" : "RHSA-2003:324",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.turbolinux.com/security/TLSA-2003-64.txt",
"name" : "TLSA-2003-64",
"refsource" : "TURBO",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:114",
"name" : "MDKSA-2003:114",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10531",
"name" : "10531",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13578",
"name" : "ethereal-socks-heap-overflow(13578)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9691",
"name" : "oval:org.mitre.oval:def:9691",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Heap-based buffer overflow in Ethereal 0.9.15 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the SOCKS dissector."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.12:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.13:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.14:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.15:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-01T05:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0928",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.corsaire.com/advisories/c030807-001.txt",
"name" : "http://www.corsaire.com/advisories/c030807-001.txt",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=109241692108678&w=2",
"name" : "20040813 Corsaire Security Advisory - Clearswift MAILsweeper multiple encoding/compression issues",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Clearswift MAILsweeper before 4.3.15 does not properly detect and filter RAR 3.20 encoded files, which allows remote attackers to bypass intended policy."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "4.3.15",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-09-28T04:00Z",
"lastModifiedDate" : "2016-10-18T02:38Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0929",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.corsaire.com/advisories/c030807-001.txt",
"name" : "http://www.corsaire.com/advisories/c030807-001.txt",
"refsource" : "MISC",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=109241692108678&w=2",
"name" : "20040813 Corsaire Security Advisory - Clearswift MAILsweeper multiple encoding/compression issues",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Clearswift MAILsweeper before 4.3.15 does not properly detect and filter ZIP 6.0 encoded files, which allows remote attackers to bypass intended policy."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "4.3.15",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-09-28T04:00Z",
"lastModifiedDate" : "2016-10-18T02:38Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0930",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.corsaire.com/advisories/c030807-001.txt",
"name" : "http://www.corsaire.com/advisories/c030807-001.txt",
"refsource" : "MISC",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=109241692108678&w=2",
"name" : "20040813 Corsaire Security Advisory - Clearswift MAILsweeper multiple encoding/compression issues",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Clearswift MAILsweeper before 4.3.15 does not properly detect filenames in BinHex (HQX) encoded files, which allows remote attackers to bypass intended policy."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "4.3.15",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-09-28T04:00Z",
"lastModifiedDate" : "2016-10-18T02:38Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0931",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.corsaire.com/advisories/c031120-001.txt",
"name" : "http://www.corsaire.com/advisories/c031120-001.txt",
"refsource" : "MISC",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=109215951022437&w=2",
"name" : "20040810 Corsaire Security Advisory - Sygate Enforcer discovery packet DoS issue",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16949",
"name" : "sygate-enforcer-payload-dos(16949)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Sygate Enforcer 4.0 earlier allows remote attackers to cause a denial of service (service hang) by replaying a malformed discovery packet to UDP port 39999."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sygate_technologies:enforcer:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "4.0",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-09-28T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0932",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-400",
"name" : "DSA-400",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in omega-rpg 0.90 allows local users to execute arbitrary code via a long (1) command line or (2) environment variable."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:omega-rpg:omega-rpg:0.9.0_pa9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-15T05:00Z",
"lastModifiedDate" : "2008-09-10T19:20Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0933",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-398",
"name" : "DSA-398",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in conquest 7.2 and earlier may allow a local user to execute arbitrary code via a long environment variable."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:conquest:conquest:7.1.1_-6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-01T05:00Z",
"lastModifiedDate" : "2008-09-10T19:20Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0934",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.secnap.net/security/031106.html",
"name" : "http://www.secnap.net/security/031106.html",
"refsource" : "MISC",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106850011513880&w=2",
"name" : "20031110 Symbol Technologies Default WEP KEYS Vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Symbol Access Portable Data Terminal (PDT) 8100 does not hide the default WEP keys if they are not changed, which could allow attackers to retrieve the keys and gain access to the wireless network."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:symbol_technologies:pdt:8100:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-01T05:00Z",
"lastModifiedDate" : "2016-10-18T02:38Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0935",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://sourceforge.net/forum/forum.php?forum_id=308015",
"name" : "http://sourceforge.net/forum/forum.php?forum_id=308015",
"refsource" : "CONFIRM",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-335.html",
"name" : "RHSA-2003:335",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2004-023.html",
"name" : "RHSA-2004:023",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000778",
"name" : "CLA-2003:778",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9802",
"name" : "oval:org.mitre.oval:def:9802",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A869",
"name" : "oval:org.mitre.oval:def:869",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Net-SNMP before 5.0.9 allows a user or community to access data in MIB objects, even if that data is not allowed to be viewed."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:net-snmp:net-snmp:5.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:net-snmp:net-snmp:5.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:net-snmp:net-snmp:5.0.4_pre2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:net-snmp:net-snmp:5.0.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:net-snmp:net-snmp:5.0.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:net-snmp:net-snmp:5.0.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:net-snmp:net-snmp:5.0.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 6.4
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 4.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-01T05:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0936",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://securityresponse.symantec.com/avcenter/security/Content/2003.11.13.html",
"name" : "http://securityresponse.symantec.com/avcenter/security/Content/2003.11.13.html",
"refsource" : "CONFIRM",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106875764826251&w=2",
"name" : "20031113 SRT2003-11-13-0218 - PCAnywhere local SYSTEM exploit",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106876107330752&w=2",
"name" : "20031113 RE: Secure Network Operations SRT2003-11-13-0218, PCAnywhere allows local users to become SYSTEM",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Symantec PCAnywhere 10.x and 11, when started as a service, allows attackers to gain SYSTEM privileges via the help interface using AWHOST32.exe."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:symantec:pcanywhere:10.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:symantec:pcanywhere:10.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:symantec:pcanywhere:11.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-15T05:00Z",
"lastModifiedDate" : "2016-10-18T02:38Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0937",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.texonet.com/advisories/TEXONET-20031024.txt",
"name" : "http://www.texonet.com/advisories/TEXONET-20031024.txt",
"refsource" : "MISC",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.32/CSSA-2003-SCO.32.txt",
"name" : "CSSA-2003-SCO.32",
"refsource" : "SCO",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106865297403687&w=2",
"name" : "20031112 Insecure handling of procfs descriptors in UnixWare can lead to local privilege escalation.",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "SCO UnixWare 7.1.1, 7.1.3, and Open UNIX 8.0.0 allows local users to bypass protections for the \"as\" address space file for a process ID (PID) by obtaining a procfs file descriptor for the file and calling execve() on a setuid or setgid program, which leaves the descriptor open to the user."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sco:unixware:7.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sco:unixware:7.1.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sco:open_unix:8.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-15T05:00Z",
"lastModifiedDate" : "2016-10-18T02:38Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0938",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.atstake.com/research/advisories/2003/a111703-1.txt",
"name" : "A111703-1",
"refsource" : "ATSTAKE",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13765",
"name" : "sapdb-NETAPI32-gain-privileges(13765)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "vos24u.c in SAP database server (SAP DB) 7.4.03.27 and earlier allows local users to gain SYSTEM privileges via a malicious \"NETAPI32.DLL\" in the current working directory, which is found and loaded by SAP DB before the real DLL, as demonstrated using the SQLAT stored procedure."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sap:sap_db:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "7.4.03.27",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-15T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0939",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.atstake.com/research/advisories/2003/a111703-1.txt",
"name" : "A111703-1",
"refsource" : "ATSTAKE",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.sapdb.org/7.4/new_relinfo.txt",
"name" : "http://www.sapdb.org/7.4/new_relinfo.txt",
"refsource" : "CONFIRM",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "eo420_GetStringFromVarPart in veo420.c for SAP database server (SAP DB) 7.4.03.27 and earlier may allow remote attackers to execute arbitrary code via a connect packet with a 256 byte segment to the niserver (aka serv.exe) process on TCP port 7269, which prevents the server from NULL terminating the string and leads to a buffer overflow."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sap:sap_db:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "7.4.03.27",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-15T05:00Z",
"lastModifiedDate" : "2008-09-05T20:35Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0940",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.atstake.com/research/advisories/2003/a111703-2.txt",
"name" : "A111703-2",
"refsource" : "ATSTAKE",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Directory traversal vulnerability in sqlfopenc for web-tools in SAP DB before 7.4.03.30 allows remote attackers to read arbitrary files via .. (dot dot) sequences in a URL."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sap:sap_db:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "7.4.03.29",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-15T05:00Z",
"lastModifiedDate" : "2008-09-05T20:35Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0941",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.atstake.com/research/advisories/2003/a111703-2.txt",
"name" : "A111703-2",
"refsource" : "ATSTAKE",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "web-tools in SAP DB before 7.4.03.30 allows remote attackers to access the Web Agent Administration pages and modify configuration via a direct request to waadmin.wa."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sap:sap_db:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "7.4.03.29",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-15T05:00Z",
"lastModifiedDate" : "2008-09-05T20:35Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0942",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.atstake.com/research/advisories/2003/a111703-2.txt",
"name" : "A111703-2",
"refsource" : "ATSTAKE",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in Web Agent Administration service in web-tools for SAP DB before 7.4.03.30 allows remote attackers to execute arbitrary code via a long Name parameter to waadmin.wa."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sap:sap_db:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "7.4.03.29",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-15T05:00Z",
"lastModifiedDate" : "2008-09-05T20:35Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0943",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.atstake.com/research/advisories/2003/a111703-2.txt",
"name" : "A111703-2",
"refsource" : "ATSTAKE",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "web-tools in SAP DB before 7.4.03.30 installs several services that are enabled by default, which could allow remote attackers to obtain potentially sensitive information or redirect attacks against internal databases via (1) waecho, (2) Web SQL Interface (websql), or (3) Web Database Manager (webdbm)."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sap:sap_db:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "7.4.03.29",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-15T05:00Z",
"lastModifiedDate" : "2008-09-05T20:35Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0944",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.atstake.com/research/advisories/2003/a111703-2.txt",
"name" : "A111703-2",
"refsource" : "ATSTAKE",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in the WAECHO default service in web-tools in SAP DB before 7.4.03.30 allows remote attackers to execute arbitrary code via a URL with a long requestURI."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sap:sap_db:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "7.4.03.29",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-15T05:00Z",
"lastModifiedDate" : "2008-09-05T20:35Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0945",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.atstake.com/research/advisories/2003/a111703-2.txt",
"name" : "A111703-2",
"refsource" : "ATSTAKE",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13774",
"name" : "sapdb-manager-sessionid-predictable(13774)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The Web Database Manager in web-tools for SAP DB before 7.4.03.30 generates predictable session IDs, which allows remote attackers to conduct unauthorized activities."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sap:sap_db:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "7.4.03.29",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-15T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0946",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://sourceforge.net/project/shownotes.php?release_id=197038",
"name" : "http://sourceforge.net/project/shownotes.php?release_id=197038",
"refsource" : "CONFIRM",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106867135830683&w=2",
"name" : "20031112 SRT2003-11-11-1151 - clamav-milter remote exploit / DoS",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Format string vulnerability in clamav-milter for Clam AntiVirus 0.60 through 0.60p, and other versions before 0.65, allows remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in the email address argument of a \"MAIL FROM\" command."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:clam_anti-virus:clamav:0.60:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:clam_anti-virus:clamav:0.60p:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-15T05:00Z",
"lastModifiedDate" : "2016-10-18T02:38Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0947",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=106867458902521&w=2",
"name" : "20031112 iwconfig vulnerability - the last code was demaged sending by email",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in iwconfig, when installed setuid, allows local users to execute arbitrary code via a long OUT environment variable."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:wireless_tools:wireless_tools:22:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:wireless_tools:wireless_tools:23:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:wireless_tools:wireless_tools:24:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:wireless_tools:wireless_tools:25:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:wireless_tools:wireless_tools:20:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:wireless_tools:wireless_tools:21:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:wireless_tools:wireless_tools:19:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:wireless_tools:wireless_tools:26:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-15T05:00Z",
"lastModifiedDate" : "2016-10-18T02:38Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0948",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securiteam.com/exploits/6Y00R1P8KY.html",
"name" : "http://www.securiteam.com/exploits/6Y00R1P8KY.html",
"refsource" : "MISC",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/8901",
"name" : "8901",
"refsource" : "BID",
"tags" : [ "Exploit", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in iwconfig allows local users to execute arbitrary code via a long HOME environment variable."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:wireless_tools:wireless_tools:20:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:wireless_tools:wireless_tools:21:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:wireless_tools:wireless_tools:22:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:wireless_tools:wireless_tools:23:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:wireless_tools:wireless_tools:24:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:wireless_tools:wireless_tools:25:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:wireless_tools:wireless_tools:19:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:wireless_tools:wireless_tools:26:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-15T05:00Z",
"lastModifiedDate" : "2008-09-05T20:35Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0949",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2003/dsa-405",
"name" : "DSA-405",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/9321",
"name" : "9321",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14098",
"name" : "xsok-command-execution(14098)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "xsok 1.02 does not properly drop privileges before finding and executing the \"gunzip\" program, which allows local users to execute arbitrary commands."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:michael_bischoff:xsok:1.02:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-02-03T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0950",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/9041",
"name" : "9041",
"refsource" : "BID",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://xforce.iss.net/xforce/alerts/id/157",
"name" : "20031112 IClient Servlet Remote Command Execution Vulnerability",
"refsource" : "ISS",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12805",
"name" : "peoplesoft-iclientservlet-file-upload(12805)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "PeopleSoft PeopleTools 8.1x, 8.2x, and 8.4x allows remote attackers to execute arbitrary commands by uploading a file to the IClient Servlet, guessing the insufficiently random (system time) name of the directory used to store the file, and directly requesting that file."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.19:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.20:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.17:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.18:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.43:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.12:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.13:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.40:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.15:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.42:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.41:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.16:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:peoplesoft:peopletools:8.14:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-15T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0951",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/hp/2003-q4/0041.html",
"name" : "HPSBUX0311-296",
"refsource" : "HP",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5146",
"name" : "oval:org.mitre.oval:def:5146",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Partition Manager (parmgr) in HP-UX B.11.23 does not properly validate certificates that are provided by the cimserver, which allows attackers to obtain sensitive data or gain privileges."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.23:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-15T05:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0952",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ ]
} ]
},
"references" : {
"reference_data" : [ ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ ]
},
"impact" : { },
"publishedDate" : "2017-05-11T14:29Z",
"lastModifiedDate" : "2017-05-11T14:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0953",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ ]
} ]
},
"references" : {
"reference_data" : [ ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ ]
},
"impact" : { },
"publishedDate" : "2017-05-11T14:29Z",
"lastModifiedDate" : "2017-05-11T14:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0954",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=IY48272&apar=only",
"name" : "IY48272",
"refsource" : "AIXAPAR",
"tags" : [ ]
}, {
"url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=IY48747&apar=only",
"name" : "IY48747",
"refsource" : "AIXAPAR",
"tags" : [ ]
}, {
"url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=IY49238&apar=only",
"name" : "IY49238",
"refsource" : "AIXAPAR",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/9078",
"name" : "9078",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "http://securitytracker.com/id?1008258",
"name" : "1008258",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10276/",
"name" : "10276",
"refsource" : "SECUNIA",
"tags" : [ "Patch" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in rcp for AIX 4.3.3, 5.1 and 5.2 allows local users to gain privileges."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:ibm:aix:4.3.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:ibm:aix:5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:35Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0955",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/005_exec.patch",
"name" : "20031105 005: RELIABILITY FIX: November 4, 2003",
"refsource" : "OPENBSD",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.guninski.com/msuxobsd2.html",
"name" : "http://www.guninski.com/msuxobsd2.html",
"refsource" : "MISC",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-November/013315.html",
"name" : "20031104 OpenBSD kernel overflow, yet still *BSD much better than windows",
"refsource" : "FULLDISC",
"tags" : [ ]
}, {
"url" : "http://www.openbsd.org/errata33.html",
"name" : "20031104 010: RELIABILITY FIX: November 4, 2003",
"refsource" : "OPENBSD",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/8978",
"name" : "8978",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=openbsd-security-announce&m=106808820119679&w=2",
"name" : "http://marc.info/?l=openbsd-security-announce&m=106808820119679&w=2",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=openbsd-security-announce&m=106917441524978&w=2",
"name" : "http://marc.info/?l=openbsd-security-announce&m=106917441524978&w=2",
"refsource" : "CONFIRM",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "OpenBSD kernel 3.3 and 3.4 allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code in 3.4 via a program with an invalid header that is not properly handled by (1) ibcs2_exec.c in the iBCS2 emulation (compat_ibcs2) or (2) exec_elf.c, which leads to a stack-based buffer overflow."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:3.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:3.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-15T05:00Z",
"lastModifiedDate" : "2016-10-18T02:38Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0956",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://linux.bkbits.net:8080/linux-2.4/cset@3ef33d95ym_22QH2xwhDMt264M55Fg",
"name" : "http://linux.bkbits.net:8080/linux-2.4/cset@3ef33d95ym_22QH2xwhDMt264M55Fg",
"refsource" : "CONFIRM",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42942",
"name" : "linux-kernel-odirect-information-disclosure(42942)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple race conditions in the handling of O_DIRECT in Linux kernel prior to version 2.4.22 could cause stale data to be returned from the disk when handling sparse files, or cause incorrect data to be returned when a file is truncated as it is being read, which might allow local users to obtain sensitive data that was originally owned by other users, a different vulnerability than CVE-2003-0018."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.22:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:H/Au:N/C:P/I:P/A:N",
"accessVector" : "LOCAL",
"accessComplexity" : "HIGH",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 2.6
},
"severity" : "LOW",
"exploitabilityScore" : 1.9,
"impactScore" : 4.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0959",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://linux.bkbits.net:8080/linux-2.4/cset@3ed382f7UfJ9Q2LKCJq1Tc5B7-EC5A",
"name" : "http://linux.bkbits.net:8080/linux-2.4/cset@3ed382f7UfJ9Q2LKCJq1Tc5B7-EC5A",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43072",
"name" : "linux-kernel-unspecified-priv-escalation(43072)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple integer overflows in the 32bit emulation for AMD64 architectures in Linux 2.4 kernel before 2.4.21 allows attackers to cause a denial of service or gain root privileges via unspecified vectors that trigger copy_from_user function calls with improper length arguments."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test5:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test6:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.12:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.13:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:pre1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:pre2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.19:pre1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.19:pre2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.15:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:pre3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:pre5:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test8:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test7:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:pre4:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.19:pre3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.19:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.14:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:pre8:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test11:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test4:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test10:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.20:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.19:pre4:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.17:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.19:pre6:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test12:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:pre6:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.16:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.19:pre5:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test9:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:pre7:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0960",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=107003609308765&w=2",
"name" : "20031128 [OpenCA Advisory] Vulnerabilities in signature verification",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "OpenCA before 0.9.1.4 does not use the correct certificate in a chain to check the serial, which could cause OpenCA to accept revoked or expired certificates."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openca:openca:0.8.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openca:openca:0.8.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openca:openca:0.8.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openca:openca:0.9.1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openca:openca:0.9.1.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openca:openca:0.9.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openca:openca:0.9.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openca:openca:0.9.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openca:openca:0.9.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-15T05:00Z",
"lastModifiedDate" : "2016-10-18T02:38Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0961",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-389.html",
"name" : "RHSA-2003:389",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-403",
"name" : "DSA-403",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://isec.pl/papers/linux_kernel_do_brk.pdf",
"name" : "http://isec.pl/papers/linux_kernel_do_brk.pdf",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-368.html",
"name" : "RHSA-2003:368",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2004/dsa-417",
"name" : "DSA-417",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2004/dsa-423",
"name" : "DSA-423",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2004/dsa-433",
"name" : "DSA-433",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2004/dsa-439",
"name" : "DSA-439",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2004/dsa-440",
"name" : "DSA-440",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2004/dsa-442",
"name" : "DSA-442",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2004/dsa-450",
"name" : "DSA-450",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2004/dsa-470",
"name" : "DSA-470",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2004/dsa-475",
"name" : "DSA-475",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.novell.com/linux/security/advisories/2003_049_kernel.html",
"name" : "SuSE-SA:2003:049",
"refsource" : "SUSE",
"tags" : [ ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/301156",
"name" : "VU#301156",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://secunia.com/advisories/10328",
"name" : "10328",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10329",
"name" : "10329",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10330",
"name" : "10330",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10333",
"name" : "10333",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10338",
"name" : "10338",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000796",
"name" : "CLA-2003:796",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:110",
"name" : "MDKSA-2003:110",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=107394143105081&w=2",
"name" : "20040112 SmoothWall Project Security Advisory SWP-2004:001",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=107064830206816&w=2",
"name" : "20031204 Hot fix for do_brk bug",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=107064798706473&w=2",
"name" : "20031204 [iSEC] Linux kernel do_brk() vulnerability details",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Integer overflow in the do_brk function for the brk system call in Linux kernel 2.4.22 and earlier allows local users to gain root privileges."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "2.4.22",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-15T05:00Z",
"lastModifiedDate" : "2016-10-18T02:38Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0962",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-398.html",
"name" : "RHSA-2003:398",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/9153",
"name" : "9153",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20031202-01-U",
"name" : "20031202-01-U",
"refsource" : "SGI",
"tags" : [ ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/325603",
"name" : "VU#325603",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://www.osvdb.org/2898",
"name" : "2898",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10353",
"name" : "10353",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10354",
"name" : "10354",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10355",
"name" : "10355",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10356",
"name" : "10356",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10357",
"name" : "10357",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10358",
"name" : "10358",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10359",
"name" : "10359",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10360",
"name" : "10360",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10361",
"name" : "10361",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10362",
"name" : "10362",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10363",
"name" : "10363",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10364",
"name" : "10364",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10378",
"name" : "10378",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10474",
"name" : "10474",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000794",
"name" : "CLA-2003:794",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:111",
"name" : "MDKSA-2003:111",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=107055681311602&w=2",
"name" : "20031204 rsync security advisory (fwd)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=107056923528423&w=2",
"name" : "20031204 GLSA: exploitable heap overflow in rsync (200312-03)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=107055684711629&w=2",
"name" : "2003-0048",
"refsource" : "TRUSTIX",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=107055702911867&w=2",
"name" : "20031204 [OpenPKG-SA-2003.051] OpenPKG Security Advisory (rsync)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13899",
"name" : "linux-rsync-heap-overflow(13899)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9415",
"name" : "oval:org.mitre.oval:def:9415",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Heap-based buffer overflow in rsync before 2.5.7, when running in server mode, allows remote attackers to execute arbitrary code and possibly escape the chroot jail."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:andrew_tridgell:rsync:2.4.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:andrew_tridgell:rsync:2.4.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:andrew_tridgell:rsync:2.5.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:andrew_tridgell:rsync:2.5.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:engardelinux:secure_community:1.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:engardelinux:secure_community:2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:andrew_tridgell:rsync:2.4.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:andrew_tridgell:rsync:2.4.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:andrew_tridgell:rsync:2.5.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:andrew_tridgell:rsync:2.5.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:andrew_tridgell:rsync:2.5.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:rsync:2.4.6-2:*:i386:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:andrew_tridgell:rsync:2.5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:rsync:2.5.5-1:*:i386:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:rsync:2.4.6-5:*:i386:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:engardelinux:secure_linux:1.2:*:professional:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:engardelinux:secure_linux:1.1:*:professional:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:andrew_tridgell:rsync:2.3.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:andrew_tridgell:rsync:2.4.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:rsync:2.5.4-2:*:i386:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:andrew_tridgell:rsync:2.4.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:andrew_tridgell:rsync:2.4.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:rsync:2.5.5-4:*:i386:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:andrew_tridgell:rsync:2.3.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:engardelinux:secure_linux:1.5:*:professional:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:rsync:2.4.6-5:*:ia64:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:andrew_tridgell:rsync:2.5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:slackware:slackware_linux:9.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:slackware:slackware_linux:current:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:slackware:slackware_linux:8.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:slackware:slackware_linux:9.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-15T05:00Z",
"lastModifiedDate" : "2018-05-03T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0963",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-404.html",
"name" : "RHSA-2003:404",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.novell.com/linux/security/advisories/2003_051_lftp.html",
"name" : "SuSE-SA:2003:051",
"refsource" : "SUSE",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2004/dsa-406",
"name" : "DSA-406",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20040101-01-U",
"name" : "20040101-01-U",
"refsource" : "SGI",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-403.html",
"name" : "RHSA-2003:403",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:116",
"name" : "MDKSA-2003:116",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc",
"name" : "20040202-01-U",
"refsource" : "SGI",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10525",
"name" : "10525",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10548",
"name" : "10548",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=107167974714484&w=2",
"name" : "20031217 [OpenPKG-SA-2003.053] OpenPKG Security Advisory (lftp)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=107177409418121&w=2",
"name" : "20031218 GLSA: lftp (200312-07)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=107340499504411&w=2",
"name" : "CLA-2004:800",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=107126386226196&w=2",
"name" : "20031212 [slackware-security] lftp security update (SSA:2003-346-01)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=107152267121513&w=2",
"name" : "20031213 lftp buffer overflows",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11180",
"name" : "oval:org.mitre.oval:def:11180",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflows in (1) try_netscape_proxy and (2) try_squid_eplf for lftp 2.6.9 and earlier allow remote HTTP servers to execute arbitrary code via long directory names that are processed by the ls or rels commands."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:alexander_v._lukyanov:lftp:2.6.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:alexander_v._lukyanov:lftp:2.6.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:alexander_v._lukyanov:lftp:2.6.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:alexander_v._lukyanov:lftp:2.6.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:alexander_v._lukyanov:lftp:2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:alexander_v._lukyanov:lftp:2.6.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:alexander_v._lukyanov:lftp:2.6.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:alexander_v._lukyanov:lftp:2.4.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:alexander_v._lukyanov:lftp:2.5.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:alexander_v._lukyanov:lftp:2.6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:alexander_v._lukyanov:lftp:2.6.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-01-05T05:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0964",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ ]
} ]
},
"references" : {
"reference_data" : [ ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: N/A. Notes: none."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ ]
},
"impact" : { },
"publishedDate" : "2003-11-17T05:00Z",
"lastModifiedDate" : "2008-09-10T19:21Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0965",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://mail.python.org/pipermail/mailman-announce/2003-December/000066.html",
"name" : "[Mailman-Announce] 20031231 RELEASED Mailman 2.1.4",
"refsource" : "MLIST",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/9336",
"name" : "9336",
"refsource" : "BID",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2004-020.html",
"name" : "RHSA-2004:020",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.debian.org/security/2004/dsa-436",
"name" : "DSA-436",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000842",
"name" : "CLA-2004:842",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:013",
"name" : "MDKSA-2004:013",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/3305",
"name" : "3305",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10519",
"name" : "10519",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14121",
"name" : "mailman-admin-xss(14121)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A813",
"name" : "oval:org.mitre.oval:def:813",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in the admin CGI script for Mailman before 2.1.4 allows remote attackers to steal session cookies and conduct unauthorized activities."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:mailman:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "2.1.4",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 6.8
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-02-17T05:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0966",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.redhat.com/support/errata/RHSA-2004-009.html",
"name" : "RHSA-2004:009",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/9430",
"name" : "9430",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=112078",
"name" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=112078",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc",
"name" : "20040103-01-U",
"refsource" : "SGI",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14840",
"name" : "elm-frm-subject-bo(14840)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in the frm command in elm 2.5.6 and earlier, and possibly later versions, allows remote attackers to execute arbitrary code via a long Subject line."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:elm_development_group:elm:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "2.5.6",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-02-17T05:00Z",
"lastModifiedDate" : "2017-10-10T01:30Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0967",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-386.html",
"name" : "RHSA-2003:386",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=freeradius-users&m=106947389449613&w=2",
"name" : "http://marc.info/?l=freeradius-users&m=106947389449613&w=2",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106944220426970",
"name" : "20031121 FreeRADIUS 0.9.2 \"Tunnel-Password\" attribute Handling Vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106935911101493&w=2",
"name" : "20031120 Remote DoS in FreeRADIUS, all versions.",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10917",
"name" : "oval:org.mitre.oval:def:10917",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "rad_decode in FreeRADIUS 0.9.2 and earlier allows remote attackers to cause a denial of service (crash) via a short RADIUS string attribute with a tag, which causes memcpy to be called with a -1 length argument, as demonstrated using the Tunnel-Password attribute."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:freeradius:freeradius:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "0.9.2",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-15T05:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0968",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=106986437621130&w=2",
"name" : "20031126 FreeRADIUS <= 0.9.3 rlm_smb module stack overflow vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Stack-based buffer overflow in SMB_Logon_Server of the rlm_smb experimental module for FreeRADIUS 0.9.3 and earlier allows remote attackers to execute arbitrary code via a long User-Password attribute."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:freeradius:freeradius:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "0.9.3",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-15T05:00Z",
"lastModifiedDate" : "2016-10-18T02:38Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0969",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/9364",
"name" : "9364",
"refsource" : "BID",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.debian.org/security/2004/dsa-411",
"name" : "DSA-411",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.novell.com/linux/security/advisories/2004_02_tcpdump.html",
"name" : "SuSE-SA:2004:002",
"refsource" : "SUSE",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/3331",
"name" : "3331",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14148",
"name" : "mpg321-mp3-format-string(14148)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "mpg321 0.2.10 allows remote attackers to overwrite memory and possibly execute arbitrary code via an mp3 file that passes certain strings to the printf function, possibly triggering a format string vulnerability."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mpg321:mpg321:0.2.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-01-20T05:00Z",
"lastModifiedDate" : "2017-10-10T01:30Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0970",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57430",
"name" : "57430",
"refsource" : "SUNALERT",
"tags" : [ "Patch", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The Network Management Port on Sun Fire B1600 systems allows remote attackers to cause a denial of service (packet loss) via ARP packets, which cause all ports to become temporarily disabled."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:sun:sun_fire:b1600:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-15T05:00Z",
"lastModifiedDate" : "2008-09-05T20:35Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0971",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000276.html",
"name" : "http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000276.html",
"refsource" : "CONFIRM",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000277.html",
"name" : "http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000277.html",
"refsource" : "CONFIRM",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.securityfocus.com/bid/9115",
"name" : "9115",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.novell.com/linux/security/advisories/2003_048_gpg.html",
"name" : "SuSE-SA:2003:048",
"refsource" : "SUSE",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-390.html",
"name" : "RHSA-2003:390",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-395.html",
"name" : "RHSA-2003:395",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2004/dsa-429",
"name" : "DSA-429",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/940388",
"name" : "VU#940388",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://secunia.com/advisories/10304",
"name" : "10304",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10349",
"name" : "10349",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10399",
"name" : "10399",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10400",
"name" : "10400",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000798",
"name" : "CLA-2003:798",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:109",
"name" : "MDKSA-2003:109",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc",
"name" : "20040202-01-U",
"refsource" : "SGI",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106995769213221&w=2",
"name" : "20031127 GnuPG's ElGamal signing keys compromised",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10982",
"name" : "oval:org.mitre.oval:def:10982",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates ElGamal type 20 (sign+encrypt) keys using the same key component for encryption as for signing, which allows attackers to determine the private key from a signature."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:privacy_guard:1.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:privacy_guard:1.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:privacy_guard:1.2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:privacy_guard:1.0.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:privacy_guard:1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:privacy_guard:1.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:privacy_guard:1.0.3b:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:privacy_guard:1.2.2:rc1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:privacy_guard:1.2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:privacy_guard:1.0.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:privacy_guard:1.0.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:privacy_guard:1.0.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-15T05:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0972",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2004/dsa-408",
"name" : "DSA-408",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://groups.yahoo.com/group/gnu-screen/message/3118",
"name" : "http://groups.yahoo.com/group/gnu-screen/message/3118",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000809",
"name" : "CLA-2004:809",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:113",
"name" : "MDKSA-2003:113",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10539",
"name" : "10539",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106995837813873&w=2",
"name" : "20031127 GNU screen buffer overflow",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Integer signedness error in ansi.c for GNU screen 4.0.1 and earlier, and 3.9.15 and earlier, allows local users to execute arbitrary code via a large number of \";\" (semicolon) characters in escape sequences, which leads to a buffer overflow."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:screen:3.9.15:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:screen:3.9.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:screen:3.9.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:screen:3.9.13:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:screen:3.9.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:screen:3.9.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:screen:3.9.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:screen:4.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-15T05:00Z",
"lastModifiedDate" : "2016-10-18T02:38Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0973",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.modpython.org/pipermail/mod_python/2003-November/004005.html",
"name" : "http://www.modpython.org/pipermail/mod_python/2003-November/004005.html",
"refsource" : "CONFIRM",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.debian.org/security/2004/dsa-452",
"name" : "DSA-452",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2004-058.html",
"name" : "RHSA-2004:058",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://bugzilla.fedora.us/show_bug.cgi?id=1325",
"name" : "FEDORA-2004-1325",
"refsource" : "FEDORA",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2004-063.html",
"name" : "RHSA-2004:063",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000837",
"name" : "CLA-2004:837",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A839",
"name" : "oval:org.mitre.oval:def:839",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A828",
"name" : "oval:org.mitre.oval:def:828",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10259",
"name" : "oval:org.mitre.oval:def:10259",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unknown vulnerability in mod_python 3.0.x before 3.0.4, and 2.7.x before 2.7.9, allows remote attackers to cause a denial of service (httpd crash) via a certain query string."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:mod_python:2.7.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:mod_python:2.7.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:mod_python:3.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:mod_python:3.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:mod_python:2.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:mod_python:2.7.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:mod_python:3.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:mod_python:3.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:mod_python:2.7.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:mod_python:2.7.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:mod_python:2.7.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:mod_python:2.7.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:mod_python:2.7.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-15T05:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0974",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/9124",
"name" : "9124",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.bugtraq.org/advisories/_BSSADV-0000.txt",
"name" : "http://www.bugtraq.org/advisories/_BSSADV-0000.txt",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=107004362416252&w=2",
"name" : "20031128 Multiple Remote Issues in Applied Watch IDS Suite (advisory attached)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=107031196324376&w=2",
"name" : "20031201 Re: Multiple Remote Issues in Applied Watch IDS Suite (advisory attached)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=107005523025918&w=2",
"name" : "20031128 Applied Watch Response to Bugtraq.org post - Was: Multiple Remote Issues in Applied Watch IDS Suite",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Applied Watch Command Center allows remote attackers to conduct unauthorized activities without authentication, such as (1) add new users to a console, as demonstrated using appliedsnatch.c, or (2) add spurious IDS rules to sensors, as demonstrated using addrule.c."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:applied_watch_technologies:applied_watch_command_center:1.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-15T05:00Z",
"lastModifiedDate" : "2016-10-18T02:38Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0975",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://docs.info.apple.com/article.html?artnum=61798",
"name" : "http://docs.info.apple.com/article.html?artnum=61798",
"refsource" : "CONFIRM",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://lists.apple.com/mhonarc/security-announce/msg00042.html",
"name" : "http://lists.apple.com/mhonarc/security-announce/msg00042.html",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106917674428552&w=2",
"name" : "20031118 Apple Safari 1.1 (v100)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7973",
"name" : "mozilla-netscape-steal-cookies(7973)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Apple Safari 1.0 through 1.1 on Mac OS X 10.3.1 and Mac OS X 10.2.8 allows remote attackers to steal user cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apple:safari:1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apple:safari:1.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.3.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.3.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-15T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0976",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10089375.htm",
"name" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10089375.htm",
"refsource" : "CONFIRM",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13915",
"name" : "netware-nfs-share-access(13915)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "NFS Server (XNFS.NLM) for Novell NetWare 6.5 does not properly enforce sys:\\etc\\exports when hostname aliases from sys:etc\\hosts file are used, which could allow users to mount file systems when XNFS should deny the host."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:novell:netware:6.5:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:novell:netware:6.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-15T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0977",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://ccvs.cvshome.org/servlets/NewsItemView?newsID=84&JServSessionIdservlets=8u3x1myav1",
"name" : "http://ccvs.cvshome.org/servlets/NewsItemView?newsID=84&JServSessionIdservlets=8u3x1myav1",
"refsource" : "CONFIRM",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.debian.org/security/2004/dsa-422",
"name" : "DSA-422",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2004-003.html",
"name" : "RHSA-2004:003",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2004-004.html",
"name" : "RHSA-2004:004",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc",
"name" : "20040103-01-U",
"refsource" : "SGI",
"tags" : [ ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000808",
"name" : "CLA-2004:808",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:112",
"name" : "MDKSA-2003:112",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc",
"name" : "20040202-01-U",
"refsource" : "SGI",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10601",
"name" : "10601",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=107168035515554&w=2",
"name" : "20031217 [OpenPKG-SA-2003.052] OpenPKG Security Advisory (cvs)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=107540163908129&w=2",
"name" : "20040129 [FLSA-2004:1207] Updated cvs resolves security vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13929",
"name" : "cvs-module-file-manipulation(13929)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A866",
"name" : "oval:org.mitre.oval:def:866",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A855",
"name" : "oval:org.mitre.oval:def:855",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11528",
"name" : "oval:org.mitre.oval:def:11528",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "CVS server before 1.11.10 may allow attackers to cause the CVS server to create directories and files in the file system root directory via malformed module requests."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cvs:cvs:1.10.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cvs:cvs:1.10.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cvs:cvs:1.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cvs:cvs:1.11.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cvs:cvs:1.11.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cvs:cvs:1.11.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cvs:cvs:1.11.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cvs:cvs:1.11.1_p1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cvs:cvs:1.11.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cvs:cvs:1.11.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:slackware:slackware_linux:8.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:slackware:slackware_linux:9.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:slackware:slackware_linux:9.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-01-05T05:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0978",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.s-quadra.com/advisories/Adv-20031203.txt",
"name" : "http://www.s-quadra.com/advisories/Adv-20031203.txt",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.novell.com/linux/security/advisories/2003_048_gpg.html",
"name" : "SuSE-SA:2003:048",
"refsource" : "SUSE",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=107047470625214&w=2",
"name" : "20031203 GnuPG 1.2.3, 1.3.3 external HKP interface format string issue",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13892",
"name" : "gnupg-gpgkeyshkp-format-string(13892)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Format string vulnerability in gpgkeys_hkp (experimental HKP interface) for the GnuPG (gpg) client 1.2.3 and earlier, and 1.3.3 and earlier, allows remote attackers or a malicious keyserver to cause a denial of service (crash) and possibly execute arbitrary code during key retrieval."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:privacy_guard:1.2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:privacy_guard:1.2.2:rc1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:privacy_guard:1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:privacy_guard:1.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:privacy_guard:1.2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:privacy_guard:1.3.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-01-05T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0979",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.westpoint.ltd.uk/advisories/wp-03-0001.txt",
"name" : "http://www.westpoint.ltd.uk/advisories/wp-03-0001.txt",
"refsource" : "MISC",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=107107840622493&w=2",
"name" : "20031210 Visitorbook LE Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "FreeScripts VisitorBook LE (visitorbook.pl) does not properly escape line breaks in input, which allows remote attackers to (1) use VisitorBook as an open mail relay, when $mailuser is 1, via extra headers in the email field, or (2) cause the guestbook database to be deleted via a large number of line breaks that exceeds the $max_posts variable."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:freescripts:visitorbook:le:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-01-05T05:00Z",
"lastModifiedDate" : "2016-10-18T02:38Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0980",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.westpoint.ltd.uk/advisories/wp-03-0001.txt",
"name" : "http://www.westpoint.ltd.uk/advisories/wp-03-0001.txt",
"refsource" : "MISC",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=107107840622493&w=2",
"name" : "20031210 Visitorbook LE Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in FreeScripts VisitorBook LE (visitorbook.pl) allows remote attackers to inject arbitrary HTML or web script via (1) the \"do\" parameter, (2) via the \"user\" parameter from a host with a malicious reverse DNS name, (3) via quote marks or ampersands in other parameters."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:freescripts:visitorbook:le:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-01-05T05:00Z",
"lastModifiedDate" : "2016-10-18T02:38Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0981",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.westpoint.ltd.uk/advisories/wp-03-0001.txt",
"name" : "http://www.westpoint.ltd.uk/advisories/wp-03-0001.txt",
"refsource" : "MISC",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=107107840622493&w=2",
"name" : "20031210 Visitorbook LE Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "FreeScripts VisitorBook LE (visitorbook.pl) logs the reverse DNS name of a visiting host, which allows remote attackers to spoof the origin of their incoming requests and facilitate cross-site scripting (XSS) attacks."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:freescripts:visitorbook:le:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-01-05T05:00Z",
"lastModifiedDate" : "2016-10-18T02:38Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0982",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.cisco.com/warp/public/707/cisco-sa-20031210-ACNS-auth.shtml",
"name" : "20031210 Vulnerability in Authentication Library for ACNS",
"refsource" : "CISCO",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/9187",
"name" : "9187",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/352462",
"name" : "VU#352462",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://secunia.com/advisories/10409",
"name" : "10409",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13945",
"name" : "cisco-acns-password-bo(13945)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in the authentication module for Cisco ACNS 4.x before 4.2.11, and 5.x before 5.0.5, allows remote attackers to execute arbitrary code via a long password."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cisco:application_and_content_networking_software:5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cisco:application_and_content_networking_software:5.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cisco:content_distribution_manager_4650:4.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cisco:content_distribution_manager_4670:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cisco:content_engine:560_3.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cisco:content_engine:560_4.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cisco:content_engine:7320:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cisco:content_engine:7320_2.2_.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:cisco:content_router_4430:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:cisco:content_router_4450:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cisco:application_and_content_networking_software:4.2.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cisco:content_distribution_manager_4650:4.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cisco:content_engine:7320_4.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cisco:application_and_content_networking_software:5.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cisco:content_engine:507_2.2_.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cisco:application_and_content_networking_software:4.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cisco:content_engine:590_4.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cisco:content_engine:560_4.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cisco:content_distribution_manager_4650:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cisco:content_engine_module:for_cisco_router_3600_series:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cisco:content_distribution_manager_4630:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cisco:application_and_content_networking_software:4.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cisco:content_engine:560:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cisco:content_engine_module:for_cisco_router_3700_series:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cisco:content_engine:560_2.2_.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cisco:application_and_content_networking_software:4.1.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cisco:content_engine:507:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cisco:content_engine:590:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cisco:application_and_content_networking_software:4.2.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cisco:content_engine:590_4.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cisco:content_engine:7320_3.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cisco:enterprise_content_delivery_network_software:4.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cisco:enterprise_content_delivery_network_software:4.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cisco:content_engine:507_4.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cisco:content_distribution_manager_4630:4.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cisco:content_engine:507_4.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cisco:content_engine:590_2.2_.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cisco:content_engine:507_3.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cisco:content_distribution_manager_4630:4.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cisco:content_engine_module:for_cisco_router_2600_series:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cisco:content_engine:590_3.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cisco:application_and_content_networking_software:4.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cisco:content_engine:7320_4.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-01-05T05:00Z",
"lastModifiedDate" : "2018-10-30T16:25Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0983",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.cisco.com/warp/public/707/cisco-sa-20031210-unity.shtml",
"name" : "20031210 Unity Vulnerabilities on IBM-based Servers",
"refsource" : "CISCO",
"tags" : [ "Patch", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cisco Unity on IBM servers is shipped with default settings that should have been disabled by the manufacturer, which allows local or remote attackers to conduct unauthorized activities via (1) a \"bubba\" local user account, (2) an open TCP port 34571, or (3) when a local DHCP server is unavailable, a DHCP server on the manufacturer's test network."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:cisco:80-7112-01_for_the_unity-svrx255-2a:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:cisco:80-7111-01_for_the_unity-svrx255-1a:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-01-05T05:00Z",
"lastModifiedDate" : "2008-09-10T19:21Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0984",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/9154",
"name" : "9154",
"refsource" : "BID",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2004-188.html",
"name" : "RHSA-2004:188",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.novell.com/linux/security/advisories/2003_049_kernel.html",
"name" : "SuSE-SA:2003:049",
"refsource" : "SUSE",
"tags" : [ ]
}, {
"url" : "http://www.linuxsecurity.com/advisories/engarde_advisory-3904.html",
"name" : "ESA-20040105-001",
"refsource" : "ENGARDE",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-417.html",
"name" : "RHSA-2003:417",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000799",
"name" : "CLA-2004:799",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2006/dsa-1070",
"name" : "DSA-1070",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2006/dsa-1067",
"name" : "DSA-1067",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2006/dsa-1069",
"name" : "DSA-1069",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/20162",
"name" : "20162",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/20163",
"name" : "20163",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/20202",
"name" : "20202",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2006/dsa-1082",
"name" : "DSA-1082",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/20338",
"name" : "20338",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/archives/fedora-announce-list/2004-January/msg00000.html",
"name" : "FEDORA-2003-046",
"refsource" : "FEDORA",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:001",
"name" : "MDKSA-2004:001",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/3317",
"name" : "3317",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://www.securitytracker.com/id?1008594",
"name" : "1008594",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10536",
"name" : "10536",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10537",
"name" : "10537",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10538",
"name" : "10538",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10555",
"name" : "10555",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10582",
"name" : "10582",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10583",
"name" : "10583",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10533",
"name" : "10533",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=107394143105081&w=2",
"name" : "20040112 SmoothWall Project Security Advisory SWP-2004:001",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13943",
"name" : "linux-rtc-memory-leak(13943)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9406",
"name" : "oval:org.mitre.oval:def:9406",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A859",
"name" : "oval:org.mitre.oval:def:859",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1013",
"name" : "oval:org.mitre.oval:def:1013",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Real time clock (RTC) routines in Linux kernel 2.4.23 and earlier do not properly initialize their structures, which could leak kernel data to user space."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test4:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.12:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:pre1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:pre8:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.19:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.20:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.21:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:pre3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test6:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.19:pre1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.13:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.17:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.21:pre1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test7:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.19:pre2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test12:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.19:pre3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.14:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.21:pre4:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test5:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:pre2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.15:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:pre5:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.21:pre7:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.19:pre4:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test8:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:pre4:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.19:pre6:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:pre6:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.16:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.19:pre5:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.22:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test11:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test10:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test9:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:pre7:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-01-05T05:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0985",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-417.html",
"name" : "RHSA-2003:417",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.linuxsecurity.com/advisories/engarde_advisory-3904.html",
"name" : "ESA-20040105-001",
"refsource" : "ENGARDE",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/9356",
"name" : "9356",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://isec.pl/vulnerabilities/isec-0013-mremap.txt",
"name" : "http://isec.pl/vulnerabilities/isec-0013-mremap.txt",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.24",
"name" : "http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.24",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://svn.debian.org/wsvn/kernel/patch-tracking/CVE-2005-0528?op=file&rev=0&sc=0",
"name" : "http://svn.debian.org/wsvn/kernel/patch-tracking/CVE-2005-0528?op=file&rev=0&sc=0",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://klecker.debian.org/~joey/security/kernel/patches/patch.CAN-2005-0528.mremap",
"name" : "http://klecker.debian.org/~joey/security/kernel/patches/patch.CAN-2005-0528.mremap",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2004/dsa-423",
"name" : "DSA-423",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2004/dsa-450",
"name" : "DSA-450",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2006/dsa-1070",
"name" : "DSA-1070",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2006/dsa-1067",
"name" : "DSA-1067",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2006/dsa-1069",
"name" : "DSA-1069",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2006/dsa-1082",
"name" : "DSA-1082",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2004/dsa-413",
"name" : "DSA-413",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2004/dsa-417",
"name" : "DSA-417",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2004/dsa-427",
"name" : "DSA-427",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2004/dsa-439",
"name" : "DSA-439",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2004/dsa-440",
"name" : "DSA-440",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2004/dsa-442",
"name" : "DSA-442",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2004/dsa-470",
"name" : "DSA-470",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.debian.org/security/2004/dsa-475",
"name" : "DSA-475",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.novell.com/linux/security/advisories/2004_03_linux_kernel.html",
"name" : "SuSE-SA:2004:003",
"refsource" : "SUSE",
"tags" : [ ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000799",
"name" : "CLA-2004:799",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-416.html",
"name" : "RHSA-2003:416",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-418.html",
"name" : "RHSA-2003:418",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-419.html",
"name" : "RHSA-2003:419",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://download.immunix.org/ImmunixOS/7.3/updates/IMNX-2004-73-001-01",
"name" : "IMNX-2004-73-001-01",
"refsource" : "IMMUNIX",
"tags" : [ ]
}, {
"url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:001",
"name" : "MDKSA-2004:001",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20040102-01-U",
"name" : "20040102-01-U",
"refsource" : "SGI",
"tags" : [ ]
}, {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2004-01/0070.html",
"name" : "20040108 [slackware-security] Slackware 8.1 kernel security update (SSA:2004-008-01)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/490620",
"name" : "VU#490620",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://www.ciac.org/ciac/bulletins/o-045.shtml",
"name" : "O-045",
"refsource" : "CIAC",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/3315",
"name" : "3315",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10532",
"name" : "10532",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/20163",
"name" : "20163",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/20202",
"name" : "20202",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/20338",
"name" : "20338",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=107350348418373&w=2",
"name" : "20040107 [slackware-security] Kernel security update (SSA:2004-006-01)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=107340814409017&w=2",
"name" : "20040106 Linux mremap bug correction",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=107394143105081&w=2",
"name" : "20040112 SmoothWall Project Security Advisory SWP-2004:001",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=107332782121916&w=2",
"name" : "20040105 Linux kernel mremap vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=107340358402129&w=2",
"name" : "20040105 Linux kernel do_mremap() proof-of-concept exploit code",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=107332754521495&w=2",
"name" : "2004-0001",
"refsource" : "TRUSTIX",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A867",
"name" : "oval:org.mitre.oval:def:867",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A860",
"name" : "oval:org.mitre.oval:def:860",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14135",
"name" : "linux-domremap-gain-privileges(14135)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The mremap system call (do_mremap) in Linux kernel 2.4.x before 2.4.21, and possibly other versions before 2.4.24, does not properly perform bounds checks, which allows local users to cause a denial of service and possibly gain privileges by causing a remapping of a virtual memory area (VMA) to create a zero length VMA, a different vulnerability than CAN-2004-0077."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test10:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test11:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test12:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test8:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test9:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.15:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.16:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:pre5:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:pre6:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.19:pre4:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.19:pre5:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test6:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.21:pre7:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.13:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.17:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.23:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test7:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.19:pre6:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.14:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.22:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:pre2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:pre8:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:pre7:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:pre1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:pre3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.19:pre1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.12:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.21:pre1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.21:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:pre4:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.19:pre2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.19:pre3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.19:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.21:pre4:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test5:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test4:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.20:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-01-20T05:00Z",
"lastModifiedDate" : "2018-05-03T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0986",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.redhat.com/support/errata/RHSA-2004-017.html",
"name" : "RHSA-2004:017",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://linux.bkbits.net:8080/linux-2.6/cset@3ffcf122S7e3xPZCpibrXq6KRRjwqw",
"name" : "http://linux.bkbits.net:8080/linux-2.6/cset@3ffcf122S7e3xPZCpibrXq6KRRjwqw",
"refsource" : "CONFIRM",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://linux.bkbits.net:8080/linux-2.4/cset@3fdd54b3u9Eq0Wny2Nn1HGfI3pofOQ",
"name" : "http://linux.bkbits.net:8080/linux-2.4/cset@3fdd54b3u9Eq0Wny2Nn1HGfI3pofOQ",
"refsource" : "CONFIRM",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9707",
"name" : "oval:org.mitre.oval:def:9707",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Various routines for the ppc64 architecture on Linux kernel 2.6 prior to 2.6.2 and 2.4 prior to 2.4.24 do not use the copy_from_user function when copying data from userspace to kernelspace, which crosses security boundaries and allows local users to cause a denial of service."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test5:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test6:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:pre3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:pre4:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.19:pre4:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.19:pre5:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.23:pre9:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.23_ow2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_servers:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test10:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:pre1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:pre5:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.21:pre1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.22:pre10:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.23:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.6.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.6.1:rc2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test8:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.24:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test7:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.24_ow1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.19:pre6:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.19:pre2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test12:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:pre6:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.19:pre3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:pre2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test11:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test4:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:pre7:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.19:pre1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.21:pre7:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.21:pre4:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.6.1:rc1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.18:pre8:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:test9:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:S/C:N/I:N/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "SINGLE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 1.7
},
"severity" : "LOW",
"exploitabilityScore" : 3.1,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0987",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.mail-archive.com/dev@httpd.apache.org/msg19007.html",
"name" : "http://www.mail-archive.com/dev@httpd.apache.org/msg19007.html",
"refsource" : "CONFIRM",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.mail-archive.com/dev@httpd.apache.org/msg19014.html",
"name" : "http://www.mail-archive.com/dev@httpd.apache.org/msg19014.html",
"refsource" : "CONFIRM",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/9571",
"name" : "9571",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2004-600.html",
"name" : "RHSA-2004:600",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.trustix.org/errata/2004/0027",
"name" : "2004-0027",
"refsource" : "TRUSTIX",
"tags" : [ ]
}, {
"url" : "http://security.gentoo.org/glsa/glsa-200405-22.xml",
"name" : "GLSA-200405-22",
"refsource" : "GENTOO",
"tags" : [ ]
}, {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57628-1",
"name" : "57628",
"refsource" : "SUNALERT",
"tags" : [ ]
}, {
"url" : "http://securitytracker.com/id?1008920",
"name" : "1008920",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.529643",
"name" : "SSA:2004-133",
"refsource" : "SLACKWARE",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2005-816.html",
"name" : "RHSA-2005:816",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101555-1",
"name" : "101555",
"refsource" : "SUNALERT",
"tags" : [ ]
}, {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101841-1",
"name" : "101841",
"refsource" : "SUNALERT",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:046",
"name" : "MDKSA-2004:046",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=108437852004207&w=2",
"name" : "20040512 [OpenPKG-SA-2004.021] OpenPKG Security Advisory (apache)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15041",
"name" : "apache-moddigest-response-replay(15041)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4416",
"name" : "oval:org.mitre.oval:def:4416",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100108",
"name" : "oval:org.mitre.oval:def:100108",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r7035b7c9091c4b665a3b7205364775410646f12125d48e74e395f2ce@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1888194 [2/13] - /httpd/site/trunk/content/security/json/",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/re028d61fe612b0908595d658b9b39e74bca56f2a1ed3c5f06b5ab571@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073139 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/raa117ef183f0da9b3f46efbeaa66f7622bd68868a450cae4fd8ed594@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073149 [3/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "1.3.30",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-03-03T05:00Z",
"lastModifiedDate" : "2021-06-06T11:15Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0988",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.kde.org/info/security/advisory-20040114-1.txt",
"name" : "http://www.kde.org/info/security/advisory-20040114-1.txt",
"refsource" : "CONFIRM",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2004-005.html",
"name" : "RHSA-2004:005",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/9419",
"name" : "9419",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000810",
"name" : "CLA-2004:810",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://security.gentoo.org/glsa/glsa-200404-02.xml",
"name" : "GLSA-200404-02",
"refsource" : "GENTOO",
"tags" : [ ]
}, {
"url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:003",
"name" : "MDKSA-2004:003",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2004-006.html",
"name" : "RHSA-2004:006",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/820798",
"name" : "VU#820798",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=107412130407906&w=2",
"name" : "20040114 KDE Security Advisory: VCF file information reader vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A865",
"name" : "oval:org.mitre.oval:def:865",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A858",
"name" : "oval:org.mitre.oval:def:858",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14833",
"name" : "kde-kdepim-bo(14833)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in the VCF file information reader for KDE Personal Information Management (kdepim) suite in KDE 3.1.0 through 3.1.4 allows attackers to execute arbitrary code via a VCF file."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:kde:kde:3.1.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:kde:kde:3.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:kde:kde:3.1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:kde:kde:3.1.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-02-17T05:00Z",
"lastModifiedDate" : "2017-10-10T01:30Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0989",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.redhat.com/support/errata/RHSA-2004-007.html",
"name" : "RHSA-2004:007",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/738518",
"name" : "VU#738518",
"refsource" : "CERT-VN",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.debian.org/security/2004/dsa-425",
"name" : "DSA-425",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2004-008.html",
"name" : "RHSA-2004:008",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc",
"name" : "20040103-01-U",
"refsource" : "SGI",
"tags" : [ ]
}, {
"url" : "http://lists.apple.com/archives/security-announce/2004/Feb/msg00000.html",
"name" : "APPLE-SA-2004-02-23",
"refsource" : "APPLE",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/archives/fedora-legacy-list/2004-January/msg00726.html",
"name" : "FLSA:1222",
"refsource" : "FEDORA",
"tags" : [ ]
}, {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc",
"name" : "20040202-01-U",
"refsource" : "SGI",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:008",
"name" : "MDKSA-2004:008",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/9507",
"name" : "9507",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.securitytracker.com/id?1008716",
"name" : "1008716",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10636",
"name" : "10636",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10668",
"name" : "10668",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10718",
"name" : "10718",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2004-008.0.txt",
"name" : "CSSA-2004-008.0",
"refsource" : "CALDERA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/12179/",
"name" : "12179",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://lwn.net/Alerts/66805/",
"name" : "ESA-20040119-002",
"refsource" : "ENGARDE",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/archives/fedora-announce-list/2004-March/msg00015.html",
"name" : "[fedora-announce-list] 20040311 Re: [SECURITY] Fedora Core 1 Update: tcpdump-3.7.2-8.fc1.1",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10639",
"name" : "10639",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/11022",
"name" : "11022",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/archives/fedora-announce-list/2004-March/msg00006.html",
"name" : "FEDORA-2004-090",
"refsource" : "FEDORA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10637",
"name" : "10637",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10644",
"name" : "10644",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10652",
"name" : "10652",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/archives/fedora-announce-list/2004-March/msg00009.html",
"name" : "FEDORA-2004-092",
"refsource" : "FEDORA",
"tags" : [ ]
}, {
"url" : "http://lwn.net/Alerts/66445/",
"name" : "2004-0004",
"refsource" : "TRUSTIX",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/11032/",
"name" : "11032",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.9/SCOSA-2004.9.txt",
"name" : "SCOSA-2004.9",
"refsource" : "SCO",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=107577418225627&w=2",
"name" : "20040131 [FLSA-2004:1222] Updated tcpdump resolves security vulnerabilites (resend with correct paths)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A852",
"name" : "oval:org.mitre.oval:def:852",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A847",
"name" : "oval:org.mitre.oval:def:847",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10599",
"name" : "oval:org.mitre.oval:def:10599",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/350238/30/21640/threaded",
"name" : "20040119 [ESA-20040119-002] 'tcpdump' multiple vulnerabilities.",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "tcpdump before 3.8.1 allows remote attackers to cause a denial of service (infinite loop) via certain ISAKMP packets, a different vulnerability than CVE-2004-0057."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:tcpdump:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "3.8.0",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:linux:9.0:*:i386:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-02-17T05:00Z",
"lastModifiedDate" : "2018-10-19T15:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0990",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/348366",
"name" : "20031226 Re: Reported Command Injection in Squirrelmail GPG",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/9296",
"name" : "9296",
"refsource" : "BID",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.bugtraq.org/advisories/_BSSADV-0001.txt",
"name" : "http://www.bugtraq.org/advisories/_BSSADV-0001.txt",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=107247236124180&w=2",
"name" : "20031224 Bugtraq Security Systems ADV-0001",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14079",
"name" : "squirrelmail-parseaddress-command-execution(14079)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The parseAddress code in (1) SquirrelMail 1.4.0 and (2) GPG Plugin 1.1 allows remote attackers to execute commands via shell metacharacters in the \"To:\" field."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:squirrelmail:gpg_plugin:1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:squirrelmail:squirrelmail:1.4.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-01-20T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0991",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://mail.python.org/pipermail/mailman-announce/2004-February/000067.html",
"name" : "[Mailman-Announce] 20040208 RELEASED: Mailman 2.0.14 patch-only release",
"refsource" : "MLIST",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.debian.org/security/2004/dsa-436",
"name" : "DSA-436",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2004-019.html",
"name" : "RHSA-2004:019",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/9620",
"name" : "9620",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000842",
"name" : "CLA-2004:842",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc",
"name" : "20040201-01-U",
"refsource" : "SGI",
"tags" : [ ]
}, {
"url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:013",
"name" : "MDKSA-2004:013",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15106",
"name" : "mailman-command-handler-dos(15106)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unknown vulnerability in the mail command handler in Mailman before 2.0.14 allows remote attackers to cause a denial of service (crash) via malformed e-mail commands."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:mailman:1.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:mailman:2.0.13:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:mailman:2.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:mailman:2.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:mailman:2.0:beta3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:mailman:2.0:beta4:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:mailman:1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:mailman:2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:mailman:2.0.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:mailman:2.0.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:mailman:2.0:beta5:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:mailman:2.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:mailman:2.0.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:mailman:2.0.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:mailman:2.0.12:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:mailman:2.0.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:mailman:2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sgi:propack:2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:mailman:2.0.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:mailman:2.0.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:mailman:2.0.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-03-03T05:00Z",
"lastModifiedDate" : "2017-10-10T01:30Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0992",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://mail.python.org/pipermail/mailman-announce/2003-September/000061.html",
"name" : "http://mail.python.org/pipermail/mailman-announce/2003-September/000061.html",
"refsource" : "CONFIRM",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2004-020.html",
"name" : "RHSA-2004:020",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000842",
"name" : "CLA-2004:842",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:013",
"name" : "MDKSA-2004:013",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A815",
"name" : "oval:org.mitre.oval:def:815",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in the create CGI script for Mailman before 2.1.3 allows remote attackers to steal cookies of other users."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:mailman:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "2.1.3",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-02-17T05:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0993",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.apacheweek.com/features/security-13",
"name" : "http://www.apacheweek.com/features/security-13",
"refsource" : "CONFIRM",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/9829",
"name" : "9829",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://issues.apache.org/bugzilla/show_bug.cgi?id=23850",
"name" : "http://issues.apache.org/bugzilla/show_bug.cgi?id=23850",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://security.gentoo.org/glsa/glsa-200405-22.xml",
"name" : "GLSA-200405-22",
"refsource" : "GENTOO",
"tags" : [ ]
}, {
"url" : "http://frontal2.mandriva.com/security/advisories?name=MDKSA-2004:046",
"name" : "MDKSA-2004:046",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.529643",
"name" : "SSA:2004-133",
"refsource" : "SLACKWARE",
"tags" : [ ]
}, {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57628-1",
"name" : "57628",
"refsource" : "SUNALERT",
"tags" : [ ]
}, {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101555-1",
"name" : "101555",
"refsource" : "SUNALERT",
"tags" : [ ]
}, {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101841-1",
"name" : "101841",
"refsource" : "SUNALERT",
"tags" : [ ]
}, {
"url" : "http://www.trustix.org/errata/2004/0027",
"name" : "2004-0027",
"refsource" : "TRUSTIX",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=apache-cvs&m=107869603013722",
"name" : "[apache-cvs] 20040307 cvs commit: apache-1.3/src/modules/standard mod_access.c",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=108437852004207&w=2",
"name" : "20040512 [OpenPKG-SA-2004.021] OpenPKG Security Advisory (apache)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4670",
"name" : "oval:org.mitre.oval:def:4670",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100111",
"name" : "oval:org.mitre.oval:def:100111",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15422",
"name" : "apache-modaccess-obtain-information(15422)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r7035b7c9091c4b665a3b7205364775410646f12125d48e74e395f2ce@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1888194 [2/13] - /httpd/site/trunk/content/security/json/",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/re028d61fe612b0908595d658b9b39e74bca56f2a1ed3c5f06b5ab571@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073139 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/raa117ef183f0da9b3f46efbeaa66f7622bd68868a450cae4fd8ed594@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210330 svn commit: r1073149 [3/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E",
"name" : "[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource" : "MLIST",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.22:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.23:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.18:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.19:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.20:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.12:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.27:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.25:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.28:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.24:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.7:*:dev:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.17:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.26:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.14:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.29:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-03-29T05:00Z",
"lastModifiedDate" : "2021-06-06T11:15Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0994",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.secnetops.biz/research/SRT2004-01-09-1022.txt",
"name" : "http://www.secnetops.biz/research/SRT2004-01-09-1022.txt",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-January/015510.html",
"name" : "20040112 SRT2004-01-9-1022 - Symantec LiveUpdate allows local users to become SYSTEM",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/3428",
"name" : "3428",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=107393473928245&w=2",
"name" : "20040112 Re: SRT2004-01-9-1022 - Symantec LiveUpdate allows local users to become SYSTEM",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The GUI functionality for an interactive session in Symantec LiveUpdate 1.70.x through 1.90.x, as used in Norton Internet Security 2001 through 2004, SystemWorks 2001 through 2004, and AntiVirus and Norton AntiVirus Pro 2001 through 2004, AntiVirus for Handhelds v3.0, allows local users to gain SYSTEM privileges."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:symantec:norton_antivirus:2001:*:pro:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:symantec:norton_antivirus:2002:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:symantec:norton_internet_security:2002:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:symantec:norton_internet_security:2002:*:pro:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:symantec:norton_system_works:2003:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:symantec:norton_system_works:2004:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:symantec:norton_antivirus:2002:*:pro:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:symantec:norton_antivirus:2003:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:symantec:norton_internet_security:2003:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:symantec:norton_internet_security:2003:*:pro:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:symantec:windows_liveupdate:1.70.x:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:symantec:norton_antivirus:2001:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:symantec:norton_system_works:2002:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:symantec:norton_internet_security:2001:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:symantec:norton_internet_security:2004:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:symantec:norton_internet_security:2001:*:pro:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:symantec:norton_system_works:2001:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:symantec:norton_antivirus:v3.0:*:handhelds:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:symantec:norton_antivirus:2.1:*:ms_exchange:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:symantec:windows_liveupdate:1.90.x:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:symantec:norton_antivirus:2003:*:pro:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:symantec:norton_antivirus:2004:*:pro:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:symantec:norton_internet_security:2004:*:pro:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-02-03T05:00Z",
"lastModifiedDate" : "2016-10-18T02:38Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0995",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13131",
"name" : "win2k-message-queue-bo(13131)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-039",
"name" : "MS03-039",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in the Microsoft Message Queue Manager (MSQM) allows remote attackers to cause a denial of service (RPC service crash) via a queue registration request."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-01-05T05:00Z",
"lastModifiedDate" : "2019-04-30T14:27Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0996",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://support.ca.com/techbases/rp/urc6x-secnote.html",
"name" : "http://support.ca.com/techbases/rp/urc6x-secnote.html",
"refsource" : "CONFIRM",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.secunia.com/advisories/10420/",
"name" : "10420",
"refsource" : "SECUNIA",
"tags" : [ "Patch", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unknown \"System Security Vulnerability\" in Computer Associates (CA) Unicenter Remote Control (URC) 6.0 allows attackers to gain privileges via the help interface."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:broadcom:unicenter_remote_control_host:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-01-05T05:00Z",
"lastModifiedDate" : "2021-04-13T20:13Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0997",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://support.ca.com/techbases/rp/urc6x-secnote.html",
"name" : "http://support.ca.com/techbases/rp/urc6x-secnote.html",
"refsource" : "CONFIRM",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.secunia.com/advisories/10420/",
"name" : "10420",
"refsource" : "SECUNIA",
"tags" : [ "Patch", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unknown \"Denial of Service Attack\" vulnerability in Computer Associates (CA) Unicenter Remote Control (URC) 6.0 allows attackers to cause a denial of service (CPU consumption in URC host service)."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:broadcom:unicenter_remote_control_host:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-01-05T05:00Z",
"lastModifiedDate" : "2021-04-13T20:13Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0998",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://support.ca.com/techbases/rp/urc5x-secnote.html",
"name" : "http://support.ca.com/techbases/rp/urc5x-secnote.html",
"refsource" : "CONFIRM",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.secunia.com/advisories/10420/",
"name" : "10420",
"refsource" : "SECUNIA",
"tags" : [ "Patch", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unknown \"potential system security vulnerability\" in Computer Associates (CA) Unicenter Remote Control 5.0 through 5.2, and ControlIT 5.0 and 5.1, may allow attackers to gain privileges to the local system account."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:broadcom:unicenter_remote_control_option:5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ca:unicenter_remote_control_option:5.1:*:*:de:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ca:controlit:5.0:*:advanced:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ca:controlit:5.0:*:enterprise:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ca:controlit:5.1:*:enterprise:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:broadcom:unicenter_remote_control:5.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:broadcom:unicenter_remote_control:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:broadcom:unicenter_remote_control_option:5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-01-05T05:00Z",
"lastModifiedDate" : "2021-04-13T20:13Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-0999",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57451",
"name" : "57451",
"refsource" : "SUNALERT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4098",
"name" : "oval:org.mitre.oval:def:4098",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unknown multiple vulnerabilities in (1) lpstat and (2) the libprint library in Solaris 2.6 through 9 may allow attackers to execute arbitrary code or read or write arbitrary files."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-01-05T05:00Z",
"lastModifiedDate" : "2018-10-30T16:26Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1000",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://mail.nl.linux.org/xchat-announce/2003-12/msg00000.html",
"name" : "http://mail.nl.linux.org/xchat-announce/2003-12/msg00000.html",
"refsource" : "CONFIRM",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=107152093419276&w=2",
"name" : "20031214 GLSA: Malformed dcc send requests in xchat-2.0.6 lead to a denial of service",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "xchat 2.0.6 allows remote attackers to cause a denial of service (crash) via a passive DCC request with an invalid ID number, which causes a null dereference."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xchat:xchat:2.0.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-01-05T05:00Z",
"lastModifiedDate" : "2016-10-18T02:38Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1001",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.cisco.com/warp/public/707/cisco-sa-20031215-fwsm.shtml",
"name" : "20031215 Cisco FWSM Vulnerabilities",
"refsource" : "CISCO",
"tags" : [ "Patch", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in the Cisco Firewall Services Module (FWSM) in Cisco Catalyst 6500 and 7600 series devices allows remote attackers to cause a denial of service (crash and reload) via HTTP auth requests for (1) TACACS+ or (2) RADIUS authentication."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:cisco:catalyst_6500_ws-svc-nam-1:2.2\\(1a\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:cisco:catalyst_6500_ws-x6380-nam:3.1\\(1a\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:cisco:catalyst_7600_ws-svc-nam-1:3.1\\(1a\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:cisco:catalyst_7600_ws-svc-nam-2:3.1\\(1a\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:catos:5.4\\(1\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:catos:7.6\\(1\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:cisco:catalyst_6500_ws-svc-nam-1:3.1\\(1a\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:cisco:catalyst_6500_ws-svc-nam-2:2.2\\(1a\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:cisco:catalyst_6500_ws-svc-nam-2:3.1\\(1a\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:cisco:catalyst_6500_ws-x6380-nam:2.1\\(2\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:cisco:catalyst_7600_ws-x6380-nam:2.1\\(2\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:cisco:catalyst_7600_ws-svc-nam-1:2.2\\(1a\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:cisco:firewall_services_module:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:cisco:catalyst_7600_ws-svc-nam-2:2.2\\(1a\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:catos:7.5\\(1\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:cisco:firewall_services_module:1.1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:cisco:catalyst_6500:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:cisco:catalyst_7600_ws-x6380-nam:3.1\\(1a\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-01-05T05:00Z",
"lastModifiedDate" : "2008-09-10T19:21Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1002",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.cisco.com/warp/public/707/cisco-sa-20031215-fwsm.shtml",
"name" : "20031215 Cisco FWSM Vulnerabilities",
"refsource" : "CISCO",
"tags" : [ "Patch", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cisco Firewall Services Module (FWSM) in Cisco Catalyst 6500 and 7600 series devices allows remote attackers to cause a denial of service (crash and reload) via an SNMPv3 message when snmp-server is set."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:cisco:catalyst_6500_ws-x6380-nam:2.1\\(2\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:cisco:catalyst_7600_ws-svc-nam-1:2.2\\(1a\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:cisco:catalyst_7600_ws-x6380-nam:3.1\\(1a\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:cisco:firewall_services_module:1.1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:catos:7.5\\(1\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:cisco:catalyst_6500:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:cisco:catalyst_6500_ws-svc-nam-1:2.2\\(1a\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:cisco:catalyst_6500_ws-svc-nam-1:3.1\\(1a\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:cisco:catalyst_6500_ws-svc-nam-2:2.2\\(1a\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:catos:7.6\\(1\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:cisco:catalyst_7600_ws-svc-nam-1:3.1\\(1a\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:cisco:catalyst_6500_ws-svc-nam-2:3.1\\(1a\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:cisco:firewall_services_module:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:cisco:catalyst_7600_ws-svc-nam-2:2.2\\(1a\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:catos:5.4\\(1\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:cisco:catalyst_6500_ws-x6380-nam:3.1\\(1a\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:cisco:catalyst_7600_ws-svc-nam-2:3.1\\(1a\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:cisco:catalyst_7600_ws-x6380-nam:2.1\\(2\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-01-05T05:00Z",
"lastModifiedDate" : "2008-09-10T19:21Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1003",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-20"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.cisco.com/warp/public/707/cisco-sa-20031215-pix.shtml",
"name" : "20031215 Cisco PIX Vulnerabilities",
"refsource" : "CISCO",
"tags" : [ "Patch", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cisco PIX firewall 5.x.x, and 6.3.1 and earlier, allows remote attackers to cause a denial of service (crash and reload) via an SNMPv3 message when snmp-server is set."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:5.1\\(4.206\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:5.2\\(7\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:5.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(2\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(4\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(3\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(5\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(1\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cisco:pix_firewall:6.2.2_.111:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:5.1\\(4\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:5.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:5.3\\(1\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:5.3\\(1.200\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(4.101\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(1\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:5.2\\(9\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:5.2\\(1\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:5.2\\(2\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(3\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:5.2\\(6\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:5.3\\(3\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(2\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(3.100\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(2\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:5.2\\(3.210\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:5.2\\(5\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:5.3\\(2\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(1\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(1\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(3\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(4\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.3\\(3.102\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.8
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-01-05T05:00Z",
"lastModifiedDate" : "2018-10-30T16:26Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1004",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.cisco.com/warp/public/707/cisco-sa-20031215-pix.shtml",
"name" : "20031215 Cisco PIX Vulnerabilities",
"refsource" : "CISCO",
"tags" : [ "Patch", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cisco PIX firewall 6.2.x through 6.2.3, when configured as a VPN Client, allows remote attackers to cause a denial of service (dropped IPSec tunnel connection) via an IKE Phase I negotiation request to the outside interface of the firewall."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cisco:pix_firewall:6.2.2_.111:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(1\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(2\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(3\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(3.100\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-01-05T05:00Z",
"lastModifiedDate" : "2018-10-30T16:26Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1005",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://lists.apple.com/archives/security-announce/2003/Dec/msg00001.html",
"name" : "APPLE-SA-2003-12-19",
"refsource" : "APPLE",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.auscert.org.au/render.html?it=3704",
"name" : "ESB-2003.0867",
"refsource" : "AUSCERT",
"tags" : [ "Patch" ]
}, {
"url" : "http://secunia.com/advisories/10474/",
"name" : "10474",
"refsource" : "SECUNIA",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.securityfocus.com/bid/9266",
"name" : "9266",
"refsource" : "BID",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The PKI functionality in Mac OS X 10.2.8 and 10.3.2 allows remote attackers to cause a denial of service (service crash) via malformed ASN.1 sequences."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.3.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.3.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-10T19:21Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1006",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/347578",
"name" : "20031215 Buffer overflow/privilege escalation in MacOS X",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/9228",
"name" : "9228",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://docs.info.apple.com/article.html?artnum=61798",
"name" : "http://docs.info.apple.com/article.html?artnum=61798",
"refsource" : "CONFIRM",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/878526",
"name" : "VU#878526",
"refsource" : "CERT-VN",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.securityfocus.com/archive/1/347707",
"name" : "20031216 Re: Buffer overflow/privilege escalation in MacOS X",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/348097",
"name" : "20031219 Re: Buffer overflow/privilege escalation in MacOS X - hfs.util also",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13995",
"name" : "macos-cd9660-bo(13995)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in cd9660.util in Apple Mac OS X 10.0 through 10.3.2 and Apple Mac OS X Server 10.0 through 10.3.2 may allow local users to execute arbitrary code via a long command line parameter."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.0.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.3.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.3.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.3.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.1.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.1.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.1.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.3.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-03-29T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1007",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://docs.info.apple.com/article.html?artnum=61798",
"name" : "http://docs.info.apple.com/article.html?artnum=61798",
"refsource" : "CONFIRM",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/9264",
"name" : "9264",
"refsource" : "BID",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://securitytracker.com/id?1008532",
"name" : "1008532",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14051",
"name" : "applefileserver-dos(14051)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "AppleFileServer (AFS) in Apple Mac OS X 10.2.8 and 10.3.2 does not properly handle certain malformed requests, with unknown impact."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.3.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.3.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-03-29T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1008",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://docs.info.apple.com/article.html?artnum=61798",
"name" : "http://docs.info.apple.com/article.html?artnum=61798",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14195",
"name" : "macos-screen-saver-bypass(14195)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unknown vulnerability in Mac OS X 10.2.8 and 10.3.2 allows local users to bypass the screen saver login window and write a text clipping to the desktop or another application."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.3.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.3.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-03-29T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1009",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://docs.info.apple.com/article.html?artnum=61798",
"name" : "http://docs.info.apple.com/article.html?artnum=61798",
"refsource" : "CONFIRM",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/9110",
"name" : "9110",
"refsource" : "BID",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://www.carrel.org/dhcp-vuln.html",
"name" : "http://www.carrel.org/dhcp-vuln.html",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://docs.info.apple.com/article.html?artnum=32478",
"name" : "http://docs.info.apple.com/article.html?artnum=32478",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13874",
"name" : "macos-dhcp-gain-privileges(13874)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Directory Services in Apple Mac OS X 10.0.2, 10.0.3, 10.2.8, 10.3.2 and Apple Mac OS X Server 10.2 through 10.3.2 accepts authentication server information from unknown LDAP or NetInfo sources as provided by a malicious DHCP server, which allows remote attackers to gain privileges."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.3.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.3.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.3.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-03-29T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1010",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://docs.info.apple.com/article.html?artnum=61798",
"name" : "http://docs.info.apple.com/article.html?artnum=61798",
"refsource" : "CONFIRM",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/9265",
"name" : "9265",
"refsource" : "BID",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14193",
"name" : "macos-fsusage-gain-privileges(14193)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unknown vulnerability in fs_usage in Mac OS X 10.2.8 and 10.3.2 and Mac OS X Server 10.2.8 and 10.3.2 allows local users to gain privileges via unknown attack vectors."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.3.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.2.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x_server:10.3.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-03-29T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1011",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://docs.info.apple.com/article.html?artnum=61798",
"name" : "http://docs.info.apple.com/article.html?artnum=61798",
"refsource" : "CONFIRM",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/8945",
"name" : "8945",
"refsource" : "BID",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/archive/1/343087",
"name" : "20031031 Console Root On OSX up to 10.2.8",
"refsource" : "BUGTRAQ",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13573",
"name" : "macos-ctrlc-gain-access(13573)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Apple Mac OS X 10.0 through 10.2.8 allows local users with a USB keyboard to gain unauthorized access by holding down the CTRL and C keys when the system is booting, which crashes the init process and leaves the user in a root shell."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.0.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.1.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.1.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.1.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-03-29T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1012",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.ethereal.com/appnotes/enpa-sa-00012.html",
"name" : "http://www.ethereal.com/appnotes/enpa-sa-00012.html",
"refsource" : "CONFIRM",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.debian.org/security/2004/dsa-407",
"name" : "DSA-407",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2004-001.html",
"name" : "RHSA-2004:001",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2004-002.html",
"name" : "RHSA-2004:002",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc",
"name" : "20040103-01-U",
"refsource" : "SGI",
"tags" : [ ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000801",
"name" : "CLA-2004:801",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:002",
"name" : "MDKSA-2004:002",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc",
"name" : "20040202-01-U",
"refsource" : "SGI",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10531",
"name" : "10531",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10568",
"name" : "10568",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10570",
"name" : "10570",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A856",
"name" : "oval:org.mitre.oval:def:856",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10202",
"name" : "oval:org.mitre.oval:def:10202",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The SMB dissector in Ethereal before 0.10.0 allows remote attackers to cause a denial of service via a malformed SMB packet that triggers a segmentation fault during processing of Selected packets."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.16:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.14:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.15:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.12:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.13:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-01-05T05:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1013",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.ethereal.com/appnotes/enpa-sa-00012.html",
"name" : "http://www.ethereal.com/appnotes/enpa-sa-00012.html",
"refsource" : "CONFIRM",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2004-001.html",
"name" : "RHSA-2004:001",
"refsource" : "REDHAT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.debian.org/security/2003/dsa-407",
"name" : "DSA-407",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2004-002.html",
"name" : "RHSA-2004:002",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc",
"name" : "20040103-01-U",
"refsource" : "SGI",
"tags" : [ ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000801",
"name" : "CLA-2004:801",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:002",
"name" : "MDKSA-2004:002",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc",
"name" : "20040202-01-U",
"refsource" : "SGI",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10531",
"name" : "10531",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10568",
"name" : "10568",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10570",
"name" : "10570",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A857",
"name" : "oval:org.mitre.oval:def:857",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10097",
"name" : "oval:org.mitre.oval:def:10097",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The Q.931 dissector in Ethereal before 0.10.0, and Tethereal, allows remote attackers to cause a denial of service (crash) via a malformed Q.931, which triggers a null dereference."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.15:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.16:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.13:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.14:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.12:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ethereal_group:ethereal:0.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-01-05T05:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1014",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.uniras.gov.uk/vuls/2004/380375/mime.htm",
"name" : "http://www.uniras.gov.uk/vuls/2004/380375/mime.htm",
"refsource" : "MISC",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=109517732328759&w=2",
"name" : "20040914 Corsaire Security Advisory - Multiple vendor MIME field multiple occurrence issue",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17333",
"name" : "mime-field-filtering-bypass(17333)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME messages that use multiple MIME fields with the same name, which may be interpreted differently by mail clients."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.3.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.3.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:paul_l_daniels:ripmime:1.2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:paul_l_daniels:ripmime:1.2.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.3.14:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.3.15:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:paul_l_daniels:ripmime:1.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:paul_l_daniels:ripmime:1.2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:paul_l_daniels:ripmime:1.3.2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:paul_l_daniels:ripmime:1.3.2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.3.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:paul_l_daniels:ripmime:1.2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:f-secure:internet_gatekeeper:6.32:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:f-secure:internet_gatekeeper:6.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:paul_l_daniels:ripmime:1.2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:f-secure:internet_gatekeeper:6.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:paul_l_daniels:ripmime:1.2.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:paul_l_daniels:ripmime:1.3.2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.3.13:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:f-secure:internet_gatekeeper:6.31:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:paul_l_daniels:ripmime:1.2.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.3.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-10-20T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1015",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.uniras.gov.uk/vuls/2004/380375/mime.htm",
"name" : "http://www.uniras.gov.uk/vuls/2004/380375/mime.htm",
"refsource" : "MISC",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=109525252118936&w=2",
"name" : "20040914 Corsaire Security Advisory - Multiple vendor MIME field whitespace issue",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/9273",
"name" : "mime-tools-incorrect-concatenation(9273)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME messages that use whitespace in an unusual fashion, which may be interpreted differently by mail clients."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.3.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:f-secure:internet_gatekeeper:6.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:f-secure:internet_gatekeeper:6.31:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:paul_l_daniels:ripmime:1.2.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:paul_l_daniels:ripmime:1.2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.3.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.3.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:paul_l_daniels:ripmime:1.2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:paul_l_daniels:ripmime:1.2.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.3.14:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.3.15:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:paul_l_daniels:ripmime:1.2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:f-secure:internet_gatekeeper:6.32:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:paul_l_daniels:ripmime:1.2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:paul_l_daniels:ripmime:1.3.2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:paul_l_daniels:ripmime:1.3.2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:f-secure:internet_gatekeeper:6.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.3.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:paul_l_daniels:ripmime:1.3.2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.3.13:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:paul_l_daniels:ripmime:1.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:paul_l_daniels:ripmime:1.2.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-10-20T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1016",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.uniras.gov.uk/vuls/2004/380375/mime.htm",
"name" : "http://www.uniras.gov.uk/vuls/2004/380375/mime.htm",
"refsource" : "MISC",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=109521027007616&w=2",
"name" : "20040914 Corsaire Security Advisory - Multiple vendor MIME field quoting issue",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17336",
"name" : "mime-quote-filtering-bypass(17336)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME messages that use malformed quoting in MIME headers, parameters, and values, including (1) fields that should not be quoted, (2) duplicate quotes, or (3) missing leading or trailing quote characters, which may be interpreted differently by mail clients."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.3.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.3.13:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:f-secure:internet_gatekeeper:6.32:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:f-secure:internet_gatekeeper:6.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:paul_l_daniels:ripmime:1.2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:paul_l_daniels:ripmime:1.2.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:paul_l_daniels:ripmime:1.3.2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.3.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:f-secure:internet_gatekeeper:6.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:f-secure:internet_gatekeeper:6.31:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:paul_l_daniels:ripmime:1.2.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:paul_l_daniels:ripmime:1.2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:paul_l_daniels:ripmime:1.3.2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.3.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:paul_l_daniels:ripmime:1.2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:paul_l_daniels:ripmime:1.2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:paul_l_daniels:ripmime:1.3.2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.3.15:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:paul_l_daniels:ripmime:1.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:paul_l_daniels:ripmime:1.2.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.3.14:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.3.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-10-20T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1017",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.macromedia.com/devnet/security/security_zone/mpsb03-08.html",
"name" : "http://www.macromedia.com/devnet/security/security_zone/mpsb03-08.html",
"refsource" : "CONFIRM",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/8900",
"name" : "8900",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14013",
"name" : "flash-file-predictable-location(14013)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Macromedia Flash Player before 7,0,19,0 stores a Flash data file in a predictable location that is accessible to web browsers such as Internet Explorer and Opera, which allows remote attackers to read restricted files via vulnerabilities in web browsers whose exploits rely on predictable names."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:macromedia:flash_player:5.0_r50:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:macromedia:flash_player:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:macromedia:flash_player:4.0_r12:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:macromedia:flash_player:5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:macromedia:flash_player:6.0.79.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:macromedia:director:5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:macromedia:flash_player:6.0.47.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:macromedia:flash_player:6.0.65.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:macromedia:flash_player:6.0.29.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:macromedia:flash_player:6.0.40.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-01-05T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1018",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/9254",
"name" : "9254",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www-1.ibm.com/services/continuity/recover1.nsf/mss/MSS-OAR-E01-20",
"name" : "MSS-OAR-E01-20",
"refsource" : "IBM",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14037",
"name" : "aix-enq-format-string(14037)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Format string vulnerability in enq command in AIX 4.3, 5.1, and 5.2 allows local users with rintq group privileges to gain privileges via unknown attack vectors."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:ibm:aix:5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:ibm:aix:5.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:ibm:aix:4.3.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-03-29T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1020",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/347218",
"name" : "20031211 irssi - potential remote crash",
"refsource" : "BUGTRAQ",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:117",
"name" : "MDKSA-2003:117",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13973",
"name" : "irssi-dos(13973)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The format_send_to_gui function in formats.c for irssi before 0.8.9 allows remote IRC users to cause a denial of service (crash)."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:irssi:irssi:0.8.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:irssi:irssi:0.8.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:irssi:irssi:0.8.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:irssi:irssi:0.8.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:irssi:irssi:0.8.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:mandrakesoft:mandrake_linux:9.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:mandrakesoft:mandrake_linux:9.2:*:amd64:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:mandrakesoft:mandrake_linux:9.1:*:ppc:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:mandrakesoft:mandrake_linux:9.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-01-05T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1021",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.5/SCOSA-2005.5.txt",
"name" : "SCOSA-2005.5",
"refsource" : "SCO",
"tags" : [ ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/972598",
"name" : "VU#972598",
"refsource" : "CERT-VN",
"tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.securityfocus.com/bid/12372",
"name" : "12372",
"refsource" : "BID",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://secunia.com/advisories/14012/",
"name" : "14012",
"refsource" : "SECUNIA",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19479",
"name" : "openserver-scosession-gain-privilege(19479)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The scosession program in OpenServer 5.0.6 and 5.0.7 allows local users to gain privileges via crafted strings on the commandline."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:sco:openserver:5.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:sco:openserver:5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:sco:openserver:5.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:sco:openserver:5.0.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:sco:openserver:5.0.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:sco:openserver:5.0.6a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:sco:openserver:5.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:sco:openserver:5.0.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:sco:openserver:5.0.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2005-01-26T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1022",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2004/dsa-416",
"name" : "DSA-416",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/9377",
"name" : "9377",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.ciac.org/ciac/bulletins/o-048.shtml",
"name" : "O-048",
"refsource" : "CIAC",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.osvdb.org/3346",
"name" : "3346",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14154",
"name" : "fspsuite-dot-directory-traversal(14154)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Directory traversal vulnerability in fsp before 2.81.b18 allows remote users to access files outside the FSP root directory."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:debian:fsp:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "2.81.b18",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-01-20T05:00Z",
"lastModifiedDate" : "2017-10-10T01:30Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1023",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/8658",
"name" : "8658",
"refsource" : "BID",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://security.gentoo.org/glsa/glsa-200403-09.xml",
"name" : "GLSA-200403-09",
"refsource" : "GENTOO",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.debian.org/security/2004/dsa-424",
"name" : "DSA-424",
"refsource" : "DEBIAN",
"tags" : [ ]
}, {
"url" : "http://rhn.redhat.com/errata/RHSA-2004-034.html",
"name" : "RHSA-2004:034",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://rhn.redhat.com/errata/RHSA-2004-035.html",
"name" : "RHSA-2004:035",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc",
"name" : "20040201-01-U",
"refsource" : "SGI",
"tags" : [ ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000833",
"name" : "CLA-2004:833",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "http://archive.cert.uni-stuttgart.de/bugtraq/2003/09/msg00309.html",
"name" : "20030919 uninitialized buffer in midnight commander",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2004-014.0.txt",
"name" : "CSSA-2004-014.0",
"refsource" : "CALDERA",
"tags" : [ ]
}, {
"url" : "http://fedoranews.org/updates/FEDORA-2004-058.shtml",
"name" : "FEDORA-2004-058",
"refsource" : "FEDORA",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/archives/fedora-legacy-announce/2004-May/msg00002.html",
"name" : "FLSA:1224",
"refsource" : "FEDORA",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:007",
"name" : "MDKSA-2004:007",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc",
"name" : "20040202-01-U",
"refsource" : "SGI",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10645",
"name" : "10645",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10685",
"name" : "10685",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10716",
"name" : "10716",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10772",
"name" : "10772",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10823",
"name" : "10823",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/11219",
"name" : "11219",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/11262",
"name" : "11262",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/11268",
"name" : "11268",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/9833",
"name" : "9833",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/11296",
"name" : "11296",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=108118433222764&w=2",
"name" : "20040405 [OpenPKG-SA-2004.009] OpenPKG Security Advisory (mc)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13247",
"name" : "midnight-commander-vfssresolvesymlink-bo(13247)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A822",
"name" : "oval:org.mitre.oval:def:822",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Stack-based buffer overflow in vfs_s_resolve_symlink of vfs/direntry.c for Midnight Commander (mc) 4.6.0 and earlier, and possibly later versions, allows remote attackers to execute arbitrary code during symlink conversion."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:midnight_commander:midnight_commander:4.5.52:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:midnight_commander:midnight_commander:4.5.55:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:midnight_commander:midnight_commander:4.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-01-20T05:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1024",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57455",
"name" : "57455",
"refsource" : "SUNALERT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/9280",
"name" : "9280",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/281356",
"name" : "VU#281356",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://secunia.com/advisories/10486",
"name" : "10486",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14065",
"name" : "solaris-lsf-gain-privileges(14065)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1528",
"name" : "oval:org.mitre.oval:def:1528",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unknown vulnerability in the ls-F builtin function in tcsh on Solaris 8 allows local users to create or delete files as other users, and gain privileges."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-01-20T05:00Z",
"lastModifiedDate" : "2018-10-30T16:25Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1025",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-20"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/346948",
"name" : "20031209 Internet Explorer URL parsing vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.zapthedingbat.com/security/ex01/vun1.htm",
"name" : "http://www.zapthedingbat.com/security/ex01/vun1.htm",
"refsource" : "MISC",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/652278",
"name" : "VU#652278",
"refsource" : "CERT-VN",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.us-cert.gov/cas/techalerts/TA04-033A.html",
"name" : "TA04-033A",
"refsource" : "CERT",
"tags" : [ "US Government Resource" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13935",
"name" : "ie-domain-url-spoofing(13935)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A526",
"name" : "oval:org.mitre.oval:def:526",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A513",
"name" : "oval:org.mitre.oval:def:513",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A512",
"name" : "oval:org.mitre.oval:def:512",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A511",
"name" : "oval:org.mitre.oval:def:511",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A510",
"name" : "oval:org.mitre.oval:def:510",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A491",
"name" : "oval:org.mitre.oval:def:491",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A490",
"name" : "oval:org.mitre.oval:def:490",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-004",
"name" : "MS04-004",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a \"%01\" character before an @ sign in the user@domain portion of the URL, which hides the rest of the URL, including the real site, in the address bar, aka the \"Improper URL Canonicalization Vulnerability.\""
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : true
}
},
"publishedDate" : "2004-01-20T05:00Z",
"lastModifiedDate" : "2018-10-12T21:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1026",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-264"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.kb.cert.org/vuls/id/784102",
"name" : "VU#784102",
"refsource" : "CERT-VN",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.safecenter.net/UMBRELLAWEBV4/BackToFramedJpu",
"name" : "http://www.safecenter.net/UMBRELLAWEBV4/BackToFramedJpu",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.us-cert.gov/cas/techalerts/TA04-033A.html",
"name" : "TA04-033A",
"refsource" : "CERT",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=107038202225587&w=2",
"name" : "20031201 Comments on 5 IE vulnerabilities",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106979349517578&w=2",
"name" : "20031125 BackToFramedJpu - a successor of BackToJpu attack",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13846",
"name" : "ie-subframe-xss(13846)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A805",
"name" : "oval:org.mitre.oval:def:805",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A774",
"name" : "oval:org.mitre.oval:def:774",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A745",
"name" : "oval:org.mitre.oval:def:745",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A689",
"name" : "oval:org.mitre.oval:def:689",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A687",
"name" : "oval:org.mitre.oval:def:687",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A643",
"name" : "oval:org.mitre.oval:def:643",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A630",
"name" : "oval:org.mitre.oval:def:630",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-004",
"name" : "MS04-004",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the \"Travel Log Cross Domain Vulnerability.\""
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 9.3
},
"severity" : "HIGH",
"exploitabilityScore" : 8.6,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : true
}
},
"publishedDate" : "2004-01-20T05:00Z",
"lastModifiedDate" : "2018-10-12T21:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1027",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.kb.cert.org/vuls/id/413886",
"name" : "VU#413886",
"refsource" : "CERT-VN",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.safecenter.net/UMBRELLAWEBV4/HijackClickV2",
"name" : "http://www.safecenter.net/UMBRELLAWEBV4/HijackClickV2",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.us-cert.gov/cas/techalerts/TA04-033A.html",
"name" : "TA04-033A",
"refsource" : "CERT",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://www.securitytracker.com/id?1006036",
"name" : "1006036",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=107038202225587&w=2",
"name" : "20031201 Comments on 5 IE vulnerabilities",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106979479719446&w=2",
"name" : "20031125 HijackClickV2 - a successor of HijackClick attack",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13844",
"name" : "ie-method-perform-actions(13844)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A629",
"name" : "oval:org.mitre.oval:def:629",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A534",
"name" : "oval:org.mitre.oval:def:534",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A532",
"name" : "oval:org.mitre.oval:def:532",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A531",
"name" : "oval:org.mitre.oval:def:531",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A530",
"name" : "oval:org.mitre.oval:def:530",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A529",
"name" : "oval:org.mitre.oval:def:529",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A527",
"name" : "oval:org.mitre.oval:def:527",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-004",
"name" : "MS04-004",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the \"Function Pointer Drag and Drop Vulnerability.\""
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-01-20T05:00Z",
"lastModifiedDate" : "2018-10-12T21:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1028",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.safecenter.net/UMBRELLAWEBV4/threadid10008",
"name" : "http://www.safecenter.net/UMBRELLAWEBV4/threadid10008",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/7890",
"name" : "7890",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106979428718705&w=2",
"name" : "20031125 Note for \"Invalid ContentType may disclose cache directory\"",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106979624321665&w=2",
"name" : "20031125 Invalid ContentType may disclose cache directory",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=107038202225587&w=2",
"name" : "20031201 Comments on 5 IE vulnerabilities",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13847",
"name" : "ie-download-directory-disclosure(13847)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The download function of Internet Explorer 6 SP1 allows remote attackers to obtain the cache directory name via an HTTP response with an invalid ContentType and a .htm file, which could allow remote attackers to bypass security mechanisms that rely on random names, as demonstrated by threadid10008."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-01-20T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1029",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.debian.org/security/2004/dsa-425",
"name" : "DSA-425",
"refsource" : "DEBIAN",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:008",
"name" : "MDKSA-2004:008",
"refsource" : "MANDRAKE",
"tags" : [ ]
}, {
"url" : "http://www.securitytracker.com/id?1008748",
"name" : "1008748",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10652",
"name" : "10652",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://lwn.net/Alerts/66805/",
"name" : "ESA-20040119-002",
"refsource" : "ENGARDE",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10668",
"name" : "10668",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10636",
"name" : "10636",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10718",
"name" : "10718",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=107213553214985&w=2",
"name" : "20031221 Re: Remote crash in tcpdump from OpenBSD",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=tcpdump-workers&m=107228187124962&w=2",
"name" : "[tcpdump-workers] 20031224 Seg fault of tcpdump (v 3.8.1 and below) with malformed l2tp packets",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=107193841728533&w=2",
"name" : "20031220 Remote crash in tcpdump from OpenBSD",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/350238/30/21640/threaded",
"name" : "20040119 [ESA-20040119-002] 'tcpdump' multiple vulnerabilities.",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The L2TP protocol parser in tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (infinite loop and memory consumption) via a packet with invalid data to UDP port 1701, which causes l2tp_avp_print to use a bad length value when calling print_octets."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:lbl:tcpdump:3.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:lbl:tcpdump:3.6.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:lbl:tcpdump:3.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:lbl:tcpdump:3.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:lbl:tcpdump:3.5.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:lbl:tcpdump:3.6.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-02-17T05:00Z",
"lastModifiedDate" : "2018-10-19T15:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1030",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/9213",
"name" : "9213",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/909678",
"name" : "VU#909678",
"refsource" : "CERT-VN",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://sh0dan.org/files/dwmrcs372.txt",
"name" : "http://sh0dan.org/files/dwmrcs372.txt",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=107187110617266&w=2",
"name" : "20031219 [Exploit]: DameWare Mini Remote Control Server Overflow Exploit",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=107152094119279&w=2",
"name" : "20031214 DameWare Mini Remote Control Server <= 3.72 Buffer Overflow",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=107392603615840&w=2",
"name" : "20040110 DameWare Mini Remote Control < v3.73 remote exploit by kralor]",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14001",
"name" : "dameware-spoof-packet-bo(14001)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in DameWare Mini Remote Control before 3.73 allows remote attackers to execute arbitrary code via a long pre-authentication request to TCP port 6129."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:dameware_development:mini_remote_control_server:3.70_.0.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:dameware_development:mini_remote_control_server:3.71_.0.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:dameware_development:mini_remote_control_server:3.72_.0.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-02-17T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1031",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0078.html",
"name" : "20030808 VBulletin New Member XSS Vulnerability",
"refsource" : "VULNWATCH",
"tags" : [ "Exploit", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in register.php for vBulletin 3.0 Beta 2 allows remote attackers to inject arbitrary HTML or web script via optional fields such as (1) \"Interests-Hobbies\", (2) \"Biography\", or (3) \"Occupation.\""
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:jelsoft:vbulletin:3.0_beta_2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-02-17T05:00Z",
"lastModifiedDate" : "2008-09-05T20:35Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1032",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/7787",
"name" : "7787",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://securitytracker.com/id?1006913",
"name" : "1006913",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105484265218325&w=2",
"name" : "20030605 Re: Tripbit Advisory TA-2003-05 Buffer Overflow Vulnerability in Pi3 Web",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105465813729100&w=2",
"name" : "20030602 Tripbit Advisory TA-2003-05 Buffer Overflow Vulnerability in Pi3 Web",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Pi3Web web server 2.0.2 Beta 1, when the Directory Index is configured to use the \"Name\" column and sort using the column title as a hyperlink, allows remote attackers to cause a denial of service (crash) via a malformed URL to the web server, possibly involving a buffer overflow."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:pi3:pi3web:2.0.2_beta_1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-02-17T05:00Z",
"lastModifiedDate" : "2016-12-20T02:59Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1033",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/7407",
"name" : "7407",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://listserv.sap.com/pipermail/sapdb.sources/2003-April/000143.html",
"name" : "[SAP DB Dev] 20030422 Security Alert: Development Tools",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/7408",
"name" : "7408",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105103613727471&w=2",
"name" : "20030422 SRT2003-04-22-1336 - SAP DB Development Tools install flaw",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11842",
"name" : "sap-db-gain-privileges(11842)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The (1) instdbmsrv and (2) instlserver programs in SAP DB Development Tools 7.x trust the user-provided INSTROOT environment variable as a path when assigning setuid permissions to the lserver program, which allows local users to gain root privileges via a modified INSTROOT that points to a malicious dbmsrv or lserver program."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sap:sap_db:7.3.00:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sap:sap_db:7.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-04-15T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1034",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/7242",
"name" : "7242",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104914778303805&w=2",
"name" : "20030331 SRT2003-03-31-1219 - SAP world writable server binaries",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11669",
"name" : "sap-db-world-writable(11669)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The RPM installation of SAP DB 7.x creates the (1) dbmsrv or (2) lserver programs with world-writable permissions, which allows local users to gain privileges by modifying those programs."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:sap:sap_db:7.3.00:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:sap:sap_db:7.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-04-15T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1035",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/7007",
"name" : "7007",
"refsource" : "BID",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-March/004039.html",
"name" : "20030304 SAP R/3, account locking and RFC SDK",
"refsource" : "FULLDISC",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11487",
"name" : "sap-sapinfo-lockout-bypass(11487)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/451378/100/0/threaded",
"name" : "20061112 Old SAP exploits",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The default installation of SAP R/3 46C/D allows remote attackers to bypass account locking by using the RFC API instead of the SAPGUI to conduct a brute force password guessing attack, which does not lock out the account like the SAPGUI does."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sap:sapgui:4.6d:*:windows:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sap:sap_r_3:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sap:sapgui:4.6c:*:windows:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-04-15T04:00Z",
"lastModifiedDate" : "2018-10-19T15:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1036",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.phenoelit.de/stuff/Phenoelit20c3.pd",
"name" : "http://www.phenoelit.de/stuff/Phenoelit20c3.pd",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14186",
"name" : "sap-multiple-bo(14186)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple buffer overflows in the AGate component for SAP Internet Transaction Server (ITS) allow remote attackers to execute arbitrary code via long (1) ~command, (2) ~runtimemode, or (3) ~session parameters, or (4) a long HTTP Content-Type header."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sap:internet_transaction_server:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "4.6_pl463",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sap:internet_transaction_server:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "6.10_pl30",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sap:internet_transaction_server:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "6.20_pl7",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-04-15T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1037",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.phenoelit.de/stuff/Phenoelit20c3.pd",
"name" : "http://www.phenoelit.de/stuff/Phenoelit20c3.pd",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://securitytracker.com/id?1009453",
"name" : "1009453",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15514",
"name" : "sap-wgate-format-string(15514)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Format string vulnerability in the WGate component for SAP Internet Transaction Server (ITS) allows remote attackers to execute arbitrary code via a high \"trace level.\""
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sap:internet_transaction_server:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "6.10_pl30",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sap:internet_transaction_server:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "6.20_pl7",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sap:internet_transaction_server:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "4.6_pl463",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-04-15T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1038",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.phenoelit.de/stuff/Phenoelit20c3.pd",
"name" : "http://www.phenoelit.de/stuff/Phenoelit20c3.pd",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15516",
"name" : "sap-agate-path-disclosure(15516)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The AGate component for SAP Internet Transaction Server (ITS) allows remote attackers to obtain sensitive information via a ~command parameter with an AgateInstallCheck value, which provides a list of installed DLLs and full pathnames."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sap:internet_transaction_server:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "4.6_pl463",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sap:internet_transaction_server:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "6.10_pl30",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sap:internet_transaction_server:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "6.20_pl7",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-04-15T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1039",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.phenoelit.de/stuff/Phenoelit20c3.pd",
"name" : "http://www.phenoelit.de/stuff/Phenoelit20c3.pd",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15513",
"name" : "mysap-host-header-bo(15513)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple buffer overflows in the mySAP.com architecture for SAP allow remote attackers to execute arbitrary code via a long HTTP Host header to (1) Message Server, (2) Web Dispatcher, or (3) Application Server."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sap:mysap_business_suite:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-04-15T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1040",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20040204-01-U.asc",
"name" : "20040204-01-U",
"refsource" : "SGI",
"tags" : [ ]
}, {
"url" : "http://www.novell.com/linux/security/advisories/2003_049_kernel.html",
"name" : "SuSE-SA:2003:049",
"refsource" : "SUSE",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2004-065.html",
"name" : "RHSA-2004:065",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2004-069.html",
"name" : "RHSA-2004:069",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2004-106.html",
"name" : "RHSA-2004:106",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2004-188.html",
"name" : "RHSA-2004:188",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000820",
"name" : "CLSA-2004:820",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15577",
"name" : "linux-kmod-signals-dos(15577)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9423",
"name" : "oval:org.mitre.oval:def:9423",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "http://linux.bkbits.net:8080/linux-2.4/diffs/kernel/kmod.c@1.6?nav=index.html|src/|src/kernel|hist/kernel/kmod.c",
"name" : "http://linux.bkbits.net:8080/linux-2.4/diffs/kernel/kmod.c@1.6?nav=index.html|src/|src/kernel|hist/kernel/kmod.c",
"refsource" : "CONFIRM",
"tags" : [ "Broken Link" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "kmod in the Linux kernel does not set its uid, suid, gid, or sgid to 0, which allows local users to cause a denial of service (crash) by sending certain signals to kmod."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.4.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 2.1
},
"severity" : "LOW",
"exploitabilityScore" : 3.9,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-04-15T04:00Z",
"lastModifiedDate" : "2018-08-13T21:47Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1041",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/348521",
"name" : "20031230 IE 5.x-6.0 allows executing arbitrary programs using showHelp()",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/9320",
"name" : "9320",
"refsource" : "BID",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://www.us-cert.gov/cas/techalerts/TA04-196A.html",
"name" : "TA04-196A",
"refsource" : "CERT",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/187196",
"name" : "VU#187196",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14105",
"name" : "ie-showhelp-directory-traversal(14105)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A956",
"name" : "oval:org.mitre.oval:def:956",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3514",
"name" : "oval:org.mitre.oval:def:3514",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1943",
"name" : "oval:org.mitre.oval:def:1943",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1186",
"name" : "oval:org.mitre.oval:def:1186",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-023",
"name" : "MS04-023",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Internet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing \"..\" (dot dot) sequences and a filename that ends in \"::\" which is treated as a .chm file even if it does not have a .chm extension. NOTE: this bug may overlap CVE-2004-0475."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-06-14T04:00Z",
"lastModifiedDate" : "2018-10-12T21:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1042",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/8953",
"name" : "8953",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000774",
"name" : "CLA-2003:774",
"refsource" : "CONECTIVA",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/archive/1/343185",
"name" : "20031103 [BUGZILLA] Security Advisory - SQL injection, information leak",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://bugzilla.mozilla.org/show_bug.cgi?id=214290",
"name" : "http://bugzilla.mozilla.org/show_bug.cgi?id=214290",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13594",
"name" : "bugzilla-productname-sql-injection(13594)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "SQL injection vulnerability in collectstats.pl for Bugzilla 2.16.3 and earlier allows remote authenticated users with editproducts privileges to execute arbitrary SQL via the product name."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.12:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.16:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.16.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.16.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.16.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.17.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.17.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.17.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-08-18T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1043",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/8953",
"name" : "8953",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000774",
"name" : "CLA-2003:774",
"refsource" : "CONECTIVA",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/archive/1/343185",
"name" : "20031103 [BUGZILLA] Security Advisory - SQL injection, information leak",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://bugzilla.mozilla.org/show_bug.cgi?id=219044",
"name" : "http://bugzilla.mozilla.org/show_bug.cgi?id=219044",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13596",
"name" : "bugzilla-url-sql-injection(13596)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "SQL injection vulnerability in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, allows remote authenticated users with editkeywords privileges to execute arbitrary SQL via the id parameter to editkeywords.cgi."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.17.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.16:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.16.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.16.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.17.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.17.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.12:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.16.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-08-18T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1044",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/8953",
"name" : "8953",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/archive/1/343185",
"name" : "20031103 [BUGZILLA] Security Advisory - SQL injection, information leak",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://bugzilla.mozilla.org/show_bug.cgi?id=219690",
"name" : "http://bugzilla.mozilla.org/show_bug.cgi?id=219690",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000774",
"name" : "CLA-2003:774",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13597",
"name" : "bugzilla-groupid-gain-privileges(13597)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "editproducts.cgi in Bugzilla 2.16.3 and earlier, when usebuggroups is enabled, does not properly remove group add privileges from a group that is being deleted, which allows users with those privileges to perform unauthorized additions to the next group that is assigned with the original group ID."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.17.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.17.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.17.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.12:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.16.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.16.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.16:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.16.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-08-18T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1045",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/8953",
"name" : "8953",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://bugzilla.mozilla.org/show_bug.cgi?id=209376",
"name" : "http://bugzilla.mozilla.org/show_bug.cgi?id=209376",
"refsource" : "CONFIRM",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/archive/1/343185",
"name" : "20031103 [BUGZILLA] Security Advisory - SQL injection, information leak",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000774",
"name" : "CLA-2003:774",
"refsource" : "CONECTIVA",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13600",
"name" : "bugzilla-obtain-information(13600)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "votes.cgi in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, allows remote attackers to read a user's voting page when that user has voted on a restricted bug, which allows remote attackers to read potentially sensitive voting information by modifying the who parameter."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.12:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.16.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.17.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.16:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.16.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.16.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.17.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.17.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-08-18T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1046",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/8953",
"name" : "8953",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/archive/1/343185",
"name" : "20031103 [BUGZILLA] Security Advisory - SQL injection, information leak",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://bugzilla.mozilla.org/show_bug.cgi?id=209742",
"name" : "http://bugzilla.mozilla.org/show_bug.cgi?id=209742",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13602",
"name" : "bugzilla-describecomponents-obtain-info(13602)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "describecomponents.cgi in Bugzilla 2.17.3 and 2.17.4 does not properly verify group membership when bug entry groups are used, which allows remote attackers to list component descriptions for otherwise restricted products."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.12:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.16.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.16.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.17.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.17.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.17.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.16:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.16.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:bugzilla:2.14.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-08-18T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1047",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ ]
} ]
},
"references" : {
"reference_data" : [ ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2004-0540. Reason: This candidate is a duplicate of CVE-2004-0540. Notes: All CVE users should reference CVE-2004-0540 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ ]
},
"impact" : { },
"publishedDate" : "2004-08-06T04:00Z",
"lastModifiedDate" : "2008-09-10T19:21Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1048",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-119"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/8530",
"name" : "8530",
"refsource" : "BID",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/685364",
"name" : "VU#685364",
"refsource" : "CERT-VN",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009445.html",
"name" : "20030902 New Microsoft Internet Explorer mshtml.dll Denial of Service?",
"refsource" : "FULLDISC",
"tags" : [ ]
}, {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009473.html",
"name" : "20040902 AW: [Full-Disclosure] New Microsoft Internet Explorer mshtml.dll",
"refsource" : "FULLDISC",
"tags" : [ ]
}, {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/009506.html",
"name" : "20040903 Re: [Full-Disclosure] New Microsoft Internet Explorer mshtml.dll Denial of Service?",
"refsource" : "FULLDISC",
"tags" : [ ]
}, {
"url" : "http://www.us-cert.gov/cas/techalerts/TA04-212A.html",
"name" : "TA04-212A",
"refsource" : "CERT",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://www.ciac.org/ciac/bulletins/o-191.shtml",
"name" : "O-191",
"refsource" : "CIAC",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16804",
"name" : "ie-mshtml-gif-bo(16804)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A517",
"name" : "oval:org.mitre.oval:def:517",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A509",
"name" : "oval:org.mitre.oval:def:509",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A236",
"name" : "oval:org.mitre.oval:def:236",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A212",
"name" : "oval:org.mitre.oval:def:212",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2100",
"name" : "oval:org.mitre.oval:def:2100",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A206",
"name" : "oval:org.mitre.oval:def:206",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1793",
"name" : "oval:org.mitre.oval:def:1793",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-025",
"name" : "MS04-025",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Double free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:outlook:2000:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:outlook:2000:sr1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:outlook:2002:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:outlook:2002:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:outlook:2002:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:outlook:2000:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:outlook:2000:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-07-27T04:00Z",
"lastModifiedDate" : "2018-10-12T21:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1049",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=IY44841&apar=only",
"name" : "IY44841",
"refsource" : "AIXAPAR",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/9243",
"name" : "9243",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=IY44842&apar=only",
"name" : "IY44842",
"refsource" : "AIXAPAR",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14030",
"name" : "db2-dms-insecure-permissions(14030)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "IBM DB2 Universal Database 7 before FixPak 12 creates certain DMS directories with insecure permissions (777), which allows local users to modify or delete certain DB2 files."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:db2_universal_database:7.0:*:linux:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:db2_universal_database:8.0:*:linux:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-09-28T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1050",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/343804",
"name" : "20031108 SRT2003-11-06-0710 - IBM DB2 Multiple local security issues",
"refsource" : "BUGTRAQ",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/8990",
"name" : "8990",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.secnetops.com/research/advisories/SRT2003-11-06-0710.txt",
"name" : "http://www.secnetops.com/research/advisories/SRT2003-11-06-0710.txt",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13633",
"name" : "db2-multiple-binaries-bo(13633)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple buffer overflows in IBM DB2 Universal Database 8.1 may allow local users to execute arbitrary code via long command line arguments to (1) db2start, (2) db2stop, or (3) db2govd."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:ibm:db2:9.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-09-28T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1051",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/343804",
"name" : "20031108 SRT2003-11-06-0710 - IBM DB2 Multiple local security issues",
"refsource" : "BUGTRAQ",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/8989",
"name" : "8989",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.secnetops.com/research/advisories/SRT2003-11-06-0710.txt",
"name" : "http://www.secnetops.com/research/advisories/SRT2003-11-06-0710.txt",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13633",
"name" : "db2-multiple-binaries-bo(13633)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple format string vulnerabilities in IBM DB2 Universal Database 8.1 may allow local users to execute arbitrary code via certain command line arguments to (1) db2start, (2) db2stop, or (3) db2govd."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:db2:9.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-09-28T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1052",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/331904",
"name" : "20030805 Slight privilege elevation from bin to root in IBM DB2 7.1 - 8.1 all binaries",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/8346",
"name" : "8346",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12826",
"name" : "ibm-db2-gain-privileges(12826)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "IBM DB2 7.1 and 8.1 allow the bin user to gain root privileges by modifying the shared libraries that are used in setuid root programs."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:db2:9.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:db2_universal_database:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:db2_universal_database:7.0:*:linux:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:db2_universal_database:8.0:*:linux:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:db2_universal_database:8.1:*:aix:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:db2_universal_database:8.2:*:windows:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:db2_universal_database:7.1:*:linux:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:db2_universal_database:7.2:*:linux:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-09-28T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1053",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=213957",
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=213957",
"refsource" : "CONFIRM",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.vuxml.org/freebsd/56971fa6-641c-11d9-a097-000854d03344.html",
"name" : "http://www.vuxml.org/freebsd/56971fa6-641c-11d9-a097-000854d03344.html",
"refsource" : "CONFIRM",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/8770",
"name" : "8770",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/8776",
"name" : "8776",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://secunia.com/advisories/9950",
"name" : "9950",
"refsource" : "SECUNIA",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13359",
"name" : "xshisen-xshisenlib-bo(13359)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13358",
"name" : "xshisen-kconv-bo(13358)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple buffer overflows in XShisen allow attackers to execute arbitrary code via a long (1) -KCONV command line option or (2) XSHISENLIB environment variable."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xshisen:xshisen:1.5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-03T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1054",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-April/004555.html",
"name" : "20030416 [VulnWatch] Apache mod_access_referer denial of service issue",
"refsource" : "FULLDISC",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://sourceforge.net/project/shownotes.php?release_id=151905",
"name" : "http://sourceforge.net/project/shownotes.php?release_id=151905",
"refsource" : "MISC",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.vuxml.org/freebsd/af747389-42ba-11d9-bd37-00065be4b5b6.html",
"name" : "http://www.vuxml.org/freebsd/af747389-42ba-11d9-bd37-00065be4b5b6.html",
"refsource" : "CONFIRM",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7375",
"name" : "7375",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://secunia.com/advisories/8612",
"name" : "8612",
"refsource" : "SECUNIA",
"tags" : [ "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "mod_access_referer 1.0.2 allows remote attackers to cause a denial of service (crash) via a malformed Referer header that is missing a hostname, as parsed by the ap_parse_uri_components function in Apache, which triggers a null dereference."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mod_access_referer:mod_access_referer:1.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-04-16T04:00Z",
"lastModifiedDate" : "2008-09-05T20:35Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1055",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-52222-1",
"name" : "52222",
"refsource" : "SUNALERT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.auscert.org.au/render.html?it=3224",
"name" : "ESB-2003.0461",
"refsource" : "AUSCERT",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.ciac.org/ciac/bulletins/n-113.shtml",
"name" : "N-113",
"refsource" : "CIAC",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7064",
"name" : "7064",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securitytracker.com/id?1006401",
"name" : "1006401",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11641",
"name" : "solaris-nssldapso1-bo(11641)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in the nss_ldap.so.1 library for Sun Solaris 8 and 9 may allow local users to gain root access via a long hostname in an LDAP lookup."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-07-03T04:00Z",
"lastModifiedDate" : "2018-10-30T16:25Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1056",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57443-1",
"name" : "57443",
"refsource" : "SUNALERT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.auscert.org.au/render.html?it=3688",
"name" : "ESB-2003.0851",
"refsource" : "AUSCERT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://secunia.com/advisories/10411",
"name" : "10411",
"refsource" : "SECUNIA",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/9199",
"name" : "9199",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.osvdb.org/2955",
"name" : "2955",
"refsource" : "OSVDB",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13952",
"name" : "solaris-ed1-tmpfile-insecure(13952)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The ed editor for Sun Solaris 2.6, 7, and 8 allows local users to create or overwrite arbitrary files via a symlink attack on temporary files."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-11T05:00Z",
"lastModifiedDate" : "2018-10-30T16:26Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1057",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57441-1",
"name" : "57441",
"refsource" : "SUNALERT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.auscert.org.au/render.html?it=3675",
"name" : "ESB-2003.0844",
"refsource" : "AUSCERT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.ciac.org/ciac/bulletins/o-035.shtml",
"name" : "O-035",
"refsource" : "CIAC",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://secunia.com/advisories/10384",
"name" : "10384",
"refsource" : "SECUNIA",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.osvdb.org/2924",
"name" : "2924",
"refsource" : "OSVDB",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/9170",
"name" : "9170",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13914",
"name" : "cde-dtprintinfo-gain-privileges(13914)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unknown vulnerability in CDE Print Viewer (dtprintinfo) for Sun Solaris 2.6 through 9 may allow local users to execute arbitrary code."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-08T05:00Z",
"lastModifiedDate" : "2018-10-30T16:26Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1058",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57419-1",
"name" : "57419",
"refsource" : "SUNALERT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.ciac.org/ciac/bulletins/o-033.shtml",
"name" : "O-033",
"refsource" : "CIAC",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.osvdb.org/2892",
"name" : "2892",
"refsource" : "OSVDB",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://secunia.com/advisories/10346",
"name" : "10346",
"refsource" : "SECUNIA",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/9147",
"name" : "9147",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13890",
"name" : "solaris-xsun-gain-privileges(13890)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The Xsun server for Sun Solaris 2.6 through 9, when running in Direct Graphics Access (DGA) mode, allows local users to cause a denial of service (Xsun crash) or to create or overwrite arbitrary files on the system, probably via a symlink attack on temporary server files."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:H/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "HIGH",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 3.7
},
"severity" : "LOW",
"exploitabilityScore" : 1.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-03T05:00Z",
"lastModifiedDate" : "2018-10-30T16:26Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1059",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57360-1",
"name" : "57360",
"refsource" : "SUNALERT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.ciac.org/ciac/bulletins/o-029.shtml",
"name" : "O-029",
"refsource" : "CIAC",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/9076",
"name" : "9076",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.osvdb.org/2839",
"name" : "2839",
"refsource" : "OSVDB",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://secunia.com/advisories/10267",
"name" : "10267",
"refsource" : "SECUNIA",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13792",
"name" : "solaris-pgx32-gain-privileges(13792)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unknown vulnerability in the libraries for the PGX32 frame buffer in Solaris 2.5.1 and 2.6 through 9 allows local users to gain root access."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-20T05:00Z",
"lastModifiedDate" : "2018-10-30T16:26Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1060",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57406-1",
"name" : "57406",
"refsource" : "SUNALERT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/8929",
"name" : "8929",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13547",
"name" : "solaris-nfs-ufs-dos(13547)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The NFS Server for Solaris 7, 8, and 9 allows remote attackers to cause a denial of service (UFS panic) via certain invalid UFS requests, which triggers a null dereference."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-27T05:00Z",
"lastModifiedDate" : "2018-10-30T16:26Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1061",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57080-1",
"name" : "57080",
"refsource" : "SUNALERT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/8836",
"name" : "8836",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13434",
"name" : "solaris-race-dos(13434)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Race condition in Solaris 2.6 through 9 allows local users to cause a denial of service (kernel panic), as demonstrated via the namefs function, pipe, and certain STREAMS routines."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:H/Au:N/C:N/I:N/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "HIGH",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 1.2
},
"severity" : "LOW",
"exploitabilityScore" : 1.9,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-14T04:00Z",
"lastModifiedDate" : "2018-10-30T16:26Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1062",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57340-1",
"name" : "57340",
"refsource" : "SUNALERT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/8831",
"name" : "8831",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://secunia.com/advisories/10006/",
"name" : "10006",
"refsource" : "SECUNIA",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13435",
"name" : "solaris-sysinfo-read-memory(13435)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unknown vulnerability in the sysinfo system call for Solaris for SPARC 2.6 through 9, and Solaris for x86 2.6, 7, and 8, allows local users to read kernel memory."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-15T04:00Z",
"lastModifiedDate" : "2018-10-30T16:26Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1063",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-56300-1",
"name" : "56300",
"refsource" : "SUNALERT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.ciac.org/ciac/bulletins/n-134.shtml",
"name" : "N-134",
"refsource" : "CIAC",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/8461",
"name" : "8461",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12942",
"name" : "solaris-cachefs-inetdconf-overwrite(12942)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The patches (1) 105693-13, (2) 108800-02, (3) 105694-13, and (4) 108801-02 for cachefs on Solaris 2.6 and 7 overwrite the inetd.conf file, which may silently reenable services and allow remote attackers to bypass the intended security policy."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-20T04:00Z",
"lastModifiedDate" : "2018-10-30T16:26Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1064",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-55301-1",
"name" : "55301",
"refsource" : "SUNALERT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/370060",
"name" : "VU#370060",
"refsource" : "CERT-VN",
"tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.securityfocus.com/bid/8250",
"name" : "8250",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12680",
"name" : "solaris-ipv6-packet-dos(12680)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Solaris 8 with IPv6 enabled allows remote attackers to cause a denial of service (kernel panic) via a crafted IPv6 packet."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-07-23T04:00Z",
"lastModifiedDate" : "2018-10-30T16:25Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1065",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-55340-1",
"name" : "55340",
"refsource" : "SUNALERT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/8253",
"name" : "8253",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19441",
"name" : "openssh-ldap-dos(19441)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19437",
"name" : "automountd-dos(19437)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unknown vulnerability in patches 108993-14 through 108993-19 and 108994-14 through 108994-19 for Solaris 8 may allow local users to cause a denial of service (automountd crash)."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 2.1
},
"severity" : "LOW",
"exploitabilityScore" : 3.9,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-07-23T04:00Z",
"lastModifiedDate" : "2018-10-30T16:25Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1066",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/324015",
"name" : "20030604 Solaris syslogd overflow",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-55440-1",
"name" : "55440",
"refsource" : "SUNALERT",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7820",
"name" : "7820",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "http://secunia.com/advisories/8944/",
"name" : "8944",
"refsource" : "SECUNIA",
"tags" : [ "Patch" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12194",
"name" : "sun-syslogd-bo(12194)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in the syslog daemon for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (syslogd crash) and possibly execute arbitrary code via long syslog UDP packets."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2018-10-30T16:26Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1067",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-55420-1",
"name" : "55420",
"refsource" : "SUNALERT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.ciac.org/ciac/bulletins/n-108.shtml",
"name" : "N-108",
"refsource" : "CIAC",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7991",
"name" : "7991",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://secunia.com/advisories/9088/",
"name" : "9088",
"refsource" : "SECUNIA",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/64758",
"name" : "64758",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html",
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12379",
"name" : "sun-database-functions-bo(12379)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple buffer overflows in the (1) dbm_open function, as used in ndbm and dbm, and the (2) dbminit function in Solaris 2.6 through 9 allow local users to gain root privileges via long arguments to Xsun or other programs that use these functions."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-19T04:00Z",
"lastModifiedDate" : "2018-10-30T16:26Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1068",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-55260-1",
"name" : "55260",
"refsource" : "SUNALERT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://secunia.com/advisories/8957/",
"name" : "8957",
"refsource" : "SECUNIA",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.ciac.org/ciac/bulletins/n-105.shtml",
"name" : "N-105",
"refsource" : "CIAC",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/7835",
"name" : "7835",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11083",
"name" : "solaris-utmp-update-bo(11083)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in utmp_update for Solaris 2.6 through 9 allows local users to gain root privileges, as identified by Sun BugID 4659277, a different vulnerability than CVE-2003-1082."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-06T04:00Z",
"lastModifiedDate" : "2018-10-30T16:26Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1069",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-54181-1",
"name" : "54181",
"refsource" : "SUNALERT",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7794",
"name" : "7794",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "http://secunia.com/advisories/8935/",
"name" : "8935",
"refsource" : "SECUNIA",
"tags" : [ "Patch" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12140",
"name" : "sun-intelnetd-dos(12140)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The Telnet daemon (in.telnetd) for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (CPU consumption by infinite loop)."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-03T04:00Z",
"lastModifiedDate" : "2018-10-30T16:26Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1070",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-50922-1",
"name" : "50922",
"refsource" : "SUNALERT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7455",
"name" : "7455",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://secunia.com/advisories/8685/",
"name" : "8685",
"refsource" : "SECUNIA",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11906",
"name" : "sun-rpcbind-dos(11906)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unknown vulnerability in rpcbind for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (rpcbind crash)."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-04-28T04:00Z",
"lastModifiedDate" : "2018-10-30T16:26Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1071",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/305105",
"name" : "20030103 Solaris 2.x /usr/sbin/wall Advisory",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-51980-1",
"name" : "51980",
"refsource" : "SUNALERT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/944241",
"name" : "VU#944241",
"refsource" : "CERT-VN",
"tags" : [ "Exploit", "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://secunia.com/advisories/7825/",
"name" : "7825",
"refsource" : "SECUNIA",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/6509",
"name" : "6509",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.securitytracker.com/id?1005882",
"name" : "1005882",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://www.securitytracker.com/id?1006682",
"name" : "1006682",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11608",
"name" : "solaris-wall-message-spoofing(11608)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "rpc.walld (wall daemon) for Solaris 2.6 through 9 allows local users to send messages to logged on users that appear to come from arbitrary user IDs by closing stderr before executing wall, then supplying a spoofed from header."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:2.5.1:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 2.1
},
"severity" : "LOW",
"exploitabilityScore" : 3.9,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-01-03T05:00Z",
"lastModifiedDate" : "2018-10-30T16:26Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1072",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-54100-1",
"name" : "54100",
"refsource" : "SUNALERT",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://secunia.com/advisories/8686/",
"name" : "8686",
"refsource" : "SECUNIA",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.securityfocus.com/bid/7454",
"name" : "7454",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11895",
"name" : "sun-lofiadm-dos(11895)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Memory leak in lofiadm in Solaris 8 allows local users to cause a denial of service (kernel memory consumption)."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 2.1
},
"severity" : "LOW",
"exploitabilityScore" : 3.9,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-04-28T04:00Z",
"lastModifiedDate" : "2018-10-30T16:25Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1073",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-50161-1",
"name" : "50161",
"refsource" : "SUNALERT",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://secunia.com/advisories/7960/",
"name" : "7960",
"refsource" : "SECUNIA",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.securityfocus.com/archive/1/308577",
"name" : "20030127 Sun Microsystems Solaris at -r job name handling and race condition vulnerabilities",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0044.html",
"name" : "20030127 Sun Microsystems Solaris at -r job name handling and race condition vulnerabilities",
"refsource" : "VULNWATCH",
"tags" : [ ]
}, {
"url" : "http://isec.pl/vulnerabilities/isec-0008-sun-at.txt",
"name" : "http://isec.pl/vulnerabilities/isec-0008-sun-at.txt",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.ciac.org/ciac/bulletins/n-070.shtml",
"name" : "N-070",
"refsource" : "CIAC",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6692",
"name" : "6692",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6693",
"name" : "6693",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.securitytracker.com/id?1005994",
"name" : "1005994",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11180",
"name" : "solaris-at-race-condition(11180)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11179",
"name" : "solaris-at-directory-traversal(11179)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "A race condition in the at command for Solaris 2.6 through 9 allows local users to delete arbitrary files via the -r argument with .. (dot dot) sequences in the job name, then modifying the directory structure after at checks permissions to delete the file and before the deletion actually takes place."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:H/Au:N/C:N/I:P/A:N",
"accessVector" : "LOCAL",
"accessComplexity" : "HIGH",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 1.2
},
"severity" : "LOW",
"exploitabilityScore" : 1.9,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2018-10-30T16:26Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1074",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-52111-1",
"name" : "52111",
"refsource" : "SUNALERT",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.ciac.org/ciac/bulletins/n-069.shtml",
"name" : "N-069",
"refsource" : "CIAC",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/8454/",
"name" : "8454",
"refsource" : "SECUNIA",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.securityfocus.com/bid/7252",
"name" : "7252",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.securitytracker.com/id?1006411",
"name" : "1006411",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11657",
"name" : "solaris-newtask-root-access(11657)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unknown vulnerability in newtask for Solaris 9 allows local users to gain root privileges."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-03-28T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1075",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-50240-1",
"name" : "50240",
"refsource" : "SUNALERT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://secunia.com/advisories/7968/",
"name" : "7968",
"refsource" : "SECUNIA",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/6709",
"name" : "6709",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.securitytracker.com/id?1005996",
"name" : "1005996",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11186",
"name" : "solaris-ftpd-dos(11186)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unknown vulnerability in the FTP server (in.ftpd) for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (temporary FTP server hang), which affects other active mode FTP clients."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-01-27T05:00Z",
"lastModifiedDate" : "2018-10-30T16:26Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1076",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-50904-1",
"name" : "50904",
"refsource" : "SUNALERT",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.ciac.org/ciac/bulletins/n-050.shtml",
"name" : "N-050",
"refsource" : "CIAC",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/8235/",
"name" : "8235",
"refsource" : "SECUNIA",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.securityfocus.com/bid/7033",
"name" : "7033",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.securitytracker.com/id?1006234",
"name" : "1006234",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11496",
"name" : "solaris-sendmail-forward-privileges(11496)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unknown vulnerability in sendmail for Solaris 7, 8, and 9 allows local users to cause a denial of service (unknown impact) and possibly gain privileges via certain constructs in a .forward file."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2018-10-30T16:26Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1077",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-51300-1",
"name" : "51300",
"refsource" : "SUNALERT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://secunia.com/advisories/8234/",
"name" : "8234",
"refsource" : "SECUNIA",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7032",
"name" : "7032",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.securitytracker.com/id?1006233",
"name" : "1006233",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11481",
"name" : "solaris-ufs-logging-dos(11481)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unknown vulnerability in UFS for Solaris 9 for SPARC, with logging enabled, allows local users to cause a denial of service (UFS file system hang)."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 2.1
},
"severity" : "LOW",
"exploitabilityScore" : 3.9,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-03-05T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1078",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-51081-1",
"name" : "51081",
"refsource" : "SUNALERT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://secunia.com/advisories/8186/",
"name" : "8186",
"refsource" : "SECUNIA",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/6989",
"name" : "6989",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.securitytracker.com/id?1006195",
"name" : "1006195",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11436",
"name" : "solaris-ftp-plaintext-password(11436)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The FTP client for Solaris 2.6, 7, and 8 with the debug (-d) flag enabled displays the user password on the screen during login."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-02-28T05:00Z",
"lastModifiedDate" : "2018-10-30T16:26Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1079",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-50626-1",
"name" : "50626",
"refsource" : "SUNALERT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://secunia.com/advisories/8092/",
"name" : "8092",
"refsource" : "SECUNIA",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/6883",
"name" : "6883",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.securitytracker.com/id?1006131",
"name" : "1006131",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11368",
"name" : "solaris-udp-rpc-dos(11368)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unknown vulnerability in UDP RPC for Solaris 2.5.1 through 9 for SPARC, and 2.5.1 through 8 for x86, allows remote attackers to cause a denial of service (memory consumption) via certain arguments in RPC calls that cause large amounts of memory to be allocated."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:2.5.1:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-02-18T05:00Z",
"lastModifiedDate" : "2018-10-30T16:26Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1080",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-50751-1",
"name" : "50751",
"refsource" : "SUNALERT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://secunia.com/advisories/8058/",
"name" : "8058",
"refsource" : "SECUNIA",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/6838",
"name" : "6838",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.securitytracker.com/id?1006084",
"name" : "1006084",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11303",
"name" : "solaris-mail-unauthorized-access(11303)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unknown vulnerability in mail for Solaris 2.6 through 9 allows local users to read the email of other users."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:H/Au:N/C:P/I:N/A:N",
"accessVector" : "LOCAL",
"accessComplexity" : "HIGH",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 1.2
},
"severity" : "LOW",
"exploitabilityScore" : 1.9,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-02-11T05:00Z",
"lastModifiedDate" : "2018-10-30T16:26Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1081",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-264"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-46903-1",
"name" : "46903",
"refsource" : "SUNALERT",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.auscert.org.au/render.html?it=3411&cid=1",
"name" : "ESB-2003.0621",
"refsource" : "AUSCERT",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/464817",
"name" : "VU#464817",
"refsource" : "CERT-VN",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.ciac.org/ciac/bulletins/o-001.shtml",
"name" : "O-001",
"refsource" : "CIAC",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/5698",
"name" : "5698",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10105",
"name" : "solaris-aspppls-tmpfile-symlink(10105)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Aspppls for Solaris 8 allows local users to overwrite arbitrary files via a symlink attack on the .asppp.fifo temporary file."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-09-09T04:00Z",
"lastModifiedDate" : "2018-10-30T16:25Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1082",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-50008-1",
"name" : "50008",
"refsource" : "SUNALERT",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/596748",
"name" : "VU#596748",
"refsource" : "CERT-VN",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.ciac.org/ciac/bulletins/n-105.shtml",
"name" : "N-105",
"refsource" : "CIAC",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6639",
"name" : "6639",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/7892",
"name" : "7892",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://www.securitytracker.com/id?1005935",
"name" : "1005935",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11083",
"name" : "solaris-utmp-update-bo(11083)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in utmp_update for Solaris 2.6 through 9 allows local users to gain root privileges, as identified by Sun BugID 4705891, a different vulnerability than CVE-2003-1068."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:7.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:-:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:8.0:*:x86:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2018-10-30T16:26Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1083",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/345417",
"name" : "20031124 Monit 4.1 HTTP interface multiple security vulnerabilities",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://www.tildeslash.com/monit/dist/CHANGES.txt",
"name" : "http://www.tildeslash.com/monit/dist/CHANGES.txt",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://security.gentoo.org/glsa/glsa-200403-14.xml",
"name" : "GLSA-200403-14",
"refsource" : "GENTOO",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/623854",
"name" : "VU#623854",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://www.securityfocus.com/bid/9099",
"name" : "9099",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch" ]
}, {
"url" : "http://secunia.com/advisories/10280",
"name" : "10280",
"refsource" : "SECUNIA",
"tags" : [ "Patch" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13817",
"name" : "monit-http-bo(13817)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Stack-based buffer overflow in Monit 1.4 to 4.1 allows remote attackers to execute arbitrary code via a long HTTP request."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:tildeslash:monit:2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:tildeslash:monit:2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:tildeslash:monit:2.4.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:tildeslash:monit:3.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:tildeslash:monit:1.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:tildeslash:monit:1.4.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:tildeslash:monit:2.4.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:tildeslash:monit:2.4.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:tildeslash:monit:2.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:tildeslash:monit:2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:tildeslash:monit:3.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:tildeslash:monit:2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:tildeslash:monit:2.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:tildeslash:monit:3.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:tildeslash:monit:4.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:tildeslash:monit:2.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:tildeslash:monit:4.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1084",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/345417",
"name" : "20031124 Monit 4.1 HTTP interface multiple security vulnerabilities",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.tildeslash.com/monit/dist/CHANGES.txt",
"name" : "http://www.tildeslash.com/monit/dist/CHANGES.txt",
"refsource" : "CONFIRM",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://security.gentoo.org/glsa/glsa-200403-14.xml",
"name" : "GLSA-200403-14",
"refsource" : "GENTOO",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/206382",
"name" : "VU#206382",
"refsource" : "CERT-VN",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.securityfocus.com/bid/9098",
"name" : "9098",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://secunia.com/advisories/10280",
"name" : "10280",
"refsource" : "SECUNIA",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13818",
"name" : "monit-negative-content-dos(13818)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Monit 1.4 to 4.1 allows remote attackers to cause a denial of service (daemon crash) via an HTTP POST request with a negative Content-Length field."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:tildeslash:monit:1.4.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:tildeslash:monit:2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:tildeslash:monit:2.4.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:tildeslash:monit:2.4.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:tildeslash:monit:1.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:tildeslash:monit:2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:tildeslash:monit:2.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:tildeslash:monit:4.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:tildeslash:monit:2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:tildeslash:monit:2.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:tildeslash:monit:2.4.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:tildeslash:monit:2.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:tildeslash:monit:2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:tildeslash:monit:3.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:tildeslash:monit:3.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:tildeslash:monit:3.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:tildeslash:monit:4.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-24T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1085",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/345414",
"name" : "20031123 Thomnson TCM315 Denial of service",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.shellsec.net/leer_advisory.php?id=2",
"name" : "http://www.shellsec.net/leer_advisory.php?id=2",
"refsource" : "MISC",
"tags" : [ "Exploit" ]
}, {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-November/014062.html",
"name" : "20031123 Thomnson TCM315 Denial of service",
"refsource" : "FULLDISC",
"tags" : [ "Exploit" ]
}, {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-November/014068.html",
"name" : "20031124 Thomnson TCM315 Denial of service",
"refsource" : "FULLDISC",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/9091",
"name" : "9091",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "http://secunia.com/advisories/10286",
"name" : "10286",
"refsource" : "SECUNIA",
"tags" : [ "Exploit" ]
}, {
"url" : "http://secunia.com/advisories/14353",
"name" : "14353",
"refsource" : "SECUNIA",
"tags" : [ "Exploit" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=110888093214678&w=2",
"name" : "20050219 Re: [Full-Disclosure] Thomson TCW690 Denial Of Service Vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=full-disclosure&m=110880725322192&w=2",
"name" : "20050219 Thomson TCW690 Denial Of Service Vulnerability",
"refsource" : "FULLDISC",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13815",
"name" : "thomson-http-get-dos(13815)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The HTTP server in the Thomson TWC305, TWC315, and TCW690 cable modem ST42.03.0a allows remote attackers to cause a denial of service (unstable service) via a long GET request, possibly caused by a buffer overflow."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:h:thomson:tcm_cable_modem:305:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:h:thomson:tcm_cable_modem:315:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:h:thomson:tcw_cable_modem:690:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:h:thomson:tcw_cable_modem:690_st42.03.0a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1086",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.pmachine.com/forum/threads.php?id=7274_0_13_0_C",
"name" : "http://www.pmachine.com/forum/threads.php?id=7274_0_13_0_C",
"refsource" : "CONFIRM",
"tags" : [ "Patch" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105638414205498&w=2",
"name" : "20030623 pMachine (PHP) : Include() Security Hole",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "PHP remote file inclusion vulnerability in pm/lib.inc.php in pMachine Free and pMachine Pro 2.2 and 2.2.1 allows remote attackers to execute arbitrary PHP code by modifying the pm_path parameter to reference a URL on a remote web server that contains the code."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:pmachine:pmachine_pro:2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:pmachine:pmachine_pro:2.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:pmachine:pmachine_free:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-17T04:00Z",
"lastModifiedDate" : "2016-10-18T02:39Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1087",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/7827",
"name" : "7827",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "http://secunia.com/advisories/8971",
"name" : "8971",
"refsource" : "SECUNIA",
"tags" : [ "Patch" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=109292319608851&w=2",
"name" : "SSRT3460",
"refsource" : "HP",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12199",
"name" : "hp-diagmond-dos(12199)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unknown vulnerability in diagmond and possibly other applications in HP9000 Series 700/800 running HP-UX B.11.00, B.11.04, B.11.11, and B.11.22 allows remote attackers to cause a denial of service (program failure) via certain network traffic."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.04:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.22:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1088",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://securitytracker.com/id?1013365",
"name" : "1013365",
"refsource" : "SECTRACK",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/8388",
"name" : "8388",
"refsource" : "BID",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://secunia.com/advisories/9497",
"name" : "9497",
"refsource" : "SECUNIA",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106063199925536&w=2",
"name" : "20030811 ZH2003-22SA (security advisory): Zorum XSS Vulnerability and Path Disclosure",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12867",
"name" : "zorum-index-xss(12867)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in index.php for Zorum 3.4 and 3.5 allows remote attackers to inject arbitrary web script or HTML via the method parameter."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phpoutsourcing:zorum:3.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phpoutsourcing:zorum:3.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phpoutsourcing:zorum:3.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phpoutsourcing:zorum:3.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phpoutsourcing:zorum:3.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phpoutsourcing:zorum:3.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-11T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1089",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://securitytracker.com/id?1013365",
"name" : "1013365",
"refsource" : "SECTRACK",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/8396",
"name" : "8396",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106063199925536&w=2",
"name" : "20030811 ZH2003-22SA (security advisory): Zorum XSS Vulnerability and Path Disclosure",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12868",
"name" : "zorum-index-path-disclosure(12868)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "index.php for Zorum 3.4 allows remote attackers to determine the full path of the web root via invalid parameter names, which reveals the path in a PHP error message."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phpoutsourcing:zorum:3.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1090",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.kb.cert.org/vuls/id/666073",
"name" : "VU#666073",
"refsource" : "CERT-VN",
"tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.securityfocus.com/bid/6785",
"name" : "6785",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.osvdb.org/16024",
"name" : "16024",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104454984001076&w=2",
"name" : "20030206 AbsoluteTelnet 2.00 buffer overflow.",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11265",
"name" : "absolutetelnet-title-bar-bo(11265)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in AbsoluteTelnet before 2.12 RC10 allows remote attackers to execute arbitrary code via a long window title."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:celestial_software:absolutetelnet:2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:celestial_software:absolutetelnet:2.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-02-06T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1091",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-05/0245.html",
"name" : "20030522 QuickTime/Darwin Streaming Server security issues",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/148564",
"name" : "VU#148564",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource", "Third Party Advisory" ]
}, {
"url" : "http://securitytracker.com/id?1006822",
"name" : "1006822",
"refsource" : "SECTRACK",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/7660",
"name" : "7660",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12054",
"name" : "darwin-mp3broadcaster-code-execution(12054)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Integer overflow in MP3Broadcaster for Apple QuickTime/Darwin Streaming Server 4.1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via malformed ID3 tags in MP3 files."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:apple:quicktime_broadcaster:4.1.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1092",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/313847",
"name" : "OpenPKG-SA-2003.017",
"refsource" : "OPENPKG",
"tags" : [ ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/100937",
"name" : "VU#100937",
"refsource" : "CERT-VN",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.securityfocus.com/bid/7009",
"name" : "7009",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11488",
"name" : "file-afctr-memory-allocation(11488)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unknown vulnerability in the \"Automatic File Content Type Recognition (AFCTR) Tool version of the file package before 3.41, related to \"a memory allocation problem,\" has unknown impact."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:christos_zoulas:file_1:3.35:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:christos_zoulas:file_1:3.36:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:christos_zoulas:file_1:3.33:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:christos_zoulas:file_1:3.34:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:christos_zoulas:file_1:3.28:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:christos_zoulas:file_1:3.37:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:christos_zoulas:file_1:3.39:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:christos_zoulas:file_1:3.30:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:christos_zoulas:file_1:3.32:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:christos_zoulas:file_1:3.40:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1093",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-24.jsp",
"name" : "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-24.jsp",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/331937",
"name" : "VU#331937",
"refsource" : "CERT-VN",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.securityfocus.com/bid/6586",
"name" : "6586",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11057",
"name" : "weblogic-error-password-disclosure(11057)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "BEA WebLogic Server 6.1, 7.0 and 7.0.0.1, when routing messages to a JMS target domain that is inaccessible, may leak the user's password when it throws a ResourceAllocationException."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1094",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-35.jsp",
"name" : "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-35.jsp",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/999788",
"name" : "VU#999788",
"refsource" : "CERT-VN",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.securityfocus.com/bid/8320",
"name" : "8320",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12799",
"name" : "weblogic-gain-privileges(12799)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "BEA WebLogic Server and Express version 7.0 SP3 may follow certain code execution paths that result in an incorrect current user, such as in the frequent use of JNDI initial contexts, which could allow remote authenticated users to gain privileges."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp3:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp3:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1095",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-27.jsp",
"name" : "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-27.jsp",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/691153",
"name" : "VU#691153",
"refsource" : "CERT-VN",
"tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.securityfocus.com/bid/7130",
"name" : "7130",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11555",
"name" : "weblogic-app-reauthentication-bypass(11555)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "BEA WebLogic Server and Express 7.0 and 7.0.0.1, when using \"memory\" session persistence for web applications, does not clear authentication information when a web application is redeployed, which could allow users of that application to gain access without having to re-authenticate."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp1:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:*:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:win32:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-03-18T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1096",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.cisco.com/warp/public/707/cisco-sn-20030802-leap.shtml",
"name" : "20030803 Dictionary Attack on Cisco LEAP Vulnerability",
"refsource" : "CISCO",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/archive/1/340365",
"name" : "20031006 Weaknesses in LEAP Challenge/Response",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/340119",
"name" : "20031003 Dictionary attack against Cisco's LEAP, Wireless LANs vulnerable",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/473108",
"name" : "VU#473108",
"refsource" : "CERT-VN",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.securityfocus.com/bid/8755",
"name" : "8755",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.osvdb.org/15209",
"name" : "15209",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=108135227731965&w=2",
"name" : "20040407 Release of Cisco Attack tool Asleap",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12804",
"name" : "cisco-leap-dictionary(12804)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The Cisco LEAP challenge/response authentication mechanism uses passwords in a way that is susceptible to dictionary attacks, which makes it easier for remote attackers to gain privileges via brute force password guessing attacks."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cisco:leap:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1097",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-04/0374.html",
"name" : "20030429 HPUX rexec buffer overflow vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/CRDY-5MJKM4",
"name" : "HPSBUX0304-257",
"refsource" : "HP",
"tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/322540",
"name" : "VU#322540",
"refsource" : "CERT-VN",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.ciac.org/ciac/bulletins/n-088.shtml",
"name" : "N-088",
"refsource" : "CIAC",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.securityfocus.com/bid/7459",
"name" : "7459",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11890",
"name" : "hp-rexec-command-bo(11890)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5611",
"name" : "oval:org.mitre.oval:def:5611",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in rexec on HP-UX B.10.20, B.11.00, and B.11.04, when setuid root, may allow local users to gain privileges via a long -l option."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.30:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.34:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.20:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.24:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.26:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.22:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.04:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.16:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.20:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1098",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.kb.cert.org/vuls/id/IAFY-5HVQDJ",
"name" : "HPSBUX0301-238",
"refsource" : "HP",
"tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/862401",
"name" : "VU#862401",
"refsource" : "CERT-VN",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.securityfocus.com/bid/6638",
"name" : "6638",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.securitytracker.com/id?1005936",
"name" : "1005936",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11094",
"name" : "hp-xserver-gain-privileges(11094)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5765",
"name" : "oval:org.mitre.oval:def:5765",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The Xserver for HP-UX 11.22 was not properly built, which introduced a vulnerability that allows local users to gain privileges."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.22:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1099",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.kb.cert.org/vuls/id/CRDY-5VFQA3",
"name" : "HPSBUX0312-304",
"refsource" : "HP",
"tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/509454",
"name" : "VU#509454",
"refsource" : "CERT-VN",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.ciac.org/ciac/bulletins/o-032.shtml",
"name" : "O-032",
"refsource" : "CIAC",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.securityfocus.com/bid/9141",
"name" : "9141",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "http://secunia.com/advisories/10339",
"name" : "10339",
"refsource" : "SECUNIA",
"tags" : [ "Patch" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13882",
"name" : "hp-shar-tmpfile-symlink(13882)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5788",
"name" : "oval:org.mitre.oval:def:5788",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "shar on HP-UX B.11.00, B.11.04, and B.11.11 creates temporary files with predictable names in /tmp, which allows local users to cause a denial of service and possibly execute arbitrary code via a symlink attack."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.04:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 2.1
},
"severity" : "LOW",
"exploitabilityScore" : 3.9,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1100",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.procheckup.com/security_info/vuln_pr0305.html",
"name" : "http://www.procheckup.com/security_info/vuln_pr0305.html",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/488684",
"name" : "VU#488684",
"refsource" : "CERT-VN",
"tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.securityfocus.com/bid/8815",
"name" : "8815",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/9985",
"name" : "9985",
"refsource" : "SECUNIA",
"tags" : [ "Patch" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13399",
"name" : "hummingbird-docsfusionserver-multiple-xss(13399)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Hummingbird CyberDOCS 3.5.1, 3.9, and 4.0 allow remote attackers to inject arbitrary web script or HTML via certain vectors."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hummingbird:cyberdocs:3.5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hummingbird:cyberdocs:3.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hummingbird:cyberdocs:4.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1101",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.procheckup.com/security_info/vuln_pr0303.html",
"name" : "http://www.procheckup.com/security_info/vuln_pr0303.html",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/715548",
"name" : "VU#715548",
"refsource" : "CERT-VN",
"tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.securityfocus.com/bid/8816",
"name" : "8816",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/9985",
"name" : "9985",
"refsource" : "SECUNIA",
"tags" : [ "Patch" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13398",
"name" : "Hummingbird-docsfusionserver-disclose-path(13398)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Hummingbird CyberDOCS 3.5.1, 3.9, and 4.0 allows remote attackers to obtain the full path of the DM Web Server via invalid login credentials, which reveals the path in an error message."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hummingbird:cyberdocs:3.5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hummingbird:cyberdocs:3.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hummingbird:cyberdocs:4.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1102",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.procheckup.com/security_info/vuln_pr0302.html",
"name" : "http://www.procheckup.com/security_info/vuln_pr0302.html",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/989580",
"name" : "VU#989580",
"refsource" : "CERT-VN",
"tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://secunia.com/advisories/9985",
"name" : "9985",
"refsource" : "SECUNIA",
"tags" : [ "Patch" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13397",
"name" : "Hummingbird-docsfusionserver-file-access(13397)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Hummingbird CyberDOCS 3.5, 3.9, and 4.0, when running on IIS, uses insecure permissions for script source code files, which allows remote attackers to read the source code."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:hummingbird:cyberdocs:3.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:hummingbird:cyberdocs:4.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:hummingbird:cyberdocs:3.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1103",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.procheckup.com/security_info/vuln_pr0304.html",
"name" : "http://www.procheckup.com/security_info/vuln_pr0304.html",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/368300",
"name" : "VU#368300",
"refsource" : "CERT-VN",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.securityfocus.com/bid/8800",
"name" : "8800",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/9985",
"name" : "9985",
"refsource" : "SECUNIA",
"tags" : [ "Patch" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13401",
"name" : "hummingbird-docsfusionserver-sql-injection(13401)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "SQL injection vulnerability in loginact.asp for Hummingbird CyberDOCS before 3.9 allows remote attackers to execute arbitrary SQL commands."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hummingbird:cyberdocs:3.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hummingbird:cyberdocs:3.5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1104",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-03/0307.html",
"name" : "20030320 IBM Tivoli Firewall Security Toolbox buffer overflow vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/210937",
"name" : "VU#210937",
"refsource" : "CERT-VN",
"tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.securityfocus.com/bid/7154",
"name" : "7154",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "http://secunia.com/advisories/8349",
"name" : "8349",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11584",
"name" : "tivoli-tfst-relay-bo(11584)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in IBM Tivoli Firewall Toolbox (TFST) 1.2 allows remote attackers to execute arbitrary code via unknown vectors."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:tivoli_firewall_toolbox:1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1105",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.kb.cert.org/vuls/id/813208",
"name" : "VU#813208",
"refsource" : "CERT-VN",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13029",
"name" : "ie-input-type-dos(13029)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032",
"name" : "MS03-032",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unknown vulnerability in Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to cause a denial of service (browser or Outlook Express crash) via HTML with certain input tags that are not properly rendered."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.01:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "HIGH",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 2.6
},
"severity" : "LOW",
"exploitabilityScore" : 4.9,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : true
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2018-10-12T21:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1106",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://support.microsoft.com/default.aspx?kbid=330716",
"name" : "330716",
"refsource" : "MSKB",
"tags" : [ ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/155252",
"name" : "VU#155252",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource", "Third Party Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/8195",
"name" : "8195",
"refsource" : "BID",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The SMTP service in Microsoft Windows 2000 before SP4 allows remote attackers to cause a denial of service (crash or hang) via an e-mail message with a malformed time stamp in the FILETIME attribute."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2019-04-30T14:27Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1107",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://support.microsoft.com/default.aspx?scid=kb;en-us;828026",
"name" : "828026",
"refsource" : "MSKB",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/222044",
"name" : "VU#222044",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13375",
"name" : "mediaplayer-dhtml-code-execution(13375)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The DHTML capability in Microsoft Windows Media Player (WMP) 6.4, 7.0, 7.1, and 9 may run certain URL commands from a security zone that is less trusted than the current zone, which allows attackers to bypass intended access restrictions."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:windows_media_player:7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:windows_media_player:7.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:windows_media_player:6.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:windows_media_player:9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "HIGH",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.1
},
"severity" : "MEDIUM",
"exploitabilityScore" : 4.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : true
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1108",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/",
"name" : "http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/",
"refsource" : "MISC",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.cert.org/advisories/CA-2003-06.html",
"name" : "CA-2003-06",
"refsource" : "CERT",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/528719",
"name" : "VU#528719",
"refsource" : "CERT-VN",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.securityfocus.com/bid/6904",
"name" : "6904",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11379",
"name" : "sip-invite(11379)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5831",
"name" : "oval:org.mitre.oval:def:5831",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The Session Initiation Protocol (SIP) implementation in Alcatel OmniPCX Enterprise 5.0 Lx allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:alcatel-lucent:omnipcx:5.0:*:linux:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1109",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/",
"name" : "http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/",
"refsource" : "MISC",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.cisco.com/warp/public/707/cisco-sa-20030221-protos.shtml",
"name" : "20030221 Multiple Product Vulnerabilities Found by PROTOS SIP Test Suite",
"refsource" : "CISCO",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.cert.org/advisories/CA-2003-06.html",
"name" : "CA-2003-06",
"refsource" : "CERT",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/528719",
"name" : "VU#528719",
"refsource" : "CERT-VN",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.securityfocus.com/bid/6904",
"name" : "6904",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.securitytracker.com/id?1006143",
"name" : "1006143",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://www.securitytracker.com/id?1006144",
"name" : "1006144",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://www.securitytracker.com/id?1006145",
"name" : "1006145",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11379",
"name" : "sip-invite(11379)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The Session Initiation Protocol (SIP) implementation in multiple Cisco products including IP Phone models 7940 and 7960, IOS versions in the 12.2 train, and Secure PIX 5.2.9 to 6.2.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "AND",
"children" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(1\\)xd:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(1\\)xd1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(1\\)xq:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(1\\)xs:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(1\\)xs1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(2\\)xb3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(2\\)xb4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(2\\)xi1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(2\\)xi2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(2\\)xu:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(2\\)xu2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2xe:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2xg:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2xl:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(1\\)xa:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(2\\)xh3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(1\\)xe2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2xn:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(2\\)xi:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2xm:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(2\\)xa5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(1\\)xh:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(2\\)xt:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(2\\)xt3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(2\\)xn:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2xd:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(2\\)xa:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(1\\)xe3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2xf:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2xq:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(1\\)xe:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(2\\)xb:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(2\\)xa1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2xr:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(1\\)xd3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(2\\)xk:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2xj:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2xh:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(2\\)xj1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2xb:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(2\\)t4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2xw:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2t:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(1\\)xd4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(2\\)xh2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(2\\)xh:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2xk:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2xc:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(2\\)xj:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(2\\)xk2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(11\\)t:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2xs:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2xi:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(2\\)xf:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2xa:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2\\(2\\)xg:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2xt:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:5.2\\(1\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:5.2\\(2\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:5.3\\(1.200\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:5.3\\(2\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:cisco:ip_phone_7940:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:cisco:ip_phone_7960:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:5.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:5.3\\(1\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.1\\(2\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.2\\(1\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:5.2\\(6\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(1\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.0\\(2\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:5.3\\(3\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:5.2\\(3.210\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:5.2\\(5\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:pix_firewall_software:5.2\\(7\\):*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ],
"cpe_match" : [ ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2018-10-30T16:26Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1110",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/",
"name" : "http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/",
"refsource" : "MISC",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.cs.columbia.edu/~xiaotaow/sipc/ouspg.html",
"name" : "http://www.cs.columbia.edu/~xiaotaow/sipc/ouspg.html",
"refsource" : "CONFIRM",
"tags" : [ "Patch" ]
}, {
"url" : "http://securitytracker.com/id?1006167",
"name" : "1006167",
"refsource" : "SECTRACK",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.cert.org/advisories/CA-2003-06.html",
"name" : "CA-2003-06",
"refsource" : "CERT",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/528719",
"name" : "VU#528719",
"refsource" : "CERT-VN",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.securityfocus.com/bid/6904",
"name" : "6904",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11379",
"name" : "sip-invite(11379)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The Session Initiation Protocol (SIP) implementation in Columbia SIP User Agent (sipc) 1.74 and other versions before sipc 2.0 build 2003-02-21 allows remote attackers to cause a denial of service or execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:columbia_university:sipc:1.74:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1111",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/",
"name" : "http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/",
"refsource" : "MISC",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.dynamicsoft.com/support/advisory/ca-2003-06.php",
"name" : "http://www.dynamicsoft.com/support/advisory/ca-2003-06.php",
"refsource" : "CONFIRM",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.cert.org/advisories/CA-2003-06.html",
"name" : "CA-2003-06",
"refsource" : "CERT",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/528719",
"name" : "VU#528719",
"refsource" : "CERT-VN",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.securityfocus.com/bid/6904",
"name" : "6904",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11379",
"name" : "sip-invite(11379)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The Session Initiation Protocol (SIP) implementation in multiple dynamicsoft products including y and certain demo products for AppEngine allows remote attackers to cause a denial of service or execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:dynamicsoft:appengine:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1112",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/",
"name" : "http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/",
"refsource" : "MISC",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.cert.org/advisories/CA-2003-06.html",
"name" : "CA-2003-06",
"refsource" : "CERT",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/528719",
"name" : "VU#528719",
"refsource" : "CERT-VN",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.securityfocus.com/bid/6904",
"name" : "6904",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11379",
"name" : "sip-invite(11379)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The Session Initiation Protocol (SIP) implementation in Ingate Firewall and Ingate SIParator before 3.1.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:ingate:ingate_firewall:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:ingate:ingate_siparator:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1113",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/",
"name" : "http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/",
"refsource" : "MISC",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.iptel.org/ser/security/",
"name" : "http://www.iptel.org/ser/security/",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.cert.org/advisories/CA-2003-06.html",
"name" : "CA-2003-06",
"refsource" : "CERT",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/528719",
"name" : "VU#528719",
"refsource" : "CERT-VN",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.securityfocus.com/bid/6904",
"name" : "6904",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11379",
"name" : "sip-invite(11379)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The Session Initiation Protocol (SIP) implementation in IPTel SIP Express Router 0.8.9 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:iptel:sip_express_router:0.8.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:iptel:sip_express_router:0.8.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1114",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/",
"name" : "http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/",
"refsource" : "MISC",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.cert.org/advisories/CA-2003-06.html",
"name" : "CA-2003-06",
"refsource" : "CERT",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/528719",
"name" : "VU#528719",
"refsource" : "CERT-VN",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.securityfocus.com/bid/6904",
"name" : "6904",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11379",
"name" : "sip-invite(11379)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The Session Initiation Protocol (SIP) implementation in Mediatrix Telecom VoIP Access Devices and Gateways running SIPv2.4 and SIPv4.3 firmware allows remote attackers to cause a denial of service or execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:mediatrix_telecom:voip_access_devices_and_gateways:sipv2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:mediatrix_telecom:voip_access_devices_and_gateways:sipv2.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1115",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/",
"name" : "http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/",
"refsource" : "MISC",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.cert.org/advisories/CA-2003-06.html",
"name" : "CA-2003-06",
"refsource" : "CERT",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/528719",
"name" : "VU#528719",
"refsource" : "CERT-VN",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.securityfocus.com/bid/6904",
"name" : "6904",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11379",
"name" : "sip-invite(11379)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The Session Initiation Protocol (SIP) implementation in Nortel Networks Succession Communication Server 2000, when using SIP-T, allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:nortel:succession_communication_server_2000:*:*:compact:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:nortel:succession_communication_server_2000:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1116",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.integrigy.com/alerts/FNDFS_Vulnerability.htm",
"name" : "http://www.integrigy.com/alerts/FNDFS_Vulnerability.htm",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://otn.oracle.com/deploy/security/pdf/2003alert53.pdf",
"name" : "http://otn.oracle.com/deploy/security/pdf/2003alert53.pdf",
"refsource" : "CONFIRM",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/168873",
"name" : "VU#168873",
"refsource" : "CERT-VN",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://securitytracker.com/id?1006550",
"name" : "1006550",
"refsource" : "SECTRACK",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.securityfocus.com/bid/7325",
"name" : "7325",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105012832418415&w=2",
"name" : "20030411 Integrigy Security Advisory - Oracle Applications FNDFS Vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11768",
"name" : "oracle-rra-authentication-bypass(11768)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The communications protocol for the Report Review Agent (RRA), aka FND File Server (FNDFS) program, in Oracle E-Business Suite 10.7, 11.0, and 11.5.1 to 11.5.8 allows remote attackers to bypass authentication and obtain sensitive information from the Oracle Applications Concurrent Manager by spoofing requests to the TNS Listener."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:e-business_suite:10.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:e-business_suite:11.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:e-business_suite:11.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:e-business_suite:11.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:e-business_suite:11.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:e-business_suite:11.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:e-business_suite:11.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:e-business_suite:11.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:e-business_suite:11.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:e-business_suite:11.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1117",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://service.real.com/help/faq/security/bufferoverflow.html",
"name" : "http://service.real.com/help/faq/security/bufferoverflow.html",
"refsource" : "CONFIRM",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/143627",
"name" : "VU#143627",
"refsource" : "CERT-VN",
"tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/912219",
"name" : "VU#912219",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://securitytracker.com/id?1003604",
"name" : "1003604",
"refsource" : "SECTRACK",
"tags" : [ "Patch" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11362",
"name" : "realsystem-malformed-url-bo(11362)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in RealSystem Server 6.x, 7.x and 8.x, and RealSystem Proxy 8.x, related to URL error handling, allows remote attackers to cause a denial of service and possibly execute arbitrary code."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:realnetworks:realsystem_server:7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:realnetworks:realsystem_server:8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:realnetworks:realsystem_proxy:8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:realnetworks:realsystem_server:6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1118",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-April/004383.html",
"name" : "20030406 Seti@home information leakage and remote compromise",
"refsource" : "FULLDISC",
"tags" : [ ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/146785",
"name" : "VU#146785",
"refsource" : "CERT-VN",
"tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.securityfocus.com/bid/7292",
"name" : "7292",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11731",
"name" : "seti@home-newline-bo(11731)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in the SETI@home client 3.03 and other versions allows remote attackers to cause a denial of service (client crash) and execute arbitrary code via a spoofed server response containing a long string followed by a \\n (newline) character."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:university_of_california:seti_at_home:3.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:university_of_california:seti_at_home:3.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:university_of_california:seti_at_home:3.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:university_of_california:seti_at_home:3.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:university_of_california:seti_at_home:3.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1119",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.ssh.com/company/newsroom/article/476/",
"name" : "http://www.ssh.com/company/newsroom/article/476/",
"refsource" : "CONFIRM",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/333980",
"name" : "VU#333980",
"refsource" : "CERT-VN",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "SSH Secure Shell before 3.2.9 allows remote attackers to cause a denial of service via malformed BER/DER packets."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ssh:secure_shell:3.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ssh:secure_shell:3.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1120",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.ssh.com/company/newsroom/article/520/",
"name" : "http://www.ssh.com/company/newsroom/article/520/",
"refsource" : "CONFIRM",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/814198",
"name" : "VU#814198",
"refsource" : "CERT-VN",
"tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.securityfocus.com/bid/9956",
"name" : "9956",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "http://securitytracker.com/alerts/2004/Mar/1009532.html",
"name" : "1009532",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/11193",
"name" : "11193",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/displayvuln.php?osvdb_id=4491",
"name" : "4491",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15585",
"name" : "sshtectiaserver-passwdplugin-race-condition(15585)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Race condition in SSH Tectia Server 4.0.3 and 4.0.4 for Unix, when the password change plugin (ssh-passwd-plugin) is enabled, allows local users to obtain the server's private key."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ssh:tectia_server:4.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ssh:tectia_server:4.0.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:H/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "HIGH",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 3.7
},
"severity" : "LOW",
"exploitabilityScore" : 1.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1121",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.kb.cert.org/vuls/id/CRDY-5EXQRP",
"name" : "http://www.kb.cert.org/vuls/id/CRDY-5EXQRP",
"refsource" : "CONFIRM",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/CRDY-5EXQSV",
"name" : "http://www.kb.cert.org/vuls/id/CRDY-5EXQSV",
"refsource" : "CONFIRM",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/609137",
"name" : "VU#609137",
"refsource" : "CERT-VN",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/231705",
"name" : "VU#231705",
"refsource" : "CERT-VN",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.securityfocus.com/bid/7475",
"name" : "7475",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.securityfocus.com/bid/7477",
"name" : "7477",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11921",
"name" : "scriptlogic-runadmin-admin-access(11921)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11920",
"name" : "scriptlogic-rpc-modify-registry(11920)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Services in ScriptLogic 4.01, and possibly other versions before 4.14, process client requests at raised privileges, which allows remote attackers to (1) modify arbitrary registry entries via the ScriptLogic RPC service (SLRPC) or (2) modify arbitrary configuration via the RunAdmin services (SLRAserver.exe and SLRAclient.exe)."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:scriptlogic:scriptlogic:4.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1122",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.kb.cert.org/vuls/id/CRDY-5EXQT9",
"name" : "http://www.kb.cert.org/vuls/id/CRDY-5EXQT9",
"refsource" : "MISC",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/813737",
"name" : "VU#813737",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://www.securityfocus.com/bid/7476",
"name" : "7476",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11922",
"name" : "scriptlogic-logs$-insecure-permissions(11922)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "ScriptLogic 4.01, and possibly other versions before 4.14, uses insecure permissions for the LOGS$ share, which allows users to modify log records and possibly execute arbitrary code."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:scriptlogic:scriptlogic:4.01:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 2.1
},
"severity" : "LOW",
"exploitabilityScore" : 3.9,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1123",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-55100-1",
"name" : "55100",
"refsource" : "SUNALERT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/393292",
"name" : "VU#393292",
"refsource" : "CERT-VN",
"tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://securitytracker.com/id?1006935",
"name" : "1006935",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/7824",
"name" : "7824",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch" ]
}, {
"url" : "http://secunia.com/advisories/8958",
"name" : "8958",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12189",
"name" : "sun-applet-access-information(12189)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Sun Java Runtime Environment (JRE) and SDK 1.4.0_01 and earlier allows untrusted applets to access certain information within trusted applets, which allows attackers to bypass the restrictions of the Java security model."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jdk:1.2.2_10:*:windows:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jdk:1.2.2_11:*:linux:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jdk:1.3.0_05:*:linux:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jdk:1.3.0_05:*:solaris:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jdk:1.3.1_04:*:windows:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jdk:1.3:*:solaris:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jre:1.2.2:update10:linux:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jre:1.2.2:update10:solaris:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jdk:1.2.2_11:*:solaris:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jdk:1.2.2_11:*:windows:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jdk:1.3.0_05:*:windows:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jre:1.3.1_03:*:windows:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jre:1.4.0_01:*:solaris:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jre:1.4.0_01:*:windows:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jdk:1.3.1_01:*:linux:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jre:1.3.0:*:windows:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jre:1.3.1_03:*:solaris:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jre:1.3.1:update1:solaris:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jdk:1.4.0_01:*:windows:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jre:1.3.0:update2:linux:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jre:1.3.0:*:solaris:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jre:1.3.1:*:linux:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jre:1.3.1:update1:linux:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jdk:1.2.2:*:solaris:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jre:1.2.2:update10:windows:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jre:1.2.2_003:*:linux:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jdk:1.3.0_02:*:linux:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jdk:1.2.2_12:*:windows:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jre:1.3.0:update5:windows:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jre:1.3.0:update2:solaris:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jdk:1.3.1_01:*:solaris:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jdk:1.4:*:linux:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jre:1.3.0:*:linux:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jdk:1.2.2_10:*:solaris:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jdk:1.2.2_10:*:linux:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jre:1.2.2_011:*:linux:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jdk:1.3.0_02:*:windows:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jre:1.2.2_011:*:solaris:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jdk:1.3.1_03:*:windows:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jdk:1.4:*:windows:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jre:1.3.1:update1:windows:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jdk:1.3.1_03:*:linux:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jre:1.4:*:linux:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jre:1.3.1:update4:solaris:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jre:1.2.2:*:solaris:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jre:1.3.1:update4:windows:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jre:1.4:*:solaris:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jdk:1.3.1_03:*:solaris:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jre:1.3.0:update5:linux:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jdk:1.4:*:solaris:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jre:1.2.2:*:windows:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jre:1.2.2_011:*:windows:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jdk:1.3.1_01a:*:windows:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jre:1.3.0:update4:windows:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jre:1.3.0:update5:solaris:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jre:1.4:*:windows:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jdk:1.3.0_02:*:solaris:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jre:1.3.0:update2:windows:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jre:1.3.1_03:*:linux:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jre:1.2.2_012:*:solaris:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1124",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.kb.cert.org/vuls/id/758932",
"name" : "VU#758932",
"refsource" : "CERT-VN",
"tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-55141-1",
"name" : "55141",
"refsource" : "SUNALERT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7960",
"name" : "7960",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "http://secunia.com/advisories/9073",
"name" : "9073",
"refsource" : "SECUNIA",
"tags" : [ "Patch" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12343",
"name" : "sunmc-files-writable-permissions(12343)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unknown vulnerability in Sun Management Center (SunMC) 2.1.1, 3.0, and 3.0 Revenue Release (RR), when installed and run by root, allows local users to create or modify arbitrary files."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:management\\+center:2.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:management\\+center:3.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:management\\+center:3.0_revenue_release:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1125",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-52102-1",
"name" : "52102",
"refsource" : "SUNALERT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/195644",
"name" : "VU#195644",
"refsource" : "CERT-VN",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unknown vulnerability in ns-ldapd for Sun ONE Directory Server 4.16, 5.0, and 5.1 allows LDAP clients to cause a denial of service (service halt)."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:one_directory_server:4.16:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:one_directory_server:5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:one_directory_server:5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1126",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-56180-1",
"name" : "56180",
"refsource" : "SUNALERT",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/636964",
"name" : "VU#636964",
"refsource" : "CERT-VN",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://secunia.com/advisories/9541",
"name" : "9541",
"refsource" : "SECUNIA",
"tags" : [ "Patch" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unknown vulnerability in SunOne/iPlanet Web Server SP3 through SP5 on Windows platforms allows remote attackers to cause a denial of service."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:one_web_server:6.0:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:one_web_server:6.0:sp4:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:one_web_server:6.0:sp5:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1127",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.procheckup.com/security_info/vuln_pr0307.html",
"name" : "http://www.procheckup.com/security_info/vuln_pr0307.html",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/371470",
"name" : "VU#371470",
"refsource" : "CERT-VN",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.securityfocus.com/bid/9431",
"name" : "9431",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14869",
"name" : "egap-url-information-disclosure(14869)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Whale Communications e-Gap 2.5 on Windows 2000 allows remote attackers to obtain the source code for the login page via the HTTP TRACE method, which bypasses the preprocessor."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:whale_communications:e-gap:2.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1128",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.x2studios.com/index.php?page=kb&id=16",
"name" : "http://www.x2studios.com/index.php?page=kb&id=16",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/583020",
"name" : "VU#583020",
"refsource" : "CERT-VN",
"tags" : [ "Exploit", "Patch", "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.securityfocus.com/bid/7534",
"name" : "7534",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "http://secunia.com/advisories/8775",
"name" : "8775",
"refsource" : "SECUNIA",
"tags" : [ "Exploit", "Patch" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12139",
"name" : "xmms-remote-command-execution(12139)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "XMMS.pm in X2 XMMS Remote, as obtained from the vendor server between 4 AM 11 AM PST on May 7, 2003, allows remote attackers to execute arbitrary commands via shell metacharacters in a request to TCP port 8086."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:x2_studios:xmms_remote:0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1129",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://help.yahoo.com/help/us/mesg/use/use-45.html",
"name" : "http://help.yahoo.com/help/us/mesg/use/use-45.html",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/323439",
"name" : "20030530 Yahoo! Security Advisory: Yahoo! Voice Chat",
"refsource" : "BUGTRAQ",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/272644",
"name" : "VU#272644",
"refsource" : "CERT-VN",
"tags" : [ "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.securityfocus.com/bid/7561",
"name" : "7561",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/8924",
"name" : "8924",
"refsource" : "SECUNIA",
"tags" : [ "Patch" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12130",
"name" : "yahoo-audio-bo(12130)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in the Yahoo! Audio Conferencing (aka Voice Chat) ActiveX control before 1,0,0,45 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a URL with a long hostname to Yahoo! Messenger or Yahoo! Chat."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:yahoo:audio_conferencing_activex_control:1.0.0.43:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "HIGH",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 2.6
},
"severity" : "LOW",
"exploitabilityScore" : 4.9,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : true
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1130",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ ]
} ]
},
"references" : {
"reference_data" : [ ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2003-1071. Reason: This candidate is a duplicate of CVE-2003-1071. Notes: All CVE users should reference CVE-2003-1071 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ ]
},
"impact" : { },
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-10T19:21Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1131",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/348359",
"name" : "20031224 Remote Code Execution in Knowledge Builder.",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/9292",
"name" : "9292",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch" ]
}, {
"url" : "http://secunia.com/advisories/10504",
"name" : "10504",
"refsource" : "SECUNIA",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.osvdb.org/3228",
"name" : "3228",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=111066494323543&w=2",
"name" : "20050312 KnowledgeBase",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14078",
"name" : "knowledgebuilder-indexphp-file-include(14078)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "PHP remote file inclusion vulnerability in index.php in KnowledgeBuilder, referred to as KnowledgeBase, allows remote attackers to execute arbitrary PHP code by modifying the page parameter to reference a URL on a remote web server that contains the code."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:activecampaign:knowledgebuilder:3.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:activecampaign:knowledgebuilder:2.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:activecampaign:knowledgebuilder:2.1.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:activecampaign:knowledgebuilder:2.1.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1132",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.cisco.com/warp/public/707/cisco-sa-20030430-dns.shtml",
"name" : "20041008 Cisco Content Service Switch 11000 Series DNS Negative Cache of Information Denial-of-Service Vulnerability",
"refsource" : "CISCO",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/714121",
"name" : "VU#714121",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The DNS server for Cisco Content Service Switch (CSS) 11000 and 11500, when prompted for a nonexistent AAAA record, responds with response code 3 (NXDOMAIN or \"Name Error\") instead of response code 0 (\"No Error\"), which allows remote attackers to cause a denial of service (inaccessible domain) by forcing other DNS servers to send and cache a request for a AAAA record to the vulnerable server."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:cisco:content_services_switch_11000:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:cisco:content_services_switch_11500:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1133",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/342485",
"name" : "20031025 Some serious security holes in 'The Bat!'",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/8891",
"name" : "8891",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://securitytracker.com/id?1008004",
"name" : "1008004",
"refsource" : "SECTRACK",
"tags" : [ "Exploit" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13527",
"name" : "thebat-access-email(13527)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Rit Research Labs The Bat! 1.0.11 through 2.0 creates new accounts with insecure ACLs, which allows local users to read other users' email messages."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:1.029:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:1.031:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:1.043:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:1.22:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:1.31:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:1.41:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:1.42:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:1.48:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:1.49:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:1.032:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:1.51:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:1.39:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:1.028:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:1.32:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:1.039:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:1.035:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:1.21:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:1.52:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:1.36:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:1.42f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:1.47:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:1.011:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:1.041:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:1.33:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:1.101:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:1.43:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:2.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:1.14:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:1.015:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:1.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:1.46:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:1.19:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:1.036:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:1.53d:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:1.34:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:1.15:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:1.44:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:1.17:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:1.45:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:1.35:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:1.18:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ritlabs:the_bat:1.037:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 2.1
},
"severity" : "LOW",
"exploitabilityScore" : 3.9,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1134",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012773.html",
"name" : "20031026 Java 1.4.2_02 InsecurityManager JVM crash",
"refsource" : "FULLDISC",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/8892",
"name" : "8892",
"refsource" : "BID",
"tags" : [ "Exploit" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Sun Java 1.3.1, 1.4.1, and 1.4.2 allows local users to cause a denial of service (JVM crash), possibly by calling the ClassDepth function with a null parameter, which causes a crash instead of generating a null pointer exception."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:java:1.4.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:java:1.3.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:java:1.4.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 2.1
},
"severity" : "LOW",
"exploitabilityScore" : 3.9,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1135",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/342472",
"name" : "20031026 Buffer Overflow in Yahoo messenger Client",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/8894",
"name" : "8894",
"refsource" : "BID",
"tags" : [ "Exploit" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in Yahoo! Messenger 5.6 allows remote attackers to cause a denial of service (crash) via a file send request (sendfile) with a large number of \"%\" (percent) characters after the Yahoo ID."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:yahoo:messenger:5.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "HIGH",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 2.6
},
"severity" : "LOW",
"exploitabilityScore" : 4.9,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : true
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1136",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/342475",
"name" : "20031026 New Vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/8895",
"name" : "8895",
"refsource" : "BID",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/8896",
"name" : "8896",
"refsource" : "BID",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://www.osvdb.org/2718",
"name" : "2718",
"refsource" : "OSVDB",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://securitytracker.com/id?1008006",
"name" : "1008006",
"refsource" : "SECTRACK",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://secunia.com/advisories/10080",
"name" : "10080",
"refsource" : "SECUNIA",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13523",
"name" : "guestbook-doublequotation-xss(13523)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13522",
"name" : "guestbook-html-xss(13522)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in Chi Kien Uong Guestbook 1.51 allows remote attackers to inject arbitrary web script or HTML via (1) HTML in a posted message or (2) Javascript in an onmouseover attribute in an e-mail address or URL."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:chi_kien_uong:chi_kien_uong_guestbook:1.51:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-23T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1137",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/342473",
"name" : "20031027 sh-httpd `wildcard character' vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/archive/1/342766",
"name" : "20031028 Re: sh-httpd `wildcard character' vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.securityfocus.com/bid/8897",
"name" : "8897",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13519",
"name" : "shtttpd-get-information-disclosure(13519)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Charles Steinkuehler sh-httpd 0.3 and 0.4 allows remote attackers to read files or execute arbitrary CGI scripts via a GET request that contains an asterisk (*) wildcard character."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:charles_steinkuehler:sh-httpd:0.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:charles_steinkuehler:sh-httpd:0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-27T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1138",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/342578",
"name" : "20031027 Root Directory Listing on RH default apache",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/8898",
"name" : "8898",
"refsource" : "BID",
"tags" : [ "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//)."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:redhat:interchange:2.0.40_21.5:*:i386:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-27T05:00Z",
"lastModifiedDate" : "2008-09-05T20:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1139",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/342476",
"name" : "20031027 Musicqueue multiple local vulnerabilities",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0021.html",
"name" : "20031027 Musicqueue multiple local vulnerabilities",
"refsource" : "VULNWATCH",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/8899",
"name" : "8899",
"refsource" : "BID",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://secunia.com/advisories/10104",
"name" : "10104",
"refsource" : "SECUNIA",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://securitytracker.com/id?1008014",
"name" : "1008014",
"refsource" : "SECTRACK",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13520",
"name" : "musicqueue-tmpfile-symlink(13520)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Musicqueue 1.2.0 allows local users to overwrite arbitrary files by triggering a segmentation fault and using a symlink attack on the resulting musicqueue.crash file."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:musicqueue:musicqueue:1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-27T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1140",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/342476",
"name" : "20031027 Musicqueue multiple local vulnerabilities",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0021.html",
"name" : "20031027 Musicqueue multiple local vulnerabilities",
"refsource" : "VULNWATCH",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/8903",
"name" : "8903",
"refsource" : "BID",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://securitytracker.com/id?1008014",
"name" : "1008014",
"refsource" : "SECTRACK",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://secunia.com/advisories/10104",
"name" : "10104",
"refsource" : "SECUNIA",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13521",
"name" : "musicqueue-getconf-bo(13521)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in Musicqueue 1.2.0 allows local users to execute arbitrary code via a long language variable in the configuration file."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:musicqueue:musicqueue:1.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:musicqueue:musicqueue:0.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:musicqueue:musicqueue:1.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:musicqueue:musicqueue:1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:musicqueue:musicqueue:0.9.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:musicqueue:musicqueue:0.9.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-27T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1141",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/343318",
"name" : "20031104 NIPrint remote exploit",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/archive/1/343257",
"name" : "20031104 SRT2003-11-02-0115 - NIPrint LPD-LPR Remote overflow",
"refsource" : "BUGTRAQ",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/8968",
"name" : "8968",
"refsource" : "BID",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://www.osvdb.org/2774",
"name" : "2774",
"refsource" : "OSVDB",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://secunia.com/advisories/10143",
"name" : "10143",
"refsource" : "SECUNIA",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13591",
"name" : "niprint-bo(13591)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in NIPrint 4.10 allows remote attackers to execute arbitrary code via a long string to TCP port 515."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:network_instruments:niprint_lpd-lpr_print_server:4.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-04T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1142",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/343258",
"name" : "20031104 SRT2003-11-02-0218 - NIPrint LPD-LPR Local Help API SYSTEM exploit",
"refsource" : "BUGTRAQ",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/8969",
"name" : "8969",
"refsource" : "BID",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13592",
"name" : "niprint-helpapi-gain-privileges(13592)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Help in NIPrint LPD-LPR Print Server 4.10 and earlier executes Windows Explorer with SYSTEM privileges, which allows local users to gain privileges."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:h:network_instruments:niprint_lpd-lpr_print_server:4.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-03T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1143",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/342957",
"name" : "20031030 Serious Sam is not so serious",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://aluigi.altervista.org/adv/ssboom-adv.txt",
"name" : "http://aluigi.altervista.org/adv/ssboom-adv.txt",
"refsource" : "MISC",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/8936",
"name" : "8936",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13618",
"name" : "serioussam-games-packet-dos(13618)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Croteam Serious Sam demo test 2 2.1a, Serious Sam: the First Encounter 1.05, and Serious Sam: the Second Encounter 1.05 allow remote attackers to cause a denial of service (crash or freeze) via a TCP packet with an invalid first parameter."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:croteam:serioussam:the_second_encounter_demo:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:croteam:serioussam:the_first_encounter_1.0.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:croteam:serioussam:the_second_encounter_1.0.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:croteam:serioussam:test_2_2.1_a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-30T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1144",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/343322",
"name" : "20031104 Liteserve Buffer Overflow in Handling Server's Log.",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-November/013231.html",
"name" : "20031103 Liteserve Buffer Overflow in Handling Server's Log",
"refsource" : "FULLDISC",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/8971",
"name" : "8971",
"refsource" : "BID",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.osvdb.org/2766",
"name" : "2766",
"refsource" : "OSVDB",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://securitytracker.com/id?1008093",
"name" : "1008093",
"refsource" : "SECTRACK",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://secunia.com/advisories/10136",
"name" : "10136",
"refsource" : "SECUNIA",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13599",
"name" : "liteserve-log-entry-bo(13599)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in the log viewing interface in Perception LiteServe 1.25 through 2.2 allows remote attackers to execute arbitrary code via a GET request with a long file name."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:perception:liteserve:1.25:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:perception:liteserve:1.28:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:perception:liteserve:2.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:perception:liteserve:2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:perception:liteserve:2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:perception:liteserve:2.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-04T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1145",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/343806",
"name" : "20031107 OpenAutoClassifieds XSS attack",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/8972",
"name" : "8972",
"refsource" : "BID",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://www.osvdb.org/2767",
"name" : "2767",
"refsource" : "OSVDB",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://secunia.com/advisories/10138",
"name" : "10138",
"refsource" : "SECUNIA",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13604",
"name" : "openautoclassifieds-friendmail-xss(13604)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in friendmail.php in OpenAutoClassifieds 1.0 allows remote attackers to inject arbitrary web script or HTML via the listing parameter."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:openautoclassifieds:openautoclassifieds:1.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 6.8
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-03T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1146",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://security.nnov.ru/docs5347.html",
"name" : "http://security.nnov.ru/docs5347.html",
"refsource" : "MISC",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/8977",
"name" : "8977",
"refsource" : "BID",
"tags" : [ "Exploit", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in John Beatty Easy PHP Photo Album 1.0 allows remote attackers to inject arbitrary web script or HTML via the dir parameter."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:john_beatty:easy_php_photo_album:1.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 6.8
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-05-11T04:00Z",
"lastModifiedDate" : "2008-09-05T20:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1147",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ ]
} ]
},
"references" : {
"reference_data" : [ ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2003-0955. Reason: This candidate is a duplicate of CVE-2003-0955. Notes: All CVE users should reference CVE-2003-0955 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ ]
},
"impact" : { },
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-10T19:21Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1148",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-10/0262.html",
"name" : "20031026 Les Visiteurs v2.0.1 code injection vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit", "Patch" ]
}, {
"url" : "http://www.securityfocus.com/bid/8902",
"name" : "8902",
"refsource" : "BID",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://www.osvdb.org/2717",
"name" : "2717",
"refsource" : "OSVDB",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.osvdb.org/3586",
"name" : "3586",
"refsource" : "OSVDB",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://securitytracker.com/id?1008011",
"name" : "1008011",
"refsource" : "SECTRACK",
"tags" : [ "Exploit", "Patch" ]
}, {
"url" : "http://secunia.com/advisories/10079",
"name" : "10079",
"refsource" : "SECUNIA",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://securitytracker.com/id?1017065",
"name" : "1017065",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13529",
"name" : "les-visiteurs-file-include(13529)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple PHP remote file inclusion vulnerabilities in J-Pierre DEZELUS Les Visiteurs 2.0.1, as used in phpMyConferences (phpMyConference) 8.0.2 and possibly other products, allow remote attackers to execute arbitrary PHP code via a URL in the lvc_include_dir parameter to (1) config.inc.php or (2) new-visitor.inc.php in common/visiteurs/include/."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:les_visiteurs:les_visiteurs:2.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-25T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1149",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/342548",
"name" : "20031027 Norton Internet Security 2003 XSS",
"refsource" : "BUGTRAQ",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://securityresponse.symantec.com/avcenter/security/Content/2003.10.27.html",
"name" : "http://securityresponse.symantec.com/avcenter/security/Content/2003.10.27.html",
"refsource" : "CONFIRM",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/8904",
"name" : "8904",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.osvdb.org/2714",
"name" : "2714",
"refsource" : "OSVDB",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://secunia.com/advisories/10067",
"name" : "10067",
"refsource" : "SECUNIA",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13528",
"name" : "norton-is-blocked-xss(13528)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in Symantec Norton Internet Security 2003 6.0.4.34 allows remote attackers to inject arbitrary web script or HTML via a URL to a blocked site, which is displayed on the blocked sites error page."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:symantec:norton_internet_security:2003_6.0.4.34:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-27T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1150",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10088194.htm",
"name" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10088194.htm",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/8907",
"name" : "8907",
"refsource" : "BID",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://secunia.com/advisories/10100",
"name" : "10100",
"refsource" : "SECUNIA",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13564",
"name" : "novell-portmapper-bo(13564)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in the portmapper service (PMAP.NLM) in Novell NetWare 6 SP3 and ZenWorks for Desktops 3.2 SP2 through 4.0.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via unknown attack vectors."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:novell:zenworks_desktops:4.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:novell:zenworks_desktops:4.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:novell:zenworks_desktops:3.2:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:novell:netware:6.0:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-27T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1151",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-79"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/342678",
"name" : "20031028 Fastream NetFile FTP/WebServer 6.0 CSS Vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/8908",
"name" : "8908",
"refsource" : "BID",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://www.osvdb.org/2732",
"name" : "2732",
"refsource" : "OSVDB",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://securitytracker.com/id?1008020",
"name" : "1008020",
"refsource" : "SECTRACK",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://secunia.com/advisories/10099",
"name" : "10099",
"refsource" : "SECUNIA",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13535",
"name" : "fastream-nonexistent-url-xss(13535)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in Fastream NETFile Server 6.0.3.588 allows remote attackers to inject arbitrary web script or HTML via the URL, which is displayed on a \"404 Not Found\" error page."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:fastream:netfile_ftp_web_server:6.0.3.588:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : true
}
},
"publishedDate" : "2003-10-28T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1152",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012811.html",
"name" : "20031028 STG Security Advisory: [SSA-20031025-05] InfronTech WebTide 7.04 Directory and File Disclosure Vulnerability",
"refsource" : "FULLDISC",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/8909",
"name" : "8909",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/2719",
"name" : "2719",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://securitytracker.com/id?1008016",
"name" : "1008016",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10078",
"name" : "10078",
"refsource" : "SECUNIA",
"tags" : [ "Exploit" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13533",
"name" : "webtide-file-disclosure(13533)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "WebTide 7.04 allows remote attackers to list arbitrary directories via an HTTP request for %3f.jsp (encoded \"?\")."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:infrontech:webtide:7.0.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1153",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012801.html",
"name" : "20031027 Bytehoard File Disclosure VUlnerability Sequel",
"refsource" : "FULLDISC",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/8910",
"name" : "8910",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/2700",
"name" : "2700",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10082",
"name" : "10082",
"refsource" : "SECUNIA",
"tags" : [ "Patch" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13531",
"name" : "bytehoard-view-file(13531)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "byteHoard 0.7 and 0.71 allows remote attackers to list arbitrary files and directories via a direct request to files.inc.php."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bytehoard:bytehoard:0.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bytehoard:bytehoard:0.71:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1154",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.computerworld.co.nz/cw.nsf/0/BF9E8E6E2D313E5FCC256DD70016473F?OpenDocument&More=",
"name" : "http://www.computerworld.co.nz/cw.nsf/0/BF9E8E6E2D313E5FCC256DD70016473F?OpenDocument&More=",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/8982",
"name" : "8982",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/2772",
"name" : "2772",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10148",
"name" : "10148",
"refsource" : "SECUNIA",
"tags" : [ "Patch" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13611",
"name" : "mailsweeper-zip-virus-bypass(13611)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "MAILsweeper for SMTP 4.3 allows remote attackers to bypass virus protection via a mail message with a malformed zip attachment, as exploited by certain MIMAIL virus variants."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.3.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.3.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.3.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.3.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.3.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.3.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.3.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.3.6_sp1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1155",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.xcdroast.org/xcdr098/changelog-a15.html",
"name" : "http://www.xcdroast.org/xcdr098/changelog-a15.html",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/8983",
"name" : "8983",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.osvdb.org/2786",
"name" : "2786",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://securitytracker.com/id?1008094",
"name" : "1008094",
"refsource" : "SECTRACK",
"tags" : [ "Patch" ]
}, {
"url" : "http://secunia.com/advisories/10162",
"name" : "10162",
"refsource" : "SECUNIA",
"tags" : [ "Patch" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13612",
"name" : "xcdroast-symlink(13612)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "X-CD-Roast 0.98 alpha10 through alpha14 allows local users to overwrite arbitrary files via a symlink attack on an unknown file."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:x-cd-roast:x-cd-roast:0.98_alpha10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:x-cd-roast:x-cd-roast:0.98_alpha11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:x-cd-roast:x-cd-roast:0.98_alpha12:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:x-cd-roast:x-cd-roast:0.98_alpha13:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:x-cd-roast:x-cd-roast:0.98_alpha14:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1156",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/343038",
"name" : "20031031 Advisory: Sun's jre/jdk 1.4.2 multiple vulernabilities in linuxinstallers",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/8937",
"name" : "8937",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13570",
"name" : "sun-jre-java-symlink(13570)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Java Runtime Environment (JRE) and Software Development Kit (SDK) 1.4.2 through 1.4.2_02 allows local users to overwrite arbitrary files via a symlink attack on (1) unpack.log, as created by the unpack program, or (2) .mailcap1 and .mime.types1, as created by the RPM program."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jre:1.4.2:*:linux:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jre:1.4.2:update2:linux:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jdk:1.4.2:*:linux:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jdk:1.4.2_02:*:linux:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1157",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/343040",
"name" : "20031031 IRM 008: Citrix Metaframe XP is vulnerable to Cross Site Scripting",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/8939",
"name" : "8939",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.osvdb.org/2762",
"name" : "2762",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10127",
"name" : "10127",
"refsource" : "SECUNIA",
"tags" : [ "Exploit", "Patch" ]
}, {
"url" : "http://www.securityfocus.com/bid/27948",
"name" : "27948",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40782",
"name" : "citrix-webmanager-login-xss(40782)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13569",
"name" : "metaframe-error-message-xss(13569)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in login.asp in Citrix MetaFrame XP Server 1.0 allows remote attackers to inject arbitrary web script or HTML via the NFuse_Message parameter."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:citrix:metaframe:1.0:*:xp:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1158",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-09/0275.html",
"name" : "20030917 Denial Of Service in Plug & Play Web (FTP) Server",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/8667",
"name" : "8667",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13219",
"name" : "plugandplaywebserver-multiple-commands-dos(13219)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple buffer overflows in the FTP service in Plug and Play Web Server 1.0002c allow remote attackers to cause a denial of service (crash) via long (1) dir, (2) ls, (3) delete, (4) mkdir, (5) DELE, (6) RMD, or (7) MKD commands."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:plug_and_play_software:plug_and_play_web_server:1.0.002c:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1159",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-10/0343.html",
"name" : "20031031 DoS in Plug and Play Web Server Proxy Server",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/8941",
"name" : "8941",
"refsource" : "BID",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.osvdb.org/2764",
"name" : "2764",
"refsource" : "OSVDB",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://secunia.com/advisories/10131",
"name" : "10131",
"refsource" : "SECUNIA",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13572",
"name" : "plugandplaywebserver-get-dos(13572)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Plug and Play Web Server Proxy 1.0002c allows remote attackers to cause a denial of service (server crash) via an invalid URI in an HTTP GET request to TCP port 8080."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:plug_and_play:plug_and_play_web_server_proxy:1.0002c:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-31T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1160",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://packetstormsecurity.nl/0310-exploits/FlexWATCH.txt",
"name" : "http://packetstormsecurity.nl/0310-exploits/FlexWATCH.txt",
"refsource" : "MISC",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/8942",
"name" : "8942",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.osvdb.org/2842",
"name" : "2842",
"refsource" : "OSVDB",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://securitytracker.com/id?1008049",
"name" : "1008049",
"refsource" : "SECTRACK",
"tags" : [ "Exploit" ]
}, {
"url" : "http://secunia.com/advisories/10132",
"name" : "10132",
"refsource" : "SECUNIA",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13567",
"name" : "flexwatch-slash-admin-access(13567)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "FlexWATCH Network video server 132 allows remote attackers to bypass authentication and gain administrative privileges via an HTTP request to aindex.htm that contains double leading slashes (//)."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:seyeon:flexwatch_network_video_server:2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:seyeon:flexwatch_network_video_server:model_132:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-30T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1161",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.ussg.iu.edu/hypermail/linux/kernel/0311.0/0621.html",
"name" : "[linux-kernel] 20031105 BK2CVS problem",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "http://www.ussg.iu.edu/hypermail/linux/kernel/0311.0/0627.html",
"name" : "[linux-kernel] 20031105 Re: BK2CVS problem",
"refsource" : "MLIST",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.ussg.iu.edu/hypermail/linux/kernel/0311.0/0630.html",
"name" : "[linux-kernel] 20031105 Re: BK2CVS problem",
"refsource" : "MLIST",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/8987",
"name" : "8987",
"refsource" : "BID",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "exit.c in Linux kernel 2.6-test9-CVS, as stored on kernel.bkbits.net, was modified to contain a backdoor, which could allow local users to elevate their privileges by passing __WCLONE|__WALL to the sys_wait4 function."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:2.6_test9_cvs:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1162",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-10/0348.html",
"name" : "20031031 Virginity Security Advisory 2003-002 : Tritanium Bulletin Board - Read and write from/to internal (protected) Threads",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/8944",
"name" : "8944",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.osvdb.org/2770",
"name" : "2770",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10135",
"name" : "10135",
"refsource" : "SECUNIA",
"tags" : [ "Exploit" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13587",
"name" : "tritanium-threadid-view-messages(13587)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "index.php in Tritanium Bulletin Board 1.2.3 allows remote attackers to read and reply to arbitrary messages by modifying the thread_id, forum_id, and sid parameters."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:tritanium_scripts:tritanium_bulletin_board:1.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:tritanium_scripts:tritanium_bulletin_board:1.2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:tritanium_scripts:tritanium_bulletin_board:1.1_final:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:tritanium_scripts:tritanium_bulletin_board:1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:tritanium_scripts:tritanium_bulletin_board:0.999_beta:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:tritanium_scripts:tritanium_bulletin_board:1.0_beta:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:tritanium_scripts:tritanium_bulletin_board:0.993_beta:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:tritanium_scripts:tritanium_bulletin_board:0.994_beta:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:tritanium_scripts:tritanium_bulletin_board:1.2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1163",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/343689",
"name" : "20031106 DoS for Ganglia",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://ganglia.sourceforge.net/",
"name" : "http://ganglia.sourceforge.net/",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/8988",
"name" : "8988",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/2787",
"name" : "2787",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10166",
"name" : "10166",
"refsource" : "SECUNIA",
"tags" : [ "Patch" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13631",
"name" : "ganglia-gmond-dos(13631)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "hash.c in Ganglia gmond 2.5.3 allows remote attackers to cause a denial of service (segmentation fault) via a UDP packet that contains a single-byte name string, which is used as an out-of-bounds array index."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ganglia:gmond:2.5.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ganglia:gmond:2.5.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ganglia:gmond:2.5.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ganglia:gmond:2.5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ganglia:gmond:2.5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1164",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/013070.html",
"name" : "20031031 XSS In mldonkey - But....",
"refsource" : "FULLDISC",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/8946",
"name" : "8946",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "http://secunia.com/advisories/10134",
"name" : "10134",
"refsource" : "SECUNIA",
"tags" : [ "Exploit", "Patch" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13615",
"name" : "mldonkey-xss(13615)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in Mldonkey 2.5-4 allows remote attackers to inject arbitrary web script or HTML via the URI, which is injected into the HTML error page."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mldonkey:mldonkey:2.5.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1165",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/343111",
"name" : "20031101 BRS WebWeaver 1.06 remote DoS vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/8947",
"name" : "8947",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13571",
"name" : "brswebweaver-useragent-bo(13571)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in BRS WebWeaver 1.06 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP request with a long User-Agent header."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:brs:webweaver:0.60_beta:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:brs:webweaver:0.61_beta:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:brs:webweaver:0.62_beta:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:brs:webweaver:1.0.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:brs:webweaver:0.51_beta:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:brs:webweaver:0.52_beta:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:brs:webweaver:1.0.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:brs:webweaver:1.0.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:brs:webweaver:0.49_beta:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:brs:webweaver:0.50_beta:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:brs:webweaver:1.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:brs:webweaver:1.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:brs:webweaver:0.63_beta:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:brs:webweaver:1.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1166",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.http-com.com/Default.asp?section=Features",
"name" : "http://www.http-com.com/Default.asp?section=Features",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/8948",
"name" : "8948",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.osvdb.org/2780",
"name" : "2780",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10125",
"name" : "10125",
"refsource" : "SECUNIA",
"tags" : [ "Exploit" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13622",
"name" : "http-commander-directory-traversal(13622)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Directory traversal vulnerability in (1) Openfile.aspx and (2) Html.aspx in HTTP Commander 4.0 allows remote attackers to view arbitrary files via a .. (dot dot) in the file parameter."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:http_commander:http_commander:4.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1167",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/342736",
"name" : "20031028 Local root vuln in kpopup",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/8915",
"name" : "8915",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch" ]
}, {
"url" : "http://www.osvdb.org/2742",
"name" : "2742",
"refsource" : "OSVDB",
"tags" : [ "Patch" ]
}, {
"url" : "http://secunia.com/advisories/10105",
"name" : "10105",
"refsource" : "SECUNIA",
"tags" : [ "Patch" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13540",
"name" : "kpopup-systemcall-execute-code(13540)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "misc.cpp in KPopup 0.9.1 trusts the PATH variable when executing killall, which allows local users to elevate their privileges by modifying the PATH variable to reference a malicious killall program."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gernot_stocker:kpopup:0.9.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gernot_stocker:kpopup:0.9.5_pre2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1168",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/8949",
"name" : "8949",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "http://secunia.com/advisories/10125",
"name" : "10125",
"refsource" : "SECUNIA",
"tags" : [ "Exploit", "Patch" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "HTTP Commander 4.0 allows remote attackers to obtain sensitive information via an HTTP request that contains a . (dot) in the file parameter, which reveals the installation path in an error message."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:http_commander:http_commander:4.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1169",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-November/013113.html",
"name" : "20031101 DATEV Nutzungskontrolle Bypassing (REG)",
"refsource" : "FULLDISC",
"tags" : [ "Exploit", "Patch" ]
}, {
"url" : "http://www.securityfocus.com/bid/8950",
"name" : "8950",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13589",
"name" : "nutzungskontrolle-registry-security-bypass(13589)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "DATEV Nutzungskontrolle 2.1 and 2.2 has insecure write permissions for critical registry keys, which allows local users to bypass access restrictions by importing NukoInfo values in certain DATEV keys, which disables Nutzungskontrolle."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:datev:nutzungskontrolle:2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:datev:nutzungskontrolle:2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1170",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/342736",
"name" : "20031028 Local root vuln in kpopup",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit", "Patch" ]
}, {
"url" : "http://www.securityfocus.com/bid/8918",
"name" : "8918",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/3290",
"name" : "3290",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10105",
"name" : "10105",
"refsource" : "SECUNIA",
"tags" : [ "Patch" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Format string vulnerability in main.cpp in kpopup 0.9.1 and 0.9.5pre2 allows local users to cause a denial of service (segmentation fault) and possibly execute arbitrary code via format string specifiers in command line arguments."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gernot_stocker:kpopup:0.9.5_pre2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gernot_stocker:kpopup:0.9.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1171",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/342767",
"name" : "20031028 mod_security 1.7RC1 to 1.7.1 vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.modsecurity.org/download/CHANGES",
"name" : "http://www.modsecurity.org/download/CHANGES",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/8919",
"name" : "8919",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "http://securitytracker.com/id?1008025",
"name" : "1008025",
"refsource" : "SECTRACK",
"tags" : [ "Exploit", "Patch" ]
}, {
"url" : "http://secunia.com/advisories/10085",
"name" : "10085",
"refsource" : "SECUNIA",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://adsystems.com.pl/adg-mod_security171.txt",
"name" : "http://adsystems.com.pl/adg-mod_security171.txt",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13543",
"name" : "mod-security-secfilterout-bo(13543)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mod_security:mod_security:1.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mod_security:mod_security:1.7.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1172",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securiteam.com/securitynews/6W00L0U8KC.html",
"name" : "http://www.securiteam.com/securitynews/6W00L0U8KC.html",
"refsource" : "MISC",
"tags" : [ "Exploit", "Patch" ]
}, {
"url" : "http://www.securityfocus.com/bid/8883",
"name" : "8883",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.osvdb.org/2749",
"name" : "2749",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://securitytracker.com/id?1007993",
"name" : "1007993",
"refsource" : "SECTRACK",
"tags" : [ "Exploit" ]
}, {
"url" : "http://secunia.com/advisories/10064",
"name" : "10064",
"refsource" : "SECUNIA",
"tags" : [ "Exploit" ]
}, {
"url" : "http://issues.apache.org/bugzilla/show_bug.cgi?id=23949",
"name" : "http://issues.apache.org/bugzilla/show_bug.cgi?id=23949",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13499",
"name" : "apachecocoon-directory-traversal-bootini(13499)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:cocoon:2.1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:cocoon:2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:cocoon:2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1173",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/342765",
"name" : "20031028 FirstClass 7.1 HTTP Server: Remote Directory Listing",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/archive/1/342909",
"name" : "20031030 Re: FirstClass 7.1 HTTP Server: Remote Directory Listing",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/8920",
"name" : "8920",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch" ]
}, {
"url" : "http://www.osvdb.org/2723",
"name" : "2723",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10084",
"name" : "10084",
"refsource" : "SECUNIA",
"tags" : [ "Exploit", "Patch" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13546",
"name" : "firstclass-view-unauthorized-files(13546)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Centrinity FirstClass 7.1 allows remote attackers to access sensitive information by appending search to the end of the URL and checking all of the search option checkboxes and leaving the text field blank, which will return all files in the searched directory."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:centrinity:centrinity_firstclass:7.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1174",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/343177",
"name" : "20031102 ShoutCast server 1.9.2/win32",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/8954",
"name" : "8954",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.osvdb.org/2776",
"name" : "2776",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://securitytracker.com/id?1008080",
"name" : "1008080",
"refsource" : "SECTRACK",
"tags" : [ "Exploit" ]
}, {
"url" : "http://secunia.com/advisories/10146",
"name" : "10146",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13586",
"name" : "shoutcast-long-icy-dos(13586)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in NullSoft Shoutcast Server 1.9.2 allows local users to cause a denial of service via (1) icy-name followed by a long server name or (2) icy-url followed by a long URL."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:nullsoft:shoutcast_server:1.9.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 2.1
},
"severity" : "LOW",
"exploitabilityScore" : 3.9,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1175",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://sourceforge.net/tracker/index.php?func=detail&aid=834374&group_id=64442&atid=507493",
"name" : "http://sourceforge.net/tracker/index.php?func=detail&aid=834374&group_id=64442&atid=507493",
"refsource" : "CONFIRM",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/8956",
"name" : "8956",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.osvdb.org/2790",
"name" : "2790",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10165",
"name" : "10165",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13630",
"name" : "sympoll-indexphp-xss(13630)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in index.php in Sympoll 1.5 allows remote attackers to inject arbitrary web script or HTML via the vo parameter."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:synthetic_reality:sympoll:1.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 6.8
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1176",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/343175",
"name" : "20031102 Unauthorized access in Web Wiz Forum",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/archive/1/343314",
"name" : "20031104 Re: Unauthorized access in Web Wiz Forum",
"refsource" : "BUGTRAQ",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.securityfocus.com/bid/8957",
"name" : "8957",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.osvdb.org/2768",
"name" : "2768",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://securitytracker.com/id?1008100",
"name" : "1008100",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10137",
"name" : "10137",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13581",
"name" : "webwizforums-quotemode-message-access(13581)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "post_message_form.asp in Web Wiz Forums 6.34 through 7.5, when quote mode is used, allows remote attackers to read or write to private forums by modifying the FID (forum ID) parameter."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bdc_enterprises:web_wiz_forums:6.34:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bdc_enterprises:web_wiz_forums:7.01:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bdc_enterprises:web_wiz_forums:7.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 6.4
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 4.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1177",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2003-q4/1459.html",
"name" : "20031024 Vulnerability in MERCUR Mail Server v4.2 SP3 and below",
"refsource" : "FULLDISC",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securiteam.com/windowsntfocus/6U00N1P8KC.html",
"name" : "http://www.securiteam.com/windowsntfocus/6U00N1P8KC.html",
"refsource" : "MISC",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/8861",
"name" : "8861",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/8889",
"name" : "8889",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.osvdb.org/2688",
"name" : "2688",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10038",
"name" : "10038",
"refsource" : "SECUNIA",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.atrium-software.com/mail%20server/pub/mcr42sp3a.html",
"name" : "http://www.atrium-software.com/mail%20server/pub/mcr42sp3a.html",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13468",
"name" : "mercur-auth-command-dos(13468)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in the base64 decoder in MERCUR Mailserver 4.2 before SP3a allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long (1) AUTH command to the POP3 server or (2) AUTHENTICATE command to the IMAP server."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:atrium_software:mercur_mailserver:4.1_sp1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:atrium_software:mercur_mailserver:4.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:atrium_software:mercur_mailserver:4.2_sp1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:atrium_software:mercur_mailserver:4.2_sp2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:atrium_software:mercur_mailserver:3.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:atrium_software:mercur_mailserver:3.3_sp1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:atrium_software:mercur_mailserver:3.3_sp2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:atrium_software:mercur_mailserver:4.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1178",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/342493",
"name" : "20031025 Advanced Poll : PHP Code Injection, File Include, Phpinfo",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/8890",
"name" : "8890",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/2743",
"name" : "2743",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10068",
"name" : "10068",
"refsource" : "SECUNIA",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://attrition.org/pipermail/vim/2006-October/001080.html",
"name" : "Advanced Poll v2.02 :) <= Remote File Inclusion",
"refsource" : "VIM",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29396",
"name" : "advanced-poll-comments-file-include(29396)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13513",
"name" : "advancedpoll-php-injection(13513)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/448007/100/0/threaded",
"name" : "20061008 Advanced Poll v2.02 :) <= Remote File Inclusion",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Eval injection vulnerability in comments.php in Advanced Poll 2.0.2 allows remote attackers to execute arbitrary PHP code via the (1) id, (2) template_set, or (3) action parameter."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:advanced_poll:advanced_poll:2.0.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:advanced_poll:advanced_poll:2.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:advanced_poll:advanced_poll:2.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2018-10-19T15:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1179",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/342493",
"name" : "20031025 Advanced Poll : PHP Code Injection, File Include, Phpinfo",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.phpsecure.info/v2/tutos/frog/AdvancedPoll2.0.2.txt",
"name" : "http://www.phpsecure.info/v2/tutos/frog/AdvancedPoll2.0.2.txt",
"refsource" : "MISC",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/8890",
"name" : "8890",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/3291",
"name" : "3291",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10068",
"name" : "10068",
"refsource" : "SECUNIA",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.solpotcrew.org/adv/solpot-adv-02.txt",
"name" : "http://www.solpotcrew.org/adv/solpot-adv-02.txt",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/19105",
"name" : "19105",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/28988",
"name" : "28988",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13514",
"name" : "advancedpoll-php-file-include(13514)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/440780/100/0/threaded",
"name" : "20060721 SolpotCrew Advisory #2 - Advanced Poll ver 2.02 (base_path) Remote File Inclusion",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple PHP remote file inclusion vulnerabilities in Advanced Poll 2.0.2 allow remote attackers to execute arbitrary PHP code via the include_path parameter in (1) booth.php, (2) png.php, (3) poll_ssi.php, or (4) popup.php, the (5) base_path parameter to common.inc.php."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:advanced_poll:advanced_poll:2.0.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:advanced_poll:advanced_poll:2.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:advanced_poll:advanced_poll:2.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2018-10-19T15:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1180",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/342493",
"name" : "20031025 Advanced Poll : PHP Code Injection, File Include, Phpinfo",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/8890",
"name" : "8890",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/3291",
"name" : "3291",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10068",
"name" : "10068",
"refsource" : "SECUNIA",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13514",
"name" : "advancedpoll-php-file-include(13514)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Directory traversal vulnerability in Advanced Poll 2.0.2 allows remote attackers to read arbitrary files or inject arbitrary local PHP files via .. sequences in the base_path or pollvars[lang] parameters to the admin files (1) index.php, (2) admin_tpl_new.php, (3) admin_tpl_misc_new.php, (4) admin_templates_misc.php, (5) admin_templates.php, (6) admin_stats.php, (7) admin_settings.php, (8) admin_preview.php, (9) admin_password.php, (10) admin_logout.php, (11) admin_license.php, (12) admin_help.php, (13) admin_embed.php, (14) admin_edit.php, or (15) admin_comment.php."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:advanced_poll:advanced_poll:2.0.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:advanced_poll:advanced_poll:2.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:advanced_poll:advanced_poll:2.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1181",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/342493",
"name" : "20031025 Advanced Poll : PHP Code Injection, File Include, Phpinfo",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit", "Patch" ]
}, {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0019.html",
"name" : "20031025 Advanced Poll : PHP Code Injection, File Include, Phpinfo",
"refsource" : "VULNWATCH",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/8890",
"name" : "8890",
"refsource" : "BID",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://www.osvdb.org/3292",
"name" : "3292",
"refsource" : "OSVDB",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://secunia.com/advisories/10068",
"name" : "10068",
"refsource" : "SECUNIA",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13515",
"name" : "advancedpoll-phpinfo-obtain-information(13515)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Advanced Poll 2.0.2 allows remote attackers to obtain sensitive information via an HTTP request to info.php, which invokes the phpinfo() function."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:advanced_poll:advanced_poll:2.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-25T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1182",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/8958",
"name" : "8958",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.osvdb.org/2754",
"name" : "2754",
"refsource" : "OSVDB",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://secunia.com/advisories/10122",
"name" : "10122",
"refsource" : "SECUNIA",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13575",
"name" : "mpmguestbook-ing-xss(13575)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in MPM Guestbook 1.2 allows remote attackers to inject arbitrary web script or HTML via the lng parameter."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mpm:mpm_guestbook:1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 6.8
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-03T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1183",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.oracle.com/technology/deploy/security/pdf/2003alert60.pdf",
"name" : "http://www.oracle.com/technology/deploy/security/pdf/2003alert60.pdf",
"refsource" : "CONFIRM",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.securityfocus.com/bid/8923",
"name" : "8923",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.osvdb.org/2727",
"name" : "2727",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10088",
"name" : "10088",
"refsource" : "SECUNIA",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13545",
"name" : "oraclecollaborationsuite-file-access(13545)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The WebCache component in Oracle Files 9.0.3.1.0, 9.0.3.2.0, and 9.0.3.3.0 of Oracle Collaboration Suite Release 1 caches files despite the cacheability rules imposed by Oracle Files, which allows local users to gain access."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle_files:9.0.3.1.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle_files:9.0.3.2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle_files:9.0.3.3.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-28T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1184",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://sourceforge.net/project/shownotes.php?release_id=195009",
"name" : "http://sourceforge.net/project/shownotes.php?release_id=195009",
"refsource" : "CONFIRM",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/8959",
"name" : "8959",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.osvdb.org/3077",
"name" : "3077",
"refsource" : "OSVDB",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.osvdb.org/4825",
"name" : "4825",
"refsource" : "OSVDB",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.osvdb.org/4826",
"name" : "4826",
"refsource" : "OSVDB",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.osvdb.org/4827",
"name" : "4827",
"refsource" : "OSVDB",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.osvdb.org/4828",
"name" : "4828",
"refsource" : "OSVDB",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.osvdb.org/4829",
"name" : "4829",
"refsource" : "OSVDB",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://secunia.com/advisories/10120",
"name" : "10120",
"refsource" : "SECUNIA",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13582",
"name" : "thwboard-multiple-fields-xss(13582)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in ThWboard Beta 2.8 and 2.81 allow remote attackers to inject arbitrary web script or HTML via (1) time in board.php, (2) the profile Homepage-Feld, (3) pictures, and (4) other \"Diverse XSS Bugs.\""
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:thwboard:thwboard:2.8_beta:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:thwboard:thwboard:2.81_beta:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-03T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1185",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://sourceforge.net/project/shownotes.php?release_id=195009",
"name" : "http://sourceforge.net/project/shownotes.php?release_id=195009",
"refsource" : "CONFIRM",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/8961",
"name" : "8961",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.osvdb.org/2758",
"name" : "2758",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/4838",
"name" : "4838",
"refsource" : "OSVDB",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.osvdb.org/4840",
"name" : "4840",
"refsource" : "OSVDB",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.osvdb.org/4841",
"name" : "4841",
"refsource" : "OSVDB",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://secunia.com/advisories/10120",
"name" : "10120",
"refsource" : "SECUNIA",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13583",
"name" : "thwboard-multiple-sql-injection(13583)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple SQL injection vulnerabilities in ThWboard before Beta 2.8.2 allow remote attackers to inject arbitrary SQL commands via various vectors including (1) Admin-Center, (2) Announcements, (3) admin/calendar.php, and (4) showevent.php."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:thwboard:thwboard:2.8_beta:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:thwboard:thwboard:2.81_beta:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-03T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1186",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/342785",
"name" : "20031029 TelCondex SimpleWebserver Buffer Overflow",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit", "Patch" ]
}, {
"url" : "http://www.securityfocus.com/bid/8925",
"name" : "8925",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch" ]
}, {
"url" : "http://www.osvdb.org/10101",
"name" : "10101",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13549",
"name" : "simplewebserver-referer-bo(13549)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in TelCondex SimpleWebServer 2.12.30210 Build3285 allows remote attackers to execute arbitrary code via a long HTTP Referer header."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:telcondex:simplewebserver:2.12.30210_build3285:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-29T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1187",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-November/013139.html",
"name" : "20031102 [bWM#017] Cross-Site-Scripting @ PHPKIT",
"refsource" : "FULLDISC",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://badwebmasters.net/advisory/017/",
"name" : "http://badwebmasters.net/advisory/017/",
"refsource" : "MISC",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/8960",
"name" : "8960",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13590",
"name" : "phpkit-include-xss(13590)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in include.php in PHPKIT 1.6.02 and 1.6.03 allows remote attackers to inject arbitrary web script or HTML via the contact_email parameter."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phpkit:phpkit:1.6.02:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phpkit:phpkit:1.6.03:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 6.8
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-02T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1188",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/343182",
"name" : "20031102 Unichat Vulnerabilities",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/8962",
"name" : "8962",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.osvdb.org/2844",
"name" : "2844",
"refsource" : "OSVDB",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://secunia.com/advisories/10163",
"name" : "10163",
"refsource" : "SECUNIA",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13610",
"name" : "unichat-nonalphanumeric-character-dos(13610)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unichat allows remote attackers to cause a denial of service (crash) by adding extra chat characters (avatars) and logging in to a chat room, as demonstrated using duplicate ACTOR entries in u2res000.rit."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:unichat:unichat:2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-02T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1189",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/8928",
"name" : "8928",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.osvdb.org/2724",
"name" : "2724",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://securitytracker.com/id?1007992",
"name" : "1007992",
"refsource" : "SECTRACK",
"tags" : [ "Patch" ]
}, {
"url" : "http://secunia.com/advisories/10083",
"name" : "10083",
"refsource" : "SECUNIA",
"tags" : [ "Patch" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13539",
"name" : "nokia-ipso-ipcluster-dos(13539)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unknown vulnerability in Nokia IPSO 3.7, configured as IP Clusters, allows remote attackers to cause a denial of service via unknown attack vectors."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:nokia:ipso:3.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-29T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1190",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://sourceforge.net/project/shownotes.php?release_id=193940",
"name" : "http://sourceforge.net/project/shownotes.php?release_id=193940",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/8963",
"name" : "8963",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.osvdb.org/2755",
"name" : "2755",
"refsource" : "OSVDB",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://secunia.com/advisories/10109",
"name" : "10109",
"refsource" : "SECUNIA",
"tags" : [ "Patch" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13574",
"name" : "phprecipebook-recipe-xss(13574)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in PHPRecipeBook 1.24 through 2.17 allows remote attackers to inject arbitrary web script or HTML via a recipe."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phprecipebook:phprecipebook:1.26:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phprecipebook:phprecipebook:1.26a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phprecipebook:phprecipebook:2.05:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phprecipebook:phprecipebook:2.06:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phprecipebook:phprecipebook:2.16:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phprecipebook:phprecipebook:2.17:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phprecipebook:phprecipebook:1.27:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phprecipebook:phprecipebook:1.27a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phprecipebook:phprecipebook:2.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phprecipebook:phprecipebook:2.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phprecipebook:phprecipebook:1.30:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phprecipebook:phprecipebook:1.31:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phprecipebook:phprecipebook:2.14:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phprecipebook:phprecipebook:2.12:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phprecipebook:phprecipebook:2.04:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phprecipebook:phprecipebook:1.25:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phprecipebook:phprecipebook:2.15:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phprecipebook:phprecipebook:2.13:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phprecipebook:phprecipebook:1.24:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phprecipebook:phprecipebook:1.30a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-03T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1191",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-10/0313.html",
"name" : "20031029 E107 DoS vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.hackingheaven.com/index.php?name=PNphpBB2&file=viewtopic&t=21",
"name" : "http://www.hackingheaven.com/index.php?name=PNphpBB2&file=viewtopic&t=21",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/8930",
"name" : "8930",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch" ]
}, {
"url" : "http://www.osvdb.org/2753",
"name" : "2753",
"refsource" : "OSVDB",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://secunia.com/advisories/10115",
"name" : "10115",
"refsource" : "SECUNIA",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13553",
"name" : "e107chatboxdos(13553)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "chatbox.php in e107 0.554 and 0.603 allows remote attackers to cause a denial of service (pages fail to load) via HTML in the Name field, which prevents the main.php form from being loaded."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:e107:e107:0.545:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:e107:e107:0.603:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-29T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1192",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.derkeiler.com/Mailing-Lists/VulnWatch/2003-11/0001.html",
"name" : "20031103 IA WebMail Server 3.x Buffer Overflow Vulnerability",
"refsource" : "VULNWATCH",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.elitehaven.net/iawebmail.txt",
"name" : "http://www.elitehaven.net/iawebmail.txt",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.securiteam.com/windowsntfocus/6B002158UQ.html",
"name" : "http://www.securiteam.com/windowsntfocus/6B002158UQ.html",
"refsource" : "MISC",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/8965",
"name" : "8965",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.osvdb.org/2757",
"name" : "2757",
"refsource" : "OSVDB",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://securitytracker.com/id?1008075",
"name" : "1008075",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10107",
"name" : "10107",
"refsource" : "SECUNIA",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13580",
"name" : "iawebmailserver-get-bo(13580)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Stack-based buffer overflow in IA WebMail Server 3.1.0 allows remote attackers to execute arbitrary code via a long GET request."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:truenorth_software:ia_webmail_server:3.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:truenorth_software:ia_webmail_server:3.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-03T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1193",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/343520",
"name" : "20031105 Multiple SQL Injection Vulnerabilities in Oracle Application Server 9i and RDBMS (#NISR05112003)",
"refsource" : "BUGTRAQ",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://otn.oracle.com/deploy/security/pdf/2003alert61.pdf",
"name" : "http://otn.oracle.com/deploy/security/pdf/2003alert61.pdf",
"refsource" : "CONFIRM",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.securityfocus.com/bid/8966",
"name" : "8966",
"refsource" : "BID",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13593",
"name" : "oracle-portal-sql-injection(13593)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple SQL injection vulnerabilities in the Portal DB (1) List of Values (LOVs), (2) Forms, (3) Hierarchy, and (4) XML components packages in Oracle Oracle9i Application Server 9.0.2.00 through 3.0.9.8.5 allow remote attackers to execute arbitrary SQL commands via the URL."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:application_server_portal:3.0.9.8.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:application_server_portal:9.0.2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:9.0.2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:9.0.2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:application_server_portal:9.0.2.3a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:application_server_portal:9.0.2.3b:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:9.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:9.0.2.0.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:9.0.2.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:9.0.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-03T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1194",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://sourceforge.net/project/shownotes.php?release_id=193878",
"name" : "http://sourceforge.net/project/shownotes.php?release_id=193878",
"refsource" : "CONFIRM",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/8932",
"name" : "8932",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "http://securitytracker.com/id?1008056",
"name" : "1008056",
"refsource" : "SECTRACK",
"tags" : [ "Patch" ]
}, {
"url" : "http://secunia.com/advisories/10110",
"name" : "10110",
"refsource" : "SECUNIA",
"tags" : [ "Patch" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13557",
"name" : "booby-error-message-xss(13557)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in Booby .1 through 0.2.3 allows remote attackers to inject arbitrary web script or HTML via the error message."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:booby:booby:0.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:booby:booby:0.2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:booby:booby:0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:booby:booby:0.2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:booby:booby:0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:booby:booby:0.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:booby:booby:0.1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:booby:booby:0.1.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:booby:booby:0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 6.8
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-30T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1195",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-November/014065.html",
"name" : "20031123 VieNuke VieBoard SQL Injection Vulnerability... again",
"refsource" : "FULLDISC",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.osvdb.org/4606",
"name" : "4606",
"refsource" : "OSVDB",
"tags" : [ "Patch" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13819",
"name" : "vieboard-getmember-sql-injection(13819)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "SQL injection vulnerability in getmember.asp in VieBoard 2.6 Beta 1 allows remote attackers to execute arbitrary SQL commands via the msn variable."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:vienuke:vieboard:2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:vienuke:vieboard:2.6_beta_1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-23T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1196",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.vienuke.com/vie/viewtopic.asp?forumid=43&id=2822&page=1",
"name" : "http://www.vienuke.com/vie/viewtopic.asp?forumid=43&id=2822&page=1",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/8967",
"name" : "8967",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.osvdb.org/2789",
"name" : "2789",
"refsource" : "OSVDB",
"tags" : [ "Exploit", "Patch" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13629",
"name" : "vieboard-viewtopic-sql-injection(13629)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "SQL injection vulnerability in viewtopic.asp in VieBoard 2.6 allows remote attackers to execute arbitrary SQL commands via the forumid parameter."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:vienuke:vieboard:2.6_beta_1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:vienuke:vieboard:2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-03T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1197",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/342913",
"name" : "20031030 Multiple Vulnerabilities in Led-Forums",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/8934",
"name" : "8934",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "http://secunia.com/advisories/10113",
"name" : "10113",
"refsource" : "SECUNIA",
"tags" : [ "Exploit" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13563",
"name" : "ledforums-topicfield-redirect(13563)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13562",
"name" : "ledforums-indexphp-xss(13562)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in index.php for Ledscripts.com LedForums Beta 1 allows remote attackers to inject arbitrary web script or HTML via the (1) top_message parameter or (2) topic field of a new thread."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:ledscripts.com:ledforums:beta_1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 6.8
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-10-30T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1198",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://freshmeat.net/redir/cherokee/20646/url_changelog/ChangeLog",
"name" : "http://freshmeat.net/redir/cherokee/20646/url_changelog/ChangeLog",
"refsource" : "CONFIRM",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/9345",
"name" : "9345",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.osvdb.org/3306",
"name" : "3306",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10518",
"name" : "10518",
"refsource" : "SECUNIA",
"tags" : [ "Patch" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14119",
"name" : "cherokee-post-request-dos(14119)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "connection.c in Cherokee web server before 0.4.6 allows remote attackers to cause a denial of service via an HTTP POST request without a Content-Length header field."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cherokee:cherokee_httpd:0.2.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cherokee:cherokee_httpd:0.2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cherokee:cherokee_httpd:0.2.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cherokee:cherokee_httpd:0.4.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cherokee:cherokee_httpd:0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cherokee:cherokee_httpd:0.1.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cherokee:cherokee_httpd:0.1.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cherokee:cherokee_httpd:0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-26T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1199",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.autistici.org/fdonato/advisory/MyProxy20030629-adv.txt",
"name" : "http://www.autistici.org/fdonato/advisory/MyProxy20030629-adv.txt",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/9846",
"name" : "9846",
"refsource" : "BID",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://www.osvdb.org/4202",
"name" : "4202",
"refsource" : "OSVDB",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://secunia.com/advisories/11090",
"name" : "11090",
"refsource" : "SECUNIA",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=107902444305344&w=2",
"name" : "20030311 XSS in MyProxy 20030629",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15438",
"name" : "myproxy-xss(15438)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in MyProxy 20030629 allows remote attackers to inject arbitrary web script or HTML via the URL."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:myproxy:myproxy:2003-06-29:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 6.8
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-03-11T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1200",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/348454",
"name" : "20031229 [Hat-Squad] Remote buffer overflow in Mdaemon Raw message Handler",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://hat-squad.com/bugreport/mdaemon-raw.txt",
"name" : "http://hat-squad.com/bugreport/mdaemon-raw.txt",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/9317",
"name" : "9317",
"refsource" : "BID",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://www.osvdb.org/3255",
"name" : "3255",
"refsource" : "OSVDB",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://secunia.com/advisories/10512",
"name" : "10512",
"refsource" : "SECUNIA",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=107936753929354&w=2",
"name" : "20040314 Rosiello Security's exploit for MDaemon",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14097",
"name" : "mdaemon-form2raw-from-bo(14097)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Stack-based buffer overflow in FORM2RAW.exe in Alt-N MDaemon 6.5.2 through 6.8.5 allows remote attackers to execute arbitrary code via a long From parameter to Form2Raw.cgi."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:alt-n:mdaemon:6.7.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:alt-n:mdaemon:6.7.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:alt-n:mdaemon:6.8.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:alt-n:mdaemon:6.8.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:alt-n:mdaemon:6.8.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:alt-n:mdaemon:6.8.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:alt-n:mdaemon:6.8.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:alt-n:mdaemon:6.5.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:alt-n:mdaemon:6.8.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-29T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1201",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.openldap.org/its/index.cgi?findid=2390",
"name" : "http://www.openldap.org/its/index.cgi?findid=2390",
"refsource" : "CONFIRM",
"tags" : [ "Patch" ]
}, {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000685",
"name" : "CLSA-2003:685",
"refsource" : "CONECTIVA",
"tags" : [ "Patch" ]
}, {
"url" : "http://security.gentoo.org/glsa/glsa-200403-12.xml",
"name" : "GLSA-200403-12",
"refsource" : "GENTOO",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.securityfocus.com/bid/7656",
"name" : "7656",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "http://secunia.com/advisories/9203",
"name" : "9203",
"refsource" : "SECUNIA",
"tags" : [ "Patch" ]
}, {
"url" : "http://secunia.com/advisories/11261",
"name" : "11261",
"refsource" : "SECUNIA",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.osvdb.org/17000",
"name" : "17000",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12520",
"name" : "openldap-back-ldbm-dos(12520)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "ldbm_back_exop_passwd in the back-ldbm backend in passwd.c for OpenLDAP 2.1.12 and earlier, when the slap_passwd_parse function does not return LDAP_SUCCESS, attempts to free an uninitialized pointer, which allows remote attackers to cause a denial of service (segmentation fault)."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openldap:openldap:2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openldap:openldap:2.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openldap:openldap:2.0.13:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openldap:openldap:2.0.14:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openldap:openldap:2.0.20:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openldap:openldap:2.0.21:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openldap:openldap:2.0.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openldap:openldap:2.0.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openldap:openldap:2.0.15:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openldap:openldap:2.0.16:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openldap:openldap:2.0.23:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openldap:openldap:2.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openldap:openldap:2.0.11_11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openldap:openldap:2.1.15:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openldap:openldap:2.1.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openldap:openldap:2.0.22:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openldap:openldap:2.0.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openldap:openldap:2.1.14:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openldap:openldap:2.0.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openldap:openldap:2.0.27:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openldap:openldap:2.0.11_9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openldap:openldap:2.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openldap:openldap:2.0.25:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openldap:openldap:2.0.12:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openldap:openldap:2.0.11_11s:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openldap:openldap:2.0.19:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openldap:openldap:2.1.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openldap:openldap:2.0.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openldap:openldap:2.0.18:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openldap:openldap:2.1.16:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openldap:openldap:2.0.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openldap:openldap:2.0.17:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openldap:openldap:2.1.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openldap:openldap:2.1.12:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openldap:openldap:2.0.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openldap:openldap:2.1.13:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openldap:openldap:2.0.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-03-20T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1202",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/8451",
"name" : "8451",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch" ]
}, {
"url" : "http://secunia.com/advisories/9585",
"name" : "9585",
"refsource" : "SECUNIA",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106132514828641&w=2",
"name" : "20030821 Remote Execution of Commands in Omail Webmail 0.98.4 and earlier",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106149679129042&w=2",
"name" : "20030821 Re: Remote Execution of Commands in Omail Webmail 0.98.4 and earlier",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12948",
"name" : "omailwebmail-checklogin-code-execution(12948)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The checklogin function in omail.pl for omail webmail 0.98.4 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a (1) password, (2) domainname, or (3) username."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:omail:omail_webmail:0.97.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:omail:omail_webmail:0.98.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-19T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1203",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/7135",
"name" : "7135",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-03/0275.html",
"name" : "20030318 Some XSS vulns",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11601",
"name" : "mambo-option-index-xss(11601)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in index.php for Mambo Site Server 4.0.10 allows remote attackers to execute script on other clients via the ?option parameter."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mambo:mambo_site_server:4.0.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-03-18T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1204",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/306206",
"name" : "20030110 Mambo Site Server Remote Code Execution",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/6571",
"name" : "6571",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/7495",
"name" : "7495",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/7496",
"name" : "7496",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/7497",
"name" : "7497",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/7498",
"name" : "7498",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/7499",
"name" : "7499",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/7500",
"name" : "7500",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/7501",
"name" : "7501",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/7502",
"name" : "7502",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/7503",
"name" : "7503",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/7504",
"name" : "7504",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/7505",
"name" : "7505",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11050",
"name" : "mambo-multiple-scripts-xss(11050)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site Server 4.0.12 BETA and earlier allow remote attackers to execute script on other clients via (1) the link parameter in sectionswindow.php, the directory parameter in (2) gallery.php, (3) navigation.php, or (4) uploadimage.php, the path parameter in (5) view.php, (6) the choice parameter in upload.php, (7) the sitename parameter in mambosimple.php, (8) the type parameter in upload.php, or the id parameter in (9) emailarticle.php, (10) emailfaq.php, or (11) emailnews.php."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:mambo:mambo_site_server:4.0.12_beta:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:mambo:mambo_site_server:4.0.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 6.8
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1205",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.crob.net/studio/ftpserver/",
"name" : "http://www.crob.net/studio/ftpserver/",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/2378",
"name" : "2378",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/9467",
"name" : "9467",
"refsource" : "SECUNIA",
"tags" : [ "Patch" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106019292611151&w=2",
"name" : "20030806 DoS Vulnerabilities in Crob FTP Server 2.60.1",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12838",
"name" : "crob-rename-file-dos(12838)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Crob FTP Server 2.60.1 allows remote authenticated users to cause a denial of service (crash) by renaming a file to the \"con\" MS-DOS device name."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:crob:crob_ftp_server:2.60.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-08-06T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1206",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-08/0087.html",
"name" : "20030807 Re: DoS Vulnerabilities in Crob FTP Server 2.60.1",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.crob.net/studio/ftpserver/",
"name" : "http://www.crob.net/studio/ftpserver/",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/8929",
"name" : "8929",
"refsource" : "SECUNIA",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106019292611151&w=2",
"name" : "20030806 DoS Vulnerabilities in Crob FTP Server 2.60.1",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12834",
"name" : "crob-login-dos(12834)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Format string vulnerability in Crob FTP Server 2.60.1 allows remote attackers to cause a denial of service (crash) via \"%s\" or \"%n\" sequences in (1) the username during login, or other FTP commands such as (2) dir."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:crob:crob_ftp_server:2.60.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-06-03T04:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1207",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/352329",
"name" : "20040201 Vulnerabilities in Crob FTP Server V3.5.1",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/9549",
"name" : "9549",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "http://securitytracker.com/id?1008908",
"name" : "1008908",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10778",
"name" : "10778",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15105",
"name" : "crob-dir-dos(15105)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Crob FTP Server 3.5.1 allows remote authenticated users to cause a denial of service (crash) via a dir command with a large number of \".\" characters followed by a \"/*\" string."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:crob:crob_ftp_server:3.5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-02-01T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1208",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0030.html",
"name" : "20040205 Oracle Database 9ir2 Interval Conversion Functions Buffer Overflow",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://www.nextgenss.com/advisories/ora_from_tz.txt",
"name" : "http://www.nextgenss.com/advisories/ora_from_tz.txt",
"refsource" : "MISC",
"tags" : [ "Exploit", "Patch" ]
}, {
"url" : "http://www.nextgenss.com/advisories/ora_numtodsinterval.txt",
"name" : "http://www.nextgenss.com/advisories/ora_numtodsinterval.txt",
"refsource" : "MISC",
"tags" : [ "Exploit", "Patch" ]
}, {
"url" : "http://www.nextgenss.com/advisories/ora_numtoyminterval.txt",
"name" : "http://www.nextgenss.com/advisories/ora_numtoyminterval.txt",
"refsource" : "MISC",
"tags" : [ "Exploit", "Patch" ]
}, {
"url" : "http://www.nextgenss.com/advisories/ora_time_zone.txt",
"name" : "http://www.nextgenss.com/advisories/ora_time_zone.txt",
"refsource" : "MISC",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/240174",
"name" : "VU#240174",
"refsource" : "CERT-VN",
"tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/399806",
"name" : "VU#399806",
"refsource" : "CERT-VN",
"tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/819126",
"name" : "VU#819126",
"refsource" : "CERT-VN",
"tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/846582",
"name" : "VU#846582",
"refsource" : "CERT-VN",
"tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ]
}, {
"url" : "http://www.ciac.org/ciac/bulletins/o-093.shtml",
"name" : "O-093",
"refsource" : "CIAC",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/9587",
"name" : "9587",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.osvdb.org/3837",
"name" : "3837",
"refsource" : "OSVDB",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.osvdb.org/3838",
"name" : "3838",
"refsource" : "OSVDB",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.osvdb.org/3839",
"name" : "3839",
"refsource" : "OSVDB",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.osvdb.org/3840",
"name" : "3840",
"refsource" : "OSVDB",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://secunia.com/advisories/10805",
"name" : "10805",
"refsource" : "SECUNIA",
"tags" : [ "Exploit", "Patch" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15060",
"name" : "oracle-multiple-function-bo(15060)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple buffer overflows in Oracle 9i 9 before 9.2.0.3 allow local users to execute arbitrary code by (1) setting the TIME_ZONE session parameter to a long value, or providing long parameters to the (2) NUMTOYMINTERVAL, (3) NUMTODSINTERVAL or (4) FROM_TZ functions."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:standard_9.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:standard_9.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:standard_9.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:personal_9.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:standard_9.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:personal_9.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-12-03T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1209",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-20"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://monkeyd.sourceforge.net/Changelog.txt",
"name" : "http://monkeyd.sourceforge.net/Changelog.txt",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/7201",
"name" : "7201",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11650",
"name" : "monkey-content-type-dos(11650)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The Post_Method function in Monkey HTTP Daemon before 0.6.2 allows remote attackers to cause a denial of service (crash) via a POST request without a Content-Type header."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:monkey-project:monkey:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "0.6.1",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:monkey-project:monkey:0.6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:monkey-project:monkey:0.5.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:monkey-project:monkey:0.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2020-03-26T14:23Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1210",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-05/0147.html",
"name" : "20030513 More and More SQL injection on PHP-Nuke 6.5.",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/7588",
"name" : "7588",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11984",
"name" : "phpnuke-multiple-sql-injection(11984)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple SQL injection vulnerabilities in the Downloads module for PHP-Nuke 5.x through 6.5 allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to the getit function or the (2) min parameter to the search function."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:francisco_burzi:php-nuke:6.5_beta1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:francisco_burzi:php-nuke:6.5_final:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:francisco_burzi:php-nuke:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "6.5",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1211",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-06/0048.html",
"name" : "20030606 Critical Vulnerabilities In Max Web Portal",
"refsource" : "BUGTRAQ",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.securityfocus.com/bid/7837",
"name" : "7837",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch" ]
}, {
"url" : "http://www.osvdb.org/3281",
"name" : "3281",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/8979",
"name" : "8979",
"refsource" : "SECUNIA",
"tags" : [ "Exploit" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12277",
"name" : "maxwebportal-search-xss(12277)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in search.asp for MaxWebPortal 1.30 and possibly earlier versions allows remote attackers to inject arbitrary web script or HTML via the Search parameter."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:maxwebportal:maxwebportal:1.30:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 6.8
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1212",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-06/0048.html",
"name" : "20030606 Critical Vulnerabilities In Max Web Portal",
"refsource" : "BUGTRAQ",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.securityfocus.com/bid/7837",
"name" : "7837",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.osvdb.org/4933",
"name" : "4933",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/8979",
"name" : "8979",
"refsource" : "SECUNIA",
"tags" : [ "Exploit" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12278",
"name" : "maxwebportal-form-field-modify(12278)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "MaxWebPortal 1.30 allows remote attackers to perform unauthorized actions by modifying hidden form fields, such as the (1) news, (2) lock, or (3) allmem fields in the 'start new topic' HTML page."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:maxwebportal:maxwebportal:1.30:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1213",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-06/0048.html",
"name" : "20030606 Critical Vulnerabilities In Max Web Portal",
"refsource" : "BUGTRAQ",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.securityfocus.com/bid/7837",
"name" : "7837",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch" ]
}, {
"url" : "http://secunia.com/advisories/8979",
"name" : "8979",
"refsource" : "SECUNIA",
"tags" : [ "Exploit" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12279",
"name" : "maxwebportal-database-access(12279)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The default installation of MaxWebPortal 1.30 stores the portal database under the web document root with insecure access control, which allows remote attackers to obtain sensitive information via a direct request to database/db2000.mdb."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:maxwebportal:maxwebportal:1.30:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1214",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.ezcontents.org/forum/viewtopic.php?t=361",
"name" : "http://www.ezcontents.org/forum/viewtopic.php?t=361",
"refsource" : "CONFIRM",
"tags" : [ "Patch" ]
}, {
"url" : "http://secunia.com/advisories/10839",
"name" : "10839",
"refsource" : "SECUNIA",
"tags" : [ "Exploit", "Patch" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15136",
"name" : "ezcontents-login-bypass(15136)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unknown vulnerability in the server login for VisualShapers ezContents 2.02 and earlier allows remote attackers to bypass access restrictions and gain access to restricted functions."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:visualshapers:ezcontents:1.42:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:visualshapers:ezcontents:1.43:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:visualshapers:ezcontents:2.0_rc3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:visualshapers:ezcontents:1.44:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:visualshapers:ezcontents:1.45:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:visualshapers:ezcontents:1.45b:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:visualshapers:ezcontents:1.40:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:visualshapers:ezcontents:1.41:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:visualshapers:ezcontents:2.0_rc1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:visualshapers:ezcontents:2.0_rc2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:visualshapers:ezcontents:2.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:visualshapers:ezcontents:2.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2004-02-11T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1215",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=161943",
"name" : "http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=161943",
"refsource" : "CONFIRM",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/9314",
"name" : "9314",
"refsource" : "BID",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=107273069130885&w=2",
"name" : "20031229 SQL Injection in phpBB's groupcp.php",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14096",
"name" : "phpbb-groupcp-sql-injection(14096)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "SQL injection vulnerability in groupcp.php for phpBB 2.0.6 and earlier allows group moderators to perform unauthorized activities via the sql_in parameter."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:1.4.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:2.0.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:2.0_beta1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:2.0_rc1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:2.0_rc2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:1.0.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:1.2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:2.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:2.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:2.0_rc3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:2.0_rc4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:2.0.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:1.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:1.4.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:2.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:1.4.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:2.0.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:1.4.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:2.0.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-29T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1216",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.phpbb.com/phpBB/viewtopic.php?t=153818",
"name" : "http://www.phpbb.com/phpBB/viewtopic.php?t=153818",
"refsource" : "CONFIRM",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/9122",
"name" : "9122",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=106997132425576&w=2",
"name" : "20031127 phpBB 2.06 search.php SQL injection",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=107005608726609&w=2",
"name" : "20031128 [Hat-Squad] phpBB search_id injection exploit",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=107196735102970&w=2",
"name" : "20031220 phpBB v2.06 search_id sql injection exploit",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13867",
"name" : "phpbb-searchphp-sql-injection(13867)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "SQL injection vulnerability in search.php for phpBB 2.0.6 and earlier allows remote attackers to execute arbitrary SQL and gain privileges via the search_id parameter."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:1.4.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:1.4.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:2.0.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:2.0.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:1.4.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:1.4.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:2.0.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:2.0_beta1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:1.2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:1.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:2.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:2.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:2.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:2.0_rc2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:2.0_rc1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:1.0.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:2.0_rc4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:2.0.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:2.0_rc3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-11-27T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1217",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ ]
} ]
},
"references" : {
"reference_data" : [ ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ ]
},
"impact" : { },
"publishedDate" : "2017-05-11T14:29Z",
"lastModifiedDate" : "2017-05-11T14:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1218",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ ]
} ]
},
"references" : {
"reference_data" : [ ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ ]
},
"impact" : { },
"publishedDate" : "2017-05-11T14:29Z",
"lastModifiedDate" : "2017-05-11T14:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1219",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/347831",
"name" : "20031217 osCommerce Malformed Session ID XSS Vuln",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.oscommerce.com/community/bugs,1546",
"name" : "http://www.oscommerce.com/community/bugs,1546",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/9238",
"name" : "9238",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://osdir.com/ml/web.oscommerce.cvs/2003-12/msg00024.html",
"name" : "[tep-commits] 20031217 [TEP-COMMIT] CVS: catalog/catalog/includes/functions html_output.php,1.58,1.59",
"refsource" : "MLIST",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in the tep_href_link function in html_output.php for osCommerce before 2.2-MS3 allows remote attackers to inject arbitrary web script or HTML via the osCsid parameter."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oscommerce:oscommerce:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "2.2_ms2",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2012-12-13T02:24Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1220",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/9034",
"name" : "9034",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "http://dev2dev.bea.com/pub/advisory/25",
"name" : "BEA03-39.00",
"refsource" : "BEA",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "BEA WebLogic Server proxy plugin for BEA Weblogic Express and Server 6.1 through 8.1 SP 1 allows remote attackers to cause a denial of service (proxy plugin crash) via a malformed URL."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp1:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp2:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp5:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp5:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp1:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:8.1:*:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:8.1:sp1:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp4:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:*:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp1:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp4:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp3:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:*:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp3:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp4:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp3:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:*:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:*:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp2:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:8.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp4:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp2:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp5:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp1:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:8.1:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-10T19:22Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1221",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/9034",
"name" : "9034",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "http://dev2dev.bea.com/pub/advisory/32",
"name" : "BEA03-40.00",
"refsource" : "BEA",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "BEA WebLogic Express and Server 7.0 through 8.1 SP 1, under certain circumstances when a request to use T3 over SSL (t3s) is made to the insecure T3 port, may use a non-SSL connection for the communication, which could allow attackers to sniff sessions."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp1:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp4:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:8.1:*:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:*:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:*:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:8.1:sp1:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp2:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:8.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp3:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp2:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp3:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:8.1:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp1:express:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-10T19:22Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1222",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/9034",
"name" : "9034",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "http://dev2dev.bea.com/pub/advisory/63",
"name" : "BEA03-41.00",
"refsource" : "BEA",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "BEA Weblogic Express and Server 8.0 through 8.1 SP 1, when using a foreign Java Message Service (JMS) provider, echoes the password for the foreign provider to the console and stores it in cleartext in config.xml, which could allow attackers to obtain the password."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:8.1:sp1:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:8.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:8.1:*:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:8.1:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-10T19:22Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1223",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/9034",
"name" : "9034",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "http://dev2dev.bea.com/pub/advisory/48",
"name" : "BEA03-42.00",
"refsource" : "BEA",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The Node Manager for BEA WebLogic Express and Server 6.1 through 8.1 SP 1 allows remote attackers to cause a denial of service (Node Manager crash) via malformed data to the Node Manager's port, as demonstrated by nmap."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp1:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp2:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp4:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp5:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp1:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp4:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:8.1:*:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp2:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp4:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:*:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp1:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp3:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:*:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:8.1:sp1:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp2:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp3:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:*:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:*:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp3:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:8.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp5:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp4:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp2:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp3:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:8.1:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp5:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp1:express:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-10T19:22Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1224",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/7563",
"name" : "7563",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "http://dev2dev.bea.com/pub/advisory/22",
"name" : "BEA03-30.00",
"refsource" : "BEA",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Weblogic.admin for BEA WebLogic Server and Express 7.0 and 7.0.0.1 displays the JDBCConnectionPoolRuntimeMBean password to the screen in cleartext, which allows attackers to read a user's password by physically observing (\"shoulder surfing\") the screen."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp1:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp2:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp2:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp3:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp3:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp4:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp1:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:*:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:*:express:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 2.1
},
"severity" : "LOW",
"exploitabilityScore" : 3.9,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-10T19:22Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1225",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/7563",
"name" : "7563",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "http://dev2dev.bea.com/pub/advisory/22",
"name" : "BEA03-30.00",
"refsource" : "BEA",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The default CredentialMapper for BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores passwords in cleartext on disk, which allows local users to extract passwords."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:*:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:*:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp2:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp2:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp4:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp1:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp1:express:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 2.1
},
"severity" : "LOW",
"exploitabilityScore" : 3.9,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-10T19:22Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1226",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/7563",
"name" : "7563",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.securityfocus.com/bid/7587",
"name" : "7587",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "http://dev2dev.bea.com/pub/advisory/22",
"name" : "BEA03-30.00",
"refsource" : "BEA",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores certain secrets concerning password encryption insecurely in config.xml, filerealm.properties, and weblogic-rar.xml, which allows local users to learn those secrets and decrypt passwords."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp1:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp1:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp2:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp4:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:*:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:*:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:win32:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 2.1
},
"severity" : "LOW",
"exploitabilityScore" : 3.9,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-10T19:22Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1227",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-94"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/341044",
"name" : "20031011 Gallery 1.4 including file vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/archive/1/341098",
"name" : "20031012 Re: Gallery 1.4 including file vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/8814",
"name" : "8814",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch" ]
}, {
"url" : "http://www.securityfocus.com/archive/1/341094",
"name" : "20031011 RE: Gallery 1.4 including file vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13419",
"name" : "gallery-indexphp-file-include(13419)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "PHP remote file include vulnerability in index.php for Gallery 1.4 and 1.4-pl1, when running on Windows or in Configuration mode on Unix, allows remote attackers to inject arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter, a different vulnerability than CVE-2002-1412. NOTE: this issue might be exploitable only during installation, or if the administrator has not run a security script after installation."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gallery_project:gallery:1.4_pl1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gallery_project:gallery:1.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1228",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-120"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securiteam.com/unixfocus/5FP0C1FCAW.html",
"name" : "http://www.securiteam.com/unixfocus/5FP0C1FCAW.html",
"refsource" : "MISC",
"tags" : [ "Exploit", "Third Party Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/9871",
"name" : "9871",
"refsource" : "BID",
"tags" : [ "Third Party Advisory", "VDB Entry" ]
}, {
"url" : "http://secunia.com/advisories/10385/",
"name" : "10385",
"refsource" : "SECUNIA",
"tags" : [ "Third Party Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=107064887507504&w=2",
"name" : "20031205 [Fwd: Security Alert; possible buffer overflow in all Mathopd versions]",
"refsource" : "BUGTRAQ",
"tags" : [ "Issue Tracking", "Mailing List", "Third Party Advisory" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=107090601705839&w=2",
"name" : "20031208 Re: [Fwd: Security Alert; possible buffer overflow in all Mathopd",
"refsource" : "BUGTRAQ",
"tags" : [ "Issue Tracking", "Mailing List", "Third Party Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15474",
"name" : "mathopd-preparereply-bo(15474)",
"refsource" : "XF",
"tags" : [ "Third Party Advisory", "VDB Entry" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in the prepare_reply function in request.c for Mathopd 1.2 through 1.5b13, and possibly earlier versions, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via an HTTP request with a long path."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mathopd:mathopd:*:*:*:*:*:*:*:*",
"versionStartIncluding" : "1.2",
"versionEndExcluding" : "1.5",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mathopd:mathopd:1.5:-:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mathopd:mathopd:1.5:beta13:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2021-06-01T14:17Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1229",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-01/0334.html",
"name" : "20030128 Incorrect Certificate Validation in Java Secure Socket Extension",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://java.sun.com/products/jsse/CHANGES.txt",
"name" : "http://java.sun.com/products/jsse/CHANGES.txt",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0301-239",
"name" : "HPSBUX0301-239",
"refsource" : "HP",
"tags" : [ ]
}, {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-50081-1",
"name" : "50081",
"refsource" : "SUNALERT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/6682",
"name" : "6682",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "http://secunia.com/advisories/7943",
"name" : "7943",
"refsource" : "SECUNIA",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securitytracker.com/id?1006001",
"name" : "1006001",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://securitytracker.com/id?1006007",
"name" : "1006007",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://securitytracker.com/id?1007483",
"name" : "1007483",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11182",
"name" : "sun-java-improper-validation(11182)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5883",
"name" : "oval:org.mitre.oval:def:5883",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "X509TrustManager in (1) Java Secure Socket Extension (JSSE) in SDK and JRE 1.4.0 through 1.4.0_01, (2) JSSE before 1.0.3, (3) Java Plug-in SDK and JRE 1.3.0 through 1.4.1, and (4) Java Web Start 1.0 through 1.2 incorrectly calls the isClientTrusted method when determining server trust, which results in improper validation of digital certificate and allows remote attackers to (1) falsely authenticate peers for SSL or (2) incorrectly validate signed JAR files."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:sun:java_web_start:1.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:sun:java_web_start:1.0.1_01:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:sun:jdk:1.3.1_01:*:solaris:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:sun:jdk:1.3.1_01a:*:windows:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:sun:jdk:1.3:*:solaris:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:sun:jdk:1.3_02:*:solaris:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:sun:jdk:1.4.1:*:windows:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:sun:jdk:1.4:*:linux:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:sun:jre:1.3.0:update2:windows:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:sun:jre:1.3.0:update5:linux:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:sun:jre:1.3.1_03:*:linux:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:sun:jdk:1.4.0_02:*:windows:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:sun:java_web_start:1.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:sun:jdk:1.3.1_01:*:linux:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:sun:jdk:1.3.0_05:*:windows:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:sun:jdk:1.3.0_02:*:windows:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:sun:jdk:1.3.1_03:*:windows:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:sun:jre:1.4:*:solaris:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:sun:jre:1.3.0:*:windows:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:sun:jre:1.3.1_03:*:solaris:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:sun:jre:1.4.0_02:*:windows:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:sun:jdk:1.3.1_05:*:linux:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:sun:jdk:1.4.0_02:*:solaris:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:sun:jdk:1.3.0_05:*:linux:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:sun:jre:1.3.0:*:solaris:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:sun:jre:1.3.1:*:linux:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:sun:jre:1.3.1:update1:linux:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:sun:jdk:1.3.0_02:*:linux:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:sun:jre:1.3.1_05:*:solaris:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:sun:jre:1.4:*:windows:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:sun:jre:1.3.0:update1:linux:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:sun:jre:1.3.1_05:*:windows:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:sun:jre:1.4.1:*:linux:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:sun:jre:1.4.0_02:*:solaris:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:sun:jre:1.3.1_03:*:windows:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:sun:jre:1.4.1:*:windows:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:sun:jdk:1.4:*:windows:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:sun:jdk:1.3.1_03:*:linux:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:sun:jre:1.4:*:linux:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:sun:jdk:1.3.1_05:*:solaris:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:sun:jre:1.3.1_05:*:linux:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:sun:jdk:1.4.1:*:solaris:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:sun:jre:1.3.1:update1a:windows:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:sun:jdk:1.3.1_03:*:solaris:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:sun:java_web_start:1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:sun:jre:1.3.1:update1:solaris:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:sun:jre:1.4.1:*:solaris:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:sun:jdk:1.4:*:solaris:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:sun:jre:1.3.0:update2:linux:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:sun:jdk:1.3_05:*:solaris:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:sun:java_web_start:1.0.1_02:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:sun:jsse:1.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:sun:jdk:1.3.1_05:*:windows:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:sun:jdk:1.4.1:*:linux:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:sun:jre:1.3.0:update5:windows:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:sun:jre:1.3.0:update2:solaris:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:sun:jre:1.3.0:update5:solaris:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:sun:jdk:1.4.0_02:*:linux:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:sun:jre:1.4.0_02:*:linux:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1230",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/advisories/5013",
"name" : "FreeBSD-SA-03:03",
"refsource" : "FREEBSD",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/6920",
"name" : "6920",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "http://secunia.com/advisories/8142/",
"name" : "8142",
"refsource" : "SECUNIA",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.osvdb.org/19785",
"name" : "19785",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11397",
"name" : "freebsd-syncookie-brute-force(11397)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The implementation of SYN cookies (syncookies) in FreeBSD 4.5 through 5.0-RELEASE-p3 uses only 32-bit internal keys when generating syncookies, which makes it easier for remote attackers to conduct brute force ISN guessing attacks and spoof legitimate traffic."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.5:release:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.6:release:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:5.0:release:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.7:release:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.7:stable:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 6.4
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 4.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1231",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securiteam.com/unixfocus/6D00F2A95C.html",
"name" : "http://www.securiteam.com/unixfocus/6D00F2A95C.html",
"refsource" : "MISC",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/9244",
"name" : "9244",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://securitytracker.com/id?1008522",
"name" : "1008522",
"refsource" : "SECTRACK",
"tags" : [ "Exploit" ]
}, {
"url" : "http://secunia.com/advisories/10458",
"name" : "10458",
"refsource" : "SECUNIA",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14032",
"name" : "ecwshop-cat-xss(14032)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in index.php in ECW-Shop 5.5 allows remote attackers to inject arbitrary web script or HTML via the cat parameter."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ecw-shop:ecw-shop:5.01:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ecw-shop:ecw-shop:5.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1232",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-May/005089.html",
"name" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-May/005089.html",
"refsource" : "MISC",
"tags" : [ "Patch" ]
}, {
"url" : "http://groups.google.com/group/gnu.emacs.bug/browse_frm/thread/9424ec1b2fdae321/c691a2da8904db0f?hl=en&lr=&ie=UTF-8&oe=UTF-8&rnum=1&prev=/groups%3Fq%3Dguninski%2Bemacs%26hl%3Den%26lr%3D%26ie%3DUTF-8%26oe%3DUTF-8%26selm%3Dmailman.763.1041357806.19936.bug-gnu-emacs%2540gnu.org%26rnum%3D1#c691a2da8904db0f",
"name" : "http://groups.google.com/group/gnu.emacs.bug/browse_frm/thread/9424ec1b2fdae321/c691a2da8904db0f?hl=en&lr=&ie=UTF-8&oe=UTF-8&rnum=1&prev=/groups%3Fq%3Dguninski%2Bemacs%26hl%3Den%26lr%3D%26ie%3DUTF-8%26oe%3DUTF-8%26selm%3Dmailman.763.1041357806.19936.bug-gnu-emacs%2540gnu.org%26rnum%3D1#c691a2da8904db0f",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286183",
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286183",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/17496",
"name" : "17496",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:208",
"name" : "MDKSA-2005:208",
"refsource" : "MANDRIVA",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/15375",
"name" : "15375",
"refsource" : "BID",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Emacs 21.2.1 does not prompt or warn the user before executing Lisp code in the local variables section of a text file, which allows user-assisted attackers to execute arbitrary commands, as demonstrated using the mode-name variable."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gnu:emacs:21.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "HIGH",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.1
},
"severity" : "MEDIUM",
"exploitabilityScore" : 4.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : true
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2011-03-08T02:13Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1233",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-01/0018.html",
"name" : "20030103 Another way to bypass Integrity Protection Driver ('subst' vuln)",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit", "Patch" ]
}, {
"url" : "http://www.phrack.org/show.php?p=59&a=16",
"name" : "http://www.phrack.org/show.php?p=59&a=16",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-01/0017.html",
"name" : "20030103 Pedestal Software Security Notice",
"refsource" : "BUGTRAQ",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.securityfocus.com/bid/6511",
"name" : "6511",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "http://secunia.com/advisories/7816",
"name" : "7816",
"refsource" : "SECUNIA",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10979",
"name" : "ipd-ntcreatesymboliclinkobject-subs-symlink(10979)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Pedestal Software Integrity Protection Driver (IPD) 1.3 and earlier allows privileged attackers, such as rootkits, to bypass file access restrictions to the Windows kernel by using the NtCreateSymbolicLinkObject function to create a symbolic link to (1) \\Device\\PhysicalMemory or (2) to a drive letter using the subst command."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:pedestal_software:integrity_protection_driver:1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:pedestal_software:integrity_protection_driver:1.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 2.1
},
"severity" : "LOW",
"exploitabilityScore" : 3.9,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1234",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-01/0057.html",
"name" : "20030107 FreeBSD Security Advisory FreeBSD-SA-02:44.filedesc",
"refsource" : "BUGTRAQ",
"tags" : [ "Patch" ]
}, {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0006.html",
"name" : "20030106 PDS: Integer overflow in FreeBSD kernel",
"refsource" : "VULNWATCH",
"tags" : [ ]
}, {
"url" : "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:44.filedesc.asc",
"name" : "FreeBSD-SA-02:44",
"refsource" : "FREEBSD",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.pine.nl/press/pine-cert-20030101.txt",
"name" : "http://www.pine.nl/press/pine-cert-20030101.txt",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.iss.net/security_center/static/10993.php",
"name" : "freebsd-kernel-integer-overflow(10993)",
"refsource" : "XF",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.securityfocus.com/bid/6524",
"name" : "6524",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.securitytracker.com/id?1005898",
"name" : "1005898",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/7821",
"name" : "7821",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/305308/30/26420/threaded",
"name" : "20030106 PDS: Integer overflow in FreeBSD kernel",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Integer overflow in the f_count counter in FreeBSD before 4.2 through 5.0 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via multiple calls to (1) fpathconf and (2) lseek, which do not properly decrement f_count through a call to fdrop."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:2.1.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:2.1.6.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:2.1.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:2.2.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:1.1.5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:2.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:2.2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:2.2:current:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:3.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.10:release:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.10:release_p8:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.6:release:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:2.2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.5:release:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.3:release:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.10:releng:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.11:releng:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.9:releng:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:3.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.11:release_p3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:2.2.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:2.1.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:2.2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:3.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:3.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:3.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:2.1.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.11:stable:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:2.2.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:2.1.7.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:3.5.1:release:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.7:release:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:2.2.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:N/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 3.6
},
"severity" : "LOW",
"exploitabilityScore" : 3.9,
"impactScore" : 4.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2018-10-19T15:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1235",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-04/0014.html",
"name" : "20030331 BRS WebWeaver: full disclosure",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.iss.net/security_center/static/11686.php",
"name" : "webweaver-testcgi-info-disclosure(11686)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/7283",
"name" : "7283",
"refsource" : "BID",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "BRW WebWeaver 1.03 allows remote attackers to obtain sensitive server environment information via a URL request for testcgi.exe, which lists the values of environment variables and the current working directory."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:brs:webweaver:1.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:brs:webweaver:1.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:brs:webweaver:1.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1236",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/305663",
"name" : "20030108 Tanne Remote format string exploit (Proof of Concept)",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0011.html",
"name" : "20030107 [INetCop Security Advisory] Remote format string vulnerability in Tanne.",
"refsource" : "VULNWATCH",
"tags" : [ "Exploit", "Patch" ]
}, {
"url" : "http://www.securityfocus.com/archive/1/305460",
"name" : "20030107 [INetCop Security Advisory] Remote format string vulnerability in Tanne.",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit", "Patch" ]
}, {
"url" : "http://tanne.fluxnetz.de/download/tanne-0.7.1.tar.bz2",
"name" : "http://tanne.fluxnetz.de/download/tanne-0.7.1.tar.bz2",
"refsource" : "CONFIRM",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.securityfocus.com/bid/6553",
"name" : "6553",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch" ]
}, {
"url" : "http://www.iss.net/security_center/static/11006.php",
"name" : "tanne-logger-format-string(11006)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "http://www.securitytracker.com/id?1005900",
"name" : "1005900",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/7831",
"name" : "7831",
"refsource" : "SECUNIA",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple format string vulnerabilities in the logger function in netzio.c for Tanne 0.6.17 allows remote attackers to execute arbitrary code via format string specifiers in syslog."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:tanne:tanne:0.6.17:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1237",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0274.html",
"name" : "20030222 [SCSA-007] Cross Site Scripting Vulnerabilities in WWWBoard",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.iss.net/security_center/static/11383.php",
"name" : "wwwboard-message-xss(11383)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6918",
"name" : "6918",
"refsource" : "BID",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting vulnerability (XSS) in WWWBoard 2.0A2.1 and earlier allows remote attackers to inject arbitrary HTML or web script via a message post."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:matt_wright:wwwboard:2.0a2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:matt_wright:wwwboard:2.0a2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1238",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0276.html",
"name" : "20030221 [SCSA-006] XSS & Function Execution Vulnerabilities in Nuked-Klan",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-03/0275.html",
"name" : "20030318 Some XSS vulns",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/6916",
"name" : "6916",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.iss.net/security_center/static/11420.php",
"name" : "nuked-klan-team-xss(11420)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting vulnerability (XSS) in Nuked-Klan 1.3 beta and earlier allows remote attackers to steal authentication information via cookies by injecting arbitrary HTML or script into op of the (1) Team, (2) News, and (3) Liens modules."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:nuked-klan:nuked-klan:1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:nuked-klan:nuked-klan:1.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:nuked-klan:nuked-klan:1.3_beta:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:nuked-klan:nuked-klan:1.2_beta:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 5.8
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 4.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1239",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0092.html",
"name" : "20030223 WihPhoto (PHP)",
"refsource" : "VULNWATCH",
"tags" : [ "Exploit", "Patch" ]
}, {
"url" : "http://www.securityfocus.com/archive/1/312966",
"name" : "20030223 WihPhoto (PHP)",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit", "Patch" ]
}, {
"url" : "http://www.securityfocus.com/bid/6929",
"name" : "6929",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch" ]
}, {
"url" : "http://www.iss.net/security_center/static/11429.php",
"name" : "wihphoto-sendphoto-file-disclosure(11429)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Directory traversal vulnerability in sendphoto.php in WihPhoto 0.86 allows remote attackers to read arbitrary files via .. specifiers in the album parameter, and the target filename in the pic parameter."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:wihphoto:wihphoto:0.86:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1240",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-94"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0320.html",
"name" : "20030225 PHP code injection in CuteNews",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/6935",
"name" : "6935",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.iss.net/security_center/static/11417.php",
"name" : "cutenews-php-file-include(11417)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "PHP remote file inclusion vulnerability in CuteNews 0.88 allows remote attackers to execute arbitrary PHP code via a URL in the cutepath parameter in (1) shownews.php, (2) search.php, or (3) comments.php."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cutephp:cutenews:0.88:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1241",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0089.html",
"name" : "20030221 Myguestbook (PHP)",
"refsource" : "VULNWATCH",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/archive/1/312762",
"name" : "20030221 Myguestbook (PHP)",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/6906",
"name" : "6906",
"refsource" : "BID",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting vulnerability (XSS) in (1) admin_index.php, (2) admin_pass.php, (3) admin_modif.php, and (4) admin_suppr.php in MyGuestbook 3.0 allows remote attackers to execute arbitrary PHP code by modifying the location parameter to reference a URL on a remote web server that contains file.php via script injected into the pseudo, email, and message parameters."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:levcgi.com:myguestbook:3.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1242",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0236.html",
"name" : "20030219 XSS and Path Disclosure in Sage",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/6893",
"name" : "6893",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.iss.net/security_center/static/11372.php",
"name" : "sage-module-path-disclosure(11372)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Sage 1.0 b3 allows remote attackers to obtain the root web server path via a URL request for a non-existent module, which returns the path in an error message."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:sage:sage:1.0_beta_3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1243",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0236.html",
"name" : "20030219 XSS and Path Disclosure in Sage",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/6894",
"name" : "6894",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11371",
"name" : "sage-mod-xss(11371)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting vulnerability (XSS) in Sage 1.0 b3 allows remote attackers to insert arbitrary HTML or web script via the mod parameter."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:sage:sage:1.0_beta_3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1244",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-89"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0245.html",
"name" : "20030220 phpBB Security Bugs",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/6888",
"name" : "6888",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch" ]
}, {
"url" : "http://www.iss.net/security_center/static/11376.php",
"name" : "phpbb-pageheader-sql-injection(11376)",
"refsource" : "XF",
"tags" : [ "Patch" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "SQL injection vulnerability in page_header.php in phpBB 2.0, 2.0.1 and 2.0.2 allows remote attackers to brute force user passwords and possibly gain unauthorized access to forums via the forum_id parameter to index.php."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:2.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:2.0.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:2.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1245",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0302.html",
"name" : "20030224 Mambo SiteServer exploit gains administrative privileges",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/6926",
"name" : "6926",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11398",
"name" : "mambo-sessionid-gain-privileges(11398)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "index2.php in Mambo 4.0.12 allows remote attackers to gain administrator access via a URL request where session_id is set to the MD5 hash of a session cookie."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:mambo:mambo_site_server:4.0.12_rc2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1246",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-01/0018.html",
"name" : "20030103 Another way to bypass Integrity Protection Driver ('subst' vuln)",
"refsource" : "BUGTRAQ",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-01/0017.html",
"name" : "20030103 Pedestal Software Security Notice",
"refsource" : "BUGTRAQ",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/6511",
"name" : "6511",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.iss.net/security_center/static/10979.php",
"name" : "ipd-ntcreatesymboliclinkobject-subs-symlink(10979)",
"refsource" : "XF",
"tags" : [ "Patch" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "NtCreateSymbolicLinkObject in ntdll.dll in Integrity Protection Driver (IPD) 1.2 and 1.3 allows local users to create and overwrite arbitrary files via a symlink attack on \\winnt\\system32\\drivers using the subst command."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:pedestal_software:integrity_protection_driver:1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:pedestal_software:integrity_protection_driver:1.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 2.1
},
"severity" : "LOW",
"exploitabilityScore" : 3.9,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1247",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/305313",
"name" : "20030106 Remote root vuln in HSphere WebShell",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit", "Patch", "Vendor Advisory" ]
}, {
"url" : "http://psoft.net/misc/webshell_patch.html",
"name" : "http://psoft.net/misc/webshell_patch.html",
"refsource" : "MISC",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.iss.net/security_center/static/10999.php",
"name" : "hsphere-webshell-readfile-bo(10999)",
"refsource" : "XF",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.iss.net/security_center/static/11002.php",
"name" : "hsphere-webshell-diskusage-bo(11002)",
"refsource" : "XF",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.iss.net/security_center/static/11003.php",
"name" : "hsphere-webshell-flist-bo(11003)",
"refsource" : "XF",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.securityfocus.com/bid/6537",
"name" : "6537",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.securityfocus.com/bid/6538",
"name" : "6538",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.securityfocus.com/bid/6540",
"name" : "6540",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.securityfocus.com/bid/6527",
"name" : "6527",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.securitytracker.com/id?1005893",
"name" : "1005893",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/7832",
"name" : "7832",
"refsource" : "SECUNIA",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple buffer overflows in H-Sphere WebShell 2.3 allow remote attackers to execute arbitrary code via (1) a long URL content type in CGI::readFile, (2) a long path in diskusage, and (3) a long fname in flist."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:positive_software:h-sphere:2.3_rc3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1248",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/305313",
"name" : "20030106 Remote root vuln in HSphere WebShell",
"refsource" : "BUGTRAQ",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://psoft.net/misc/webshell_patch.html",
"name" : "http://psoft.net/misc/webshell_patch.html",
"refsource" : "MISC",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.securityfocus.com/bid/6537",
"name" : "6537",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.securityfocus.com/bid/6539",
"name" : "6539",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.iss.net/security_center/static/11001.php",
"name" : "hsphere-webshell-encodefilename-execution(11001)",
"refsource" : "XF",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.securitytracker.com/id?1005893",
"name" : "1005893",
"refsource" : "SECTRACK",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "H-Sphere WebShell 2.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) mode and (2) zipfile parameters in a URL request."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:positive_software:h-sphere:2.3_rc3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1249",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0014.html",
"name" : "20030109 WebIntelligence session hijacking vulnerability",
"refsource" : "VULNWATCH",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/archive/1/305991",
"name" : "20030109 WebIntelligence session hijacking vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.iss.net/security_center/static/11026.php",
"name" : "webintelligence-session-hijacking(11026)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6569",
"name" : "6569",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.securitytracker.com/id?1005906",
"name" : "1005906",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/7846",
"name" : "7846",
"refsource" : "SECUNIA",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "WebIntelligence 2.7.1 uses guessable user session cookies, which allows remote attackers to hijack sessions."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:businessobjects:webintelligence:2.7.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1250",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0015.html",
"name" : "20030110 Efficient Networks 5861 DSL Router",
"refsource" : "VULNWATCH",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/archive/1/308008",
"name" : "20030123 5861 IP Filtering issues",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/306081",
"name" : "20030110 Efficient Networks 5861 DSL Router",
"refsource" : "BUGTRAQ",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.iss.net/security_center/static/11032.php",
"name" : "efficient-dsl-portscan-dos(11032)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6573",
"name" : "6573",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.securitytracker.com/id?1005910",
"name" : "1005910",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://securitytracker.com/id?1005980",
"name" : "1005980",
"refsource" : "SECTRACK",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Efficient Networks 5861 DSL router, when running firmware 5.3.80 configured to block incoming TCP SYN, packets allows remote attackers to cause a denial of service (crash) via a flood of TCP SYN packets to the WAN interface using a port scanner such as nmap."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:efficient_networks:5861_dsl_router:5.3.80_firmware:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1251",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-01/0005.html",
"name" : "20030102 N/X (PHP)",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit", "Patch" ]
}, {
"url" : "http://www.iss.net/security_center/static/10969.php",
"name" : "nx-file-include(10969)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6500",
"name" : "6500",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "http://secunia.com/advisories/7808",
"name" : "7808",
"refsource" : "SECUNIA",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The (1) menu.inc.php, (2) datasets.php and (3) mass_operations.inc.php (mistakenly referred to as mass_opeations.inc.php) scripts in N/X 2002 allow remote attackers to execute arbitrary PHP code via a c_path that references a URL on a remote web server that contains the code."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:nx:n_x_web_content_management_system_2002:prerelease1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1252",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0004.html",
"name" : "20030105 A security vulnerability in S8Forum",
"refsource" : "VULNWATCH",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/archive/1/305406",
"name" : "20030105 A security vulnerability in S8Forum",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://www.iss.net/security_center/static/10974.php",
"name" : "s8forum-register-command-execution(10974)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6547",
"name" : "6547",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securitytracker.com/id?1005881",
"name" : "1005881",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/7819",
"name" : "7819",
"refsource" : "SECUNIA",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "register.php in S8Forum 3.0 allows remote attackers to execute arbitrary PHP commands by creating a user whose name ends in a .php extension and entering the desired commands into the E-mail field, which creates a web-accessible .php file that can be called by the attacker, as demonstrated using a \"system($cmd)\" E-mail address with a \"any_name.php\" username."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:kelli_shaver:s8forum:3.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1253",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-94"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-01/0049.html",
"name" : "20030106 Bookmar4U and Active PHP Bookmarks Vulnerabilities",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://www.iss.net/security_center/static/11009.php",
"name" : "bookmark4u-file-include(11009)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "PHP remote file inclusion vulnerability in Bookmark4U 1.8.3 allows remote attackers to execute arbitrary PHP code viaa URL in the prefix parameter to (1) dbase.php, (2) config.php, or (3) common.load.php."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sangwan_kim:bookmark4u:1.8.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1254",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-01/0049.html",
"name" : "20030106 Bookmar4U and Active PHP Bookmarks Vulnerabilities",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit", "Patch" ]
}, {
"url" : "http://www.securityfocus.com/bid/6545",
"name" : "6545",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.iss.net/security_center/static/11010.php",
"name" : "apb-apbsettings-file-include(11010)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Active PHP Bookmarks (APB) 1.1.01 allows remote attackers to execute arbitrary PHP code via (1) head.php, (2) apb_common.php, or (3) apb_view_class.php by modifying the APB_SETTINGS parameter to reference a URL on a remote web server that contains the code."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:active_php_bookmarks:active_php_bookmarks:1.1.01:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1255",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-01/0049.html",
"name" : "20030106 Bookmar4U and Active PHP Bookmarks Vulnerabilities",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/6546",
"name" : "6546",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11011",
"name" : "apb-addbookmark-authentication-bypass(11011)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "add_bookmark.php in Active PHP Bookmarks (APB) 1.1.01 allows remote attackers to add arbitrary bookmarks as other users using a modified auth_user_id parameter."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:active_php_bookmarks:active_php_bookmarks:1.1.01:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 6.4
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 4.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1256",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0009.html",
"name" : "20030106 E-theni (PHP)",
"refsource" : "VULNWATCH",
"tags" : [ "Exploit", "Patch" ]
}, {
"url" : "http://www.securityfocus.com/archive/1/305381",
"name" : "20030106 E-theni (PHP)",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit", "Patch" ]
}, {
"url" : "http://www.securityfocus.com/bid/6970",
"name" : "6970",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.iss.net/security_center/static/11013.php",
"name" : "etheni-afflistelangue-file-include(11013)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "aff_liste_langue.php in E-theni allows remote attackers to execute arbitrary PHP code by modifying the rep_include parameter to reference a URL on a remote web server that contains para_langue.php."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:e-theni:e-theni:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 6.8
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1257",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0009.html",
"name" : "20030106 E-theni (PHP)",
"refsource" : "VULNWATCH",
"tags" : [ "Exploit", "Patch" ]
}, {
"url" : "http://www.securityfocus.com/archive/1/305381",
"name" : "20030106 E-theni (PHP)",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit", "Patch" ]
}, {
"url" : "http://www.iss.net/security_center/static/11012.php",
"name" : "etheni-findthenihome-information-disclosure(11012)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "find_theni_home.php in E-theni allows remote attackers to obtain sensitive system information via a URL request which executes phpinfo."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:e-theni:e-theni:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1258",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0017.html",
"name" : "20030110 vulnerability in versatile BulletinBoard Allows Gaining Administrative Privileges.",
"refsource" : "VULNWATCH",
"tags" : [ "Exploit", "Patch" ]
}, {
"url" : "http://www.iss.net/security_center/static/11044.php",
"name" : "vbb-unauthorized-privileges(11044)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "activate.php in versatileBulletinBoard (vBB) 0.9.5 and 0.9.6 allows remote attackers to gain unauthorized administrative access via a URL request with the uid parameter set to the webmaster uid."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:versatilebulletinboard:versatilebulletinboard:0.9.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:versatilebulletinboard:versatilebulletinboard:0.9.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1259",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-01/0026.html",
"name" : "20030104 CuteFTP: buffer overflow",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/archive/1/325659",
"name" : "20030618 Re: CuteFTP 5.0 XP, Buffer Overflow",
"refsource" : "BUGTRAQ",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.iss.net/security_center/static/10984.php",
"name" : "cuteftp-ftp-banner-bo(10984)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6518",
"name" : "6518",
"refsource" : "BID",
"tags" : [ "Exploit" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in CuteFTP 4.2 and 5.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long FTP server banner."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:globalscape:cuteftp:4.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:globalscape:cuteftp:5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1260",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-01/0123.html",
"name" : "20030118 CuteFTP 5.0 XP, Buffer Overflow",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/325659",
"name" : "20030618 Re: CuteFTP 5.0 XP, Buffer Overflow",
"refsource" : "BUGTRAQ",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.iss.net/security_center/static/11093.php",
"name" : "cuteftp-list-command-bo(11093)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6642",
"name" : "6642",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0087.html",
"name" : "20030205 Re: CuteFTP 5.0 XP, Buffer Overflow",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://seclists.org/lists/fulldisclosure/2003/Jan/0126.html",
"name" : "20030107 CuteFTP 5.0 XP, Buffer Overflow",
"refsource" : "FULLDISC",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/2181",
"name" : "2181",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/7898",
"name" : "7898",
"refsource" : "SECUNIA",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in CuteFTP 5.0 allows remote attackers to execute arbitrary code via a long response to a LIST command."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:globalscape:cuteftp:5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "HIGH",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.6
},
"severity" : "HIGH",
"exploitabilityScore" : 4.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : true
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1261",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/310710",
"name" : "20030206 Re: CuteFTP 5.0 XP, Buffer Overflow",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/6786",
"name" : "6786",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.iss.net/security_center/static/11275.php",
"name" : "cuteftp-url-clipboard-bo(11275)",
"refsource" : "XF",
"tags" : [ "Patch" ]
}, {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0087.html",
"name" : "20030205 Re: CuteFTP 5.0 XP, Buffer Overflow",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/325659",
"name" : "20030618 Re: CuteFTP 5.0 XP, Buffer Overflow",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in CuteFTP 5.0 and 5.0.1 allows local users to cause a denial of service (crash) by copying a long URL into a clipboard."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:globalscape:cuteftp:5.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:globalscape:cuteftp:5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 2.1
},
"severity" : "LOW",
"exploitabilityScore" : 3.9,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1262",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/305340",
"name" : "20030106 [INetCop Security Advisory] Buffer Overflow vulnerability in HTTP Fetcher Library.",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit", "Patch" ]
}, {
"url" : "http://www.iss.net/security_center/static/11000.php",
"name" : "http-fetcher-httpfetch-bo(11000)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6531",
"name" : "6531",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.linuxsecurity.com/content/view/104480/104/",
"name" : "GLSA-200301-6",
"refsource" : "GENTOO",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/7823",
"name" : "7823",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104195613529429&w=2",
"name" : "20030107 GLSA: http-fetcher",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in the http_fetch function of HTTP Fetcher 1.0.0 and 1.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a URL request via a long (1) host, (2) referer, or (3) userAgent value."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:http_fetcher:http_fetcher_library:1.0.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:http_fetcher:http_fetcher_library:1.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 6.4
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 4.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2016-10-18T02:39Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1263",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-01/0011.html",
"name" : "20030103 ical 3.7 remote dos",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://www.iss.net/security_center/static/10973.php",
"name" : "ical-icalexe-port-dos(10973)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6506",
"name" : "6506",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch" ]
}, {
"url" : "http://www.securityfocus.com/bid/6505",
"name" : "6505",
"refsource" : "BID",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "ICAL.EXE in iCal 3.7 allows remote attackers to cause a denial of service (crash) via a malformed HTTP request, possibly due to an invalid method name."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:brown_bear_software:ical:3.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1264",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/305391",
"name" : "20030106 Re: Longshine WLAN Access-Point LCS-883R VU#310201",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/archive/1/305344",
"name" : "20030106 Longshine WLAN Access-Point LCS-883R VU#310201",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.iss.net/security_center/static/10997.php",
"name" : "longshine-ap-tftp-access(10997)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6533",
"name" : "6533",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.securitytracker.com/id?1005897",
"name" : "1005897",
"refsource" : "SECTRACK",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "TFTP server in Longshine Wireless Access Point (WAP) LCS-883R-AC-B, and in D-Link DI-614+ 2.0 which is based on it, allows remote attackers to obtain the WEP secret and gain administrator privileges by downloading the configuration file (config.img) and other files without authentication."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:d-link:di-614\\+:2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:longshine_technologie:longshine_wireless_ethernet_access_point:lcs-883r-ac-b:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1265",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-12/0277.html",
"name" : "20030101 Potential disclosure of sensitive information in Netscape 7.0 email client",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://www.iss.net/security_center/static/10963.php",
"name" : "netscape-email-deletion-failure(10963)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6499",
"name" : "6499",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.securitytracker.com/id?1005871",
"name" : "1005871",
"refsource" : "SECTRACK",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Netscape 7.0 and Mozilla 5.0 do not immediately delete messages in the trash folder when users select the 'Empty Trash' option, which could allow local users to access deleted messages."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:netscape:navigator:7.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:mozilla:5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 2.1
},
"severity" : "LOW",
"exploitabilityScore" : 3.9,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1266",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-01/0022.html",
"name" : "20030104 EServ/2.97 remote DoS",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit", "Patch" ]
}, {
"url" : "http://www.iss.net/security_center/static/10975.php",
"name" : "eserv-remote-data-dos(10975)",
"refsource" : "XF",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.securityfocus.com/bid/6519",
"name" : "6519",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch" ]
}, {
"url" : "http://www.securityfocus.com/bid/6520",
"name" : "6520",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch" ]
}, {
"url" : "http://www.securityfocus.com/bid/6521",
"name" : "6521",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch" ]
}, {
"url" : "http://www.securityfocus.com/bid/6522",
"name" : "6522",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The (1) FTP, (2) POP3, (3) SMTP, and (4) NNTP servers in EServer 2.92 through 2.97, and possibly 2.98, allow remote attackers to cause a denial of service (crash) via a large amount of data."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:etype:eserv:2.93:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:etype:eserv:2.94:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:etype:eserv:2.95:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:etype:eserv:2.96:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:etype:eserv:2.97:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:etype:eserv:2.92:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:etype:eserv:2.98:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1267",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securiteam.com/windowsntfocus/5SP030A8UO.html",
"name" : "http://www.securiteam.com/windowsntfocus/5SP030A8UO.html",
"refsource" : "MISC",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.iss.net/security_center/static/10964.php",
"name" : "guildftpd-aux-port-dos(10964)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "http://www.securitytracker.com/id?1005864",
"name" : "1005864",
"refsource" : "SECTRACK",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "GuildFTPd 0.999 allows remote attackers to cause a denial of service (crash) via a GET request for MS-DOS device names such as lpt1."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:steve_poulsen:guildftpd:0.999:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1268",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/305685",
"name" : "20030108 a.shopKart Shopping Cart remote vulnerabilities",
"refsource" : "BUGTRAQ",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.centaura.com.ar/infosec/adv/ashopkart.txt",
"name" : "http://www.centaura.com.ar/infosec/adv/ashopkart.txt",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.iss.net/security_center/static/11029.php",
"name" : "ashopkart-multiple-sql-injection(11029)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6558",
"name" : "6558",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/37036",
"name" : "37036",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/37037",
"name" : "37037",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/37038",
"name" : "37038",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://www.securitytracker.com/id?1005903",
"name" : "1005903",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/7838",
"name" : "7838",
"refsource" : "SECUNIA",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple SQL injection vulnerabilities in (1) addcustomer.asp, (2) addprod.asp, and (3) process.asp in a.shopKart 2.0.3 allow remote attackers to execute arbitrary SQL and obtain sensitive information via the zip, state, country, phone, and fax parameters."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:urlogy:a.shop.kart:2.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1269",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/305234",
"name" : "20030104 AN HTTPd v.1.41e: DoS, CSS, real patch attack",
"refsource" : "BUGTRAQ",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.iss.net/security_center/static/10976.php",
"name" : "an-http-path-disclosure(10976)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6528",
"name" : "6528",
"refsource" : "BID",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "AN HTTP 1.41e allows remote attackers to obtain the root web server path via an HTTP request with a long argument to a script, which leaks the path in an error message."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:an:an-http:1.41e:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1270",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/305234",
"name" : "20030104 AN HTTPd v.1.41e: DoS, CSS, real patch attack",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://www.iss.net/security_center/static/10978.php",
"name" : "an-http-script-dos(10978)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "AN HTTP 1.41e allows remote attackers to cause a denial of service (borken pipe) via an HTTP request to aux.cgi with a long argument, possibly triggering a buffer overflow or MS-DOS device vulnerability."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:an:an-http:1.41e:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1271",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/305234",
"name" : "20030104 AN HTTPd v.1.41e: DoS, CSS, real patch attack",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://www.iss.net/security_center/static/10977.php",
"name" : "an-http-script-xss(10977)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6529",
"name" : "6529",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting vulnerability (XSS) in AN HTTP 1.41e allows remote attackers to execute arbitrary web script or HTML as other users via a URL containing the script."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:an:an-http:1.41e:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1272",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-01/0025.html",
"name" : "20030104 WinAmp v.3.0: buffer overflow",
"refsource" : "BUGTRAQ",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.iss.net/security_center/static/10980.php",
"name" : "winamp-b4s-playlistname-bo(10980)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6515",
"name" : "6515",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6516",
"name" : "6516",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10981",
"name" : "winamp-b4s-path-bo(10981)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple buffer overflows in Winamp 3.0 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a .b4s file containing (1) a long playlist name or (2) a long path in a file: argument to the Playstring parameter."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:nullsoft:winamp:3.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 9.3
},
"severity" : "HIGH",
"exploitabilityScore" : 8.6,
"impactScore" : 10.0,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1273",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-01/0025.html",
"name" : "20030104 WinAmp v.3.0: buffer overflow",
"refsource" : "BUGTRAQ",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/6517",
"name" : "6517",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10982",
"name" : "winamp-b4s-playlistname-dos(10982)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Winamp 3.0 allows remote attackers to cause a denial of service (crash) via a .b4s file with a playlist name that contains some non-English characters, e.g. Cyrillic characters."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:nullsoft:winamp:3.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 2.1
},
"severity" : "LOW",
"exploitabilityScore" : 3.9,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1274",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-01/0025.html",
"name" : "20030104 WinAmp v.3.0: buffer overflow",
"refsource" : "BUGTRAQ",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10983",
"name" : "winamp-b4s-path-dos(10983)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Winamp 3.0 allows remote attackers to cause a denial of service (crash) via .b4s file with a file: argument to the Playstring parameter that contains MS-DOS device names such as aux."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:nullsoft:winamp:3.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1275",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-01/0013.html",
"name" : "20030103 JS Bug makes it possible to deliberately crash Pocket PC IE",
"refsource" : "BUGTRAQ",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/6507",
"name" : "6507",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.iss.net/security_center/static/11004.php",
"name" : "pie-javascript-objectinnerhtml-dos(11004)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Pocket Internet Explorer (PIE) 3.0 allows remote attackers to cause a denial of service (crash) via a Javascript function that uses the object.innerHTML function to recursively call that function."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:pocket_ie:3.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1276",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-01/0046.html",
"name" : "20030103 Multiple Issues in Nettelephone Dialer",
"refsource" : "BUGTRAQ",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.iss.net/security_center/static/11007.php",
"name" : "nettelephone-insecure-account-information(11007)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Netfone.exe of NetTelephone 3.5.6 uses weak encryption for user PIN's and stores user account numbers in plaintext in the HKEY_CURRENT_USER\\Software\\MediaRing.com\\SDK\\NetTelephone\\settings registry key, which could allow local users to gain unauthorized access to NetTelephone accounts."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:nettelephone:nettelephone:3.5.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1277",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securiteam.com/unixfocus/5BP061F8US.html",
"name" : "http://www.securiteam.com/unixfocus/5BP061F8US.html",
"refsource" : "MISC",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://www.securiteam.com/unixfocus/5BP051F8VE.html",
"name" : "http://www.securiteam.com/unixfocus/5BP051F8VE.html",
"refsource" : "MISC",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://www.iss.net/security_center/static/10990.php",
"name" : "yabb-se-index-xss(10990)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "http://www.iss.net/security_center/static/10989.php",
"name" : "yabb-newstemplate-xss(10989)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerabilities in Yet Another Bulletin Board (YaBB) 1.5.0 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via cookies by injecting arbitrary HTML or script into (1) news_icon of news_template.php, and (2) threadid and subject of index.html"
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:yabb:yabb:1.5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1278",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/305232",
"name" : "20030104 OpenTopic security hole",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://www.iss.net/security_center/static/10985.php",
"name" : "opentopic-img-xss(10985)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6523",
"name" : "6523",
"refsource" : "BID",
"tags" : [ "Exploit" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting vulnerability (XSS) in OpenTopic 2.3.1 allows remote attackers to execute arbitrary script as other users and possibly steal authentication information via cookies by injecting arbitrary HTML or script into IMG tags."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:infopop:opentopic:2.3.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1279",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/305342",
"name" : "20030105 S-plus /tmp usage",
"refsource" : "BUGTRAQ",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.iss.net/security_center/static/11005.php",
"name" : "splus-tmp-file-symlink(11005)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6530",
"name" : "6530",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.securitytracker.com/id?1005896",
"name" : "1005896",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/7833",
"name" : "7833",
"refsource" : "SECUNIA",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "S-PLUS 6.0 allows local users to overwrite arbitrary files and possibly elevate privileges via a symlink attack on (1) /tmp/__F8499 by Sqpe, (2) /tmp/PRINT.$$.out by PRINT, (3) /tmp/SUBST$PID.TXT and /tmp/ed.cmds$PID by mustfix.hlinks, (4) /tmp/file.1 and /tmp/file.2 by sas_get, (5) /tmp/file.1 by sas_vars, and (6) /tmp/sgml2html$$tmp /tmp/sgml2html$$tmp1 /tmp/sgml2html$$tmp2 by sglm2html."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:insightful:s-plus:6.0:*:unix:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1280",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/305469",
"name" : "20030107 Multiple cgihtml vulnerabilities",
"refsource" : "BUGTRAQ",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/6550",
"name" : "6550",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.iss.net/security_center/static/11022.php",
"name" : "cgihtml-dotdot-directory-traversal(11022)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Directory traversal vulnerability in cgihtml 1.69 allows remote attackers to overwrite and create arbitrary files via a .. (dot dot) in multipart/form-data uploads."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:eekim:cgihtml:1.69:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1281",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/305469",
"name" : "20030107 Multiple cgihtml vulnerabilities",
"refsource" : "BUGTRAQ",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/6552",
"name" : "6552",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.iss.net/security_center/static/11023.php",
"name" : "cgihtml-tmpfile-symlink(11023)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "cgihtml 1.69 allows local users to overwrite arbitrary files via a symlink attack on certain temporary files."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:eekim:cgihtml:1.69:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 2.1
},
"severity" : "LOW",
"exploitabilityScore" : 3.9,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1282",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securiteam.com/securitynews/5CP061F8VS.html",
"name" : "http://www.securiteam.com/securitynews/5CP061F8VS.html",
"refsource" : "MISC",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.iss.net/security_center/static/11016.php",
"name" : "ibm-netdata-view-variables(11016)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "http://www.securitytracker.com/id?1005890",
"name" : "1005890",
"refsource" : "SECTRACK",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "IBM Net.Data allows remote attackers to obtain sensitive information such as path names, server names and possibly user names and passwords by causing the (1) $(DTW_CURRENT_FILENAME), (2) $(DATABASE), (3) $(LOGIN), (4) $(PASSWORD), and possibly other predefined variables that can be echoed back to the user via a web form."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:ibm:net.data:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1283",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-01/0056.html",
"name" : "20030107 KaZaA - Bad Zone",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6543",
"name" : "6543",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.iss.net/security_center/static/11031.php",
"name" : "kazaa-ad-local-zone(11031)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "KaZaA Media Desktop (KMD) 2.0 launches advertisements in the Internet Explorer (IE) local security zone, which could allow remote attackers to view local files and possibly execute arbitrary code."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:kazaa:kazaa_media_desktop:2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1284",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.idefense.com/application/poi/display?id=103&type=vulnerabilities&flashstatus=true",
"name" : "20030925 Sambar Server Multiple Vulnerabilities",
"refsource" : "IDEFENSE",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.sambar.com/security.htm",
"name" : "http://www.sambar.com/security.htm",
"refsource" : "CONFIRM",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://securitytracker.com/id?1007819",
"name" : "1007819",
"refsource" : "SECTRACK",
"tags" : [ "Patch" ]
}, {
"url" : "http://secunia.com/advisories/9578",
"name" : "9578",
"refsource" : "SECUNIA",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13305",
"name" : "sambar-multiple-vulnerabilities(13305)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Sambar Server before 6.0 beta 6 allows remote attackers to obtain sensitive information via direct requests to the default scripts (1) environ.pl and (2) testcgi.exe."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.0:beta1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.0:beta2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.1:beta2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.1:beta3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.1:beta4:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:6.0:beta4:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:6.0:beta5:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.1:beta1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:6.0:beta2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:6.0:beta1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:6.0:beta3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.0:beta5:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.0:beta4:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.1:beta5:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.0:beta6:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.0:beta3:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1285",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.idefense.com/application/poi/display?id=103&type=vulnerabilities&flashstatus=true",
"name" : "20030925 Sambar Server Multiple Vulnerabilities",
"refsource" : "IDEFENSE",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.sambar.com/security.htm",
"name" : "http://www.sambar.com/security.htm",
"refsource" : "CONFIRM",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.osvdb.org/5782",
"name" : "5782",
"refsource" : "OSVDB",
"tags" : [ "Exploit", "Patch" ]
}, {
"url" : "http://www.osvdb.org/5783",
"name" : "5783",
"refsource" : "OSVDB",
"tags" : [ "Exploit", "Patch" ]
}, {
"url" : "http://www.osvdb.org/5784",
"name" : "5784",
"refsource" : "OSVDB",
"tags" : [ "Exploit", "Patch" ]
}, {
"url" : "http://www.osvdb.org/5785",
"name" : "5785",
"refsource" : "OSVDB",
"tags" : [ "Exploit", "Patch" ]
}, {
"url" : "http://www.osvdb.org/5805",
"name" : "5805",
"refsource" : "OSVDB",
"tags" : [ "Exploit", "Patch" ]
}, {
"url" : "http://securitytracker.com/id?1007819",
"name" : "1007819",
"refsource" : "SECTRACK",
"tags" : [ "Patch" ]
}, {
"url" : "http://secunia.com/advisories/9578",
"name" : "9578",
"refsource" : "SECUNIA",
"tags" : [ "Patch" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16056",
"name" : "sambar-multiple-xss(16056)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13305",
"name" : "sambar-multiple-vulnerabilities(13305)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Sambar Server before 6.0 beta 6 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) isapi/testisa.dll, (2) testcgi.exe, (3) environ.pl, (4) the query parameter to samples/search.dll, (5) the price parameter to mortgage.pl, (6) the query string in dumpenv.pl, (7) the query string to dumpenv.pl, and (8) the E-Mail field of the guestbook script (book.pl)."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.0:beta5:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.0:beta6:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:6.0:beta1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.0:beta3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.0:beta4:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.1:beta4:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.1:beta5:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.0:beta1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.0:beta2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:6.0:beta5:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:6.0:beta3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.1:beta3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.1:beta1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.1:beta2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:6.0:beta2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:6.0:beta4:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1286",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2004-04/0353.html",
"name" : "20040430 SECURITY.NNOV: Sambar security quest",
"refsource" : "BUGTRAQ",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.idefense.com/application/poi/display?id=103&type=vulnerabilities&flashstatus=true",
"name" : "20030925 Sambar Server Multiple Vulnerabilities",
"refsource" : "IDEFENSE",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.sambar.com/security.htm",
"name" : "http://www.sambar.com/security.htm",
"refsource" : "CONFIRM",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/10256",
"name" : "10256",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch" ]
}, {
"url" : "http://securitytracker.com/id?1007819",
"name" : "1007819",
"refsource" : "SECTRACK",
"tags" : [ "Patch" ]
}, {
"url" : "http://secunia.com/advisories/9578",
"name" : "9578",
"refsource" : "SECUNIA",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16054",
"name" : "sambar-http-gain-access(16054)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "HTTP Proxy in Sambar Server before 6.0 beta 6, when security.ini lacks a 127.0.0.1 proxydeny entry, allows remote attackers to send proxy HTTP requests to the Sambar Server's administrative interface and external web servers, by making a \"Connection: keep-alive\" request before the proxy requests."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.0:beta1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.0:beta2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.1:beta2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.1:beta3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:6.0:beta4:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:6.0:beta5:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.1:beta1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:6.0:beta1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:6.0:beta2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:6.0:beta3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.0:beta5:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.1:beta4:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.0:beta4:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.1:beta5:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.0:beta6:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.0:beta3:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1287",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.idefense.com/application/poi/display?id=103&type=vulnerabilities&flashstatus=true",
"name" : "20030925 Sambar Server Multiple Vulnerabilities",
"refsource" : "IDEFENSE",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2004-04/0353.html",
"name" : "20040430 SECURITY.NNOV: Sambar security quest",
"refsource" : "BUGTRAQ",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.sambar.com/security.htm",
"name" : "http://www.sambar.com/security.htm",
"refsource" : "CONFIRM",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.osvdb.org/5781",
"name" : "5781",
"refsource" : "OSVDB",
"tags" : [ "Patch" ]
}, {
"url" : "http://securitytracker.com/id?1007819",
"name" : "1007819",
"refsource" : "SECTRACK",
"tags" : [ "Patch" ]
}, {
"url" : "http://secunia.com/advisories/9578",
"name" : "9578",
"refsource" : "SECUNIA",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16059",
"name" : "sambar-post-code-execution(16059)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Sambar Server before 6.0 beta 3 allows attackers with physical access to execute arbitrary code via a request with an MS-DOS device name such as com1.pl, con.pl, or aux.pl, which causes Perl to read the code from the associated device."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.0:beta5:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.0:beta6:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.0:beta3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.0:beta4:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.1:beta4:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.1:beta5:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.0:beta1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.0:beta2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.1:beta2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:6.0:beta1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.1:beta3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.1:beta1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sambar:sambar_server:6.0:beta2:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1288",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://list.linux-vserver.org/archive/vserver/msg05630.html",
"name" : "[Vserver] 20031218 SMP oops 2.4.23 v1.22",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "http://list.linux-vserver.org/archive/vserver/msg05631.html",
"name" : "[Vserver] 20031219 Re: SMP oops 2.4.23 v1.22",
"refsource" : "MLIST",
"tags" : [ "Exploit" ]
}, {
"url" : "http://list.linux-vserver.org/archive/vserver/msg05658.html",
"name" : "[Vserver] 20031220 Re: SMP oops 2.4.23 v1.22",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "http://linux-vserver.org/ChangeLog",
"name" : "http://linux-vserver.org/ChangeLog",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/7587",
"name" : "7587",
"refsource" : "OSVDB",
"tags" : [ "Patch" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple race conditions in Linux-VServer 1.22 with Linux kernel 2.4.23 and SMP allow local users to cause a denial of service (kernel oops) via unknown attack vectors related to the (1) s_info and (2) ip_info data structures and the (a) forget_original_parent, (b) goodness, (c) schedule, (d) update_process_times, and (e) vc_new_s_context functions."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:vserver:linux-vserver:1.22:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1289",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:10.ibcs2.asc",
"name" : "FreeBSD-SA-03:10",
"refsource" : "FREEBSD",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/2406",
"name" : "2406",
"refsource" : "OSVDB",
"tags" : [ "Patch" ]
}, {
"url" : "http://securitytracker.com/id?1007460",
"name" : "1007460",
"refsource" : "SECTRACK",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://secunia.com/advisories/9504",
"name" : "9504",
"refsource" : "SECUNIA",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12892",
"name" : "freebsd-ibcs2-kernel-memory(12892)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The iBCS2 system call translator for statfs in NetBSD 1.5 through 1.5.3 and FreeBSD 4 up to 4.8-RELEASE-p2 and 5 up to 5.1-RELEASE-p1 allows local users to read portions of kernel memory (memory disclosure) via a large length parameter, which copies additional kernel memory into userland memory."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.5.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:4.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:*:release_p1:*:*:*:*:*:*",
"versionEndIncluding" : "5.1",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:netbsd:netbsd:1.5.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:*:release_p2:*:*:*:*:*:*",
"versionEndIncluding" : "4.8",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 2.1
},
"severity" : "LOW",
"exploitabilityScore" : 3.9,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-20T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1290",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://dev2dev.bea.com/pub/advisory/162",
"name" : "BEA03-43.00",
"refsource" : "BEA",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/9034",
"name" : "9034",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.securityfocus.com/bid/16215",
"name" : "16215",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/3064",
"name" : "3064",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10218",
"name" : "10218",
"refsource" : "SECUNIA",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://secunia.com/advisories/18396",
"name" : "18396",
"refsource" : "SECUNIA",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13752",
"name" : "weblogic-mbeanhome-obtain-information(13752)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, with RMI and anonymous admin lookup enabled, allows remote attackers to obtain configuration information by accessing MBeanHome via the Java Naming and Directory Interface (JNDI)."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.0:sp1:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.0:sp2:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp3:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp3:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp6:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp4:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp4:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp3:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:8.1:*:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp5:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.0:sp1:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp6:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp1:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:8.1:sp1:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp2:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:8.1:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp1:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.0:*:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:8.1:*:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp5:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:8.1:sp3:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp2:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp3:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp5:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp1:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp4:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp5:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp1:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp2:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:8.1:sp4:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp2:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp4:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp4:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp4:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:sp4:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.0:sp2:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:8.1:sp3:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:8.1:sp4:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp5:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp5:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:*:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:8.1:sp1:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp2:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:8.1:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp3:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:8.1:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:8.1:sp2:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:8.1:sp4:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:*:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:8.1:sp2:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp4:express:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-20T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1291",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.vmware.com/download/esx/esx152-patch4.html",
"name" : "http://www.vmware.com/download/esx/esx152-patch4.html",
"refsource" : "CONFIRM",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.osvdb.org/21585",
"name" : "21585",
"refsource" : "OSVDB",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.vmware.com/support/kb/enduser/std_adp.php?p_sid=dsxk*BWh&p_lva=&p_faqid=1108",
"name" : "http://www.vmware.com/support/kb/enduser/std_adp.php?p_sid=dsxk*BWh&p_lva=&p_faqid=1108",
"refsource" : "CONFIRM",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "VMware ESX Server 1.5.2 before Patch 4 allows local users to execute arbitrary programs as root via certain modified VMware ESX Server environment variables."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:vmware:esx:1.5.2:patch2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:vmware:esx:1.5.2:patch3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:vmware:esx:1.5.2:patch1:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2018-10-30T16:26Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1292",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/329910",
"name" : "20030720 sorry, wrong file",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0969.html",
"name" : "20060130 Re: ashnews Cross-Site Scripting Vulnerability",
"refsource" : "FULLDISC",
"tags" : [ ]
}, {
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0979.html",
"name" : "20060131 Re: ashnews Cross-Site Scripting Vulnerability",
"refsource" : "FULLDISC",
"tags" : [ "Exploit" ]
}, {
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0980.html",
"name" : "20060131 Re: ashnews Cross-Site Scripting Vulnerability",
"refsource" : "FULLDISC",
"tags" : [ ]
}, {
"url" : "http://forums.ashwebstudio.com/viewtopic.php?t=353&start=0",
"name" : "http://forums.ashwebstudio.com/viewtopic.php?t=353&start=0",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/16436",
"name" : "16436",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "http://secunia.com/advisories/9331",
"name" : "9331",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/18248",
"name" : "18248",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "https://www.exploit-db.com/exploits/1864",
"name" : "1864",
"refsource" : "EXPLOIT-DB",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "PHP remote file include vulnerability in Derek Ashauer ashNews 0.83 allows remote attackers to include and execute arbitrary remote files via a URL in the pathtoashnews parameter to (1) ashnews.php and (2) ashheadlines.php."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ashwebstudio:ashnews:0.83:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1293",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/326506",
"name" : "20030724 GuestBookHost : Cross Site Scripting",
"refsource" : "BUGTRAQ",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/8025",
"name" : "8025",
"refsource" : "BID",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in NukedWeb GuestBookHost allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) Email and (3) Message fields when signing the guestbook."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:nukedweb:guestbookhost:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1294",
"ASSIGNER" : "secalert@redhat.com"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.novell.com/linux/download/updates/90_i386.html",
"name" : "http://www.novell.com/linux/download/updates/90_i386.html",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://jwz.livejournal.com/310943.html",
"name" : "http://jwz.livejournal.com/310943.html",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=182286",
"name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=182286",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=124968",
"name" : "https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=124968",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/9125",
"name" : "9125",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0498.html",
"name" : "RHSA-2006:0498",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/20224",
"name" : "20224",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/20226",
"name" : "20226",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-107.htm",
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-107.htm",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/20456",
"name" : "20456",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc",
"name" : "20060602-01-U",
"refsource" : "SGI",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/20782",
"name" : "20782",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://www.vupen.com/english/advisories/2006/1948",
"name" : "ADV-2006-1948",
"refsource" : "VUPEN",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10848",
"name" : "oval:org.mitre.oval:def:10848",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Xscreensaver before 4.15 creates temporary files insecurely in (1) driver/passwd-kerberos.c, (2) driver/xscreensaver-getimage-video, (3) driver/xscreensaver.kss.in, and the (4) vidwhacker and (5) webcollage screensavers, which allows local users to overwrite arbitrary files via a symlink attack."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xscreensaver:xscreensaver:4.05_6a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xscreensaver:xscreensaver:4.07_2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xscreensaver:xscreensaver:4.11_0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xscreensaver:xscreensaver:4.12_58:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xscreensaver:xscreensaver:4.05_150:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xscreensaver:xscreensaver:4.10_15:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xscreensaver:xscreensaver:4.10_4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xscreensaver:xscreensaver:4.14_2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xscreensaver:xscreensaver:4.14_4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xscreensaver:xscreensaver:4.05_5cl:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xscreensaver:xscreensaver:4.05_6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xscreensaver:xscreensaver:4.14_5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xscreensaver:xscreensaver:4.08_29135cl:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xscreensaver:xscreensaver:4.14_0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xscreensaver:xscreensaver:4.10_8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xscreensaver:xscreensaver:4.12_62:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xscreensaver:xscreensaver:4.09_0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xscreensaver:xscreensaver:4.10_6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 2.1
},
"severity" : "LOW",
"exploitabilityScore" : 3.9,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1295",
"ASSIGNER" : "secalert@redhat.com"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.novell.com/linux/download/updates/90_i386.html",
"name" : "http://www.novell.com/linux/download/updates/90_i386.html",
"refsource" : "CONFIRM",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.securityfocus.com/bid/9125",
"name" : "9125",
"refsource" : "BID",
"tags" : [ "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unspecified vulnerability in xscreensaver 4.12, and possibly other versions, allows attackers to cause xscreensaver to crash via unspecified vectors \"while verifying the user-password.\""
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_servers:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 2.1
},
"severity" : "LOW",
"exploitabilityScore" : 3.9,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1296",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-10/0083.html",
"name" : "20031004 Vulnerabilities in Easy File Sharing Web Server (1.2 NEW)",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13360",
"name" : "easyfilesharing-title-dos(13360)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Easy File Sharing (EFS) Web Server 1.2 allows remote authenticated users to cause a denial of service via (1) an \"empty symbol\" in the Title field or (2) certain data in the Your Message field, possibly a long argument."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:efs_software:efs_web_server:1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-20T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1297",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-10/0083.html",
"name" : "20031004 Vulnerabilities in Easy File Sharing Web Server (1.2 NEW)",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.osvdb.org/23794",
"name" : "23794",
"refsource" : "OSVDB",
"tags" : [ "Exploit", "Patch" ]
}, {
"url" : "http://www.osvdb.org/23795",
"name" : "23795",
"refsource" : "OSVDB",
"tags" : [ "Exploit", "Patch" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Easy File Sharing (EFS) Web Server 1.2 stores the (1) option.ini (aka options.ini) file and (2) log directory under the web root with insufficient access control, which allows remote attackers to obtain sensitive information including an SMTP account username and password hash, the server configuration, and server log files."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:efs_software:efs_web_server:1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1298",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.osvdb.org/23984",
"name" : "23984",
"refsource" : "OSVDB",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/17197",
"name" : "17197",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/19359",
"name" : "19359",
"refsource" : "SECUNIA",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://nger.org/anyportal/forum/read.php?f=1&i=152&t=152#reply_152",
"name" : "http://nger.org/anyportal/forum/read.php?f=1&i=152&t=152#reply_152",
"refsource" : "MISC",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.vupen.com/english/advisories/2006/1053",
"name" : "ADV-2006-1053",
"refsource" : "VUPEN",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25396",
"name" : "anyportalphp-siteman-directory-traversal(25396)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple directory traversal vulnerabilities in siteman.php3 in AnyPortal(php) 12 MAY 00 allow remote attackers to (1) create, (2) delete, (3) save, and (4) upload files by navigating to the root directory and entering a filename beginning with \"./..\" (dot slash dot dot)."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:anyportal_php:anyportal_php:0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-20T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1299",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.pablosoftwaresolutions.com/html/baby_ftp_server.html",
"name" : "http://www.pablosoftwaresolutions.com/html/baby_ftp_server.html",
"refsource" : "CONFIRM",
"tags" : [ "Patch" ]
}, {
"url" : "http://packetstormsecurity.org/0305-exploits/baby.txt",
"name" : "http://packetstormsecurity.org/0305-exploits/baby.txt",
"refsource" : "MISC",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.osvdb.org/24538",
"name" : "24538",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/7749",
"name" : "7749",
"refsource" : "BID",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Directory traversal vulnerability in Baby FTP Server 1.2, and possibly other versions before May 31, 2003 allows remote authenticated users to list arbitrary directories and possibly read files via \"...\" (triple dot) manipulations to the CWD command."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:pablo_software_solutions:baby_ftp_server:1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "SINGLE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 4.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2016-11-28T19:06Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1300",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.pablosoftwaresolutions.com/html/baby_ftp_server.html",
"name" : "http://www.pablosoftwaresolutions.com/html/baby_ftp_server.html",
"refsource" : "CONFIRM",
"tags" : [ "Patch" ]
}, {
"url" : "http://packetstormsecurity.org/0305-exploits/baby.txt",
"name" : "http://packetstormsecurity.org/0305-exploits/baby.txt",
"refsource" : "MISC",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.osvdb.org/24539",
"name" : "24539",
"refsource" : "OSVDB",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Baby FTP Server (BabyFTP) 1.2, and possibly other versions before May 31, 2003, allows remote attackers to cause a denial of service via a large number of connections from the same IP address, which triggers an access violation."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:pablo_software_solutions:baby_ftp_server:1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1301",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4396719",
"name" : "http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4396719",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4944300",
"name" : "http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4944300",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.illegalaccess.org/exploit/ObjectStackOverflow.html",
"name" : "http://www.illegalaccess.org/exploit/ObjectStackOverflow.html",
"refsource" : "MISC",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/18058",
"name" : "18058",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/434705/100/0/threaded",
"name" : "20060521 Generic Browser Crash with Java 1.4.2_11, Java 1.5.0_06",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Sun Java Runtime Environment (JRE) 1.x before 1.4.2_11 and 1.5.x before 1.5.0_06, and as used in multiple web browsers, allows remote attackers to cause a denial of service (application crash) via deeply nested object arrays, which are not properly handled by the garbage collector and trigger invalid memory accesses."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jre:1.4.2_6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jre:1.4.2_7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jre:1.5.0:update4:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jre:1.5.0:update5:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jre:1.4.2_2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jre:1.4.2_3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jre:1.5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jre:1.4.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jre:1.4.2_1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jre:1.4.2_10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jre:1.4.2_4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jre:1.4.2_8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jre:1.4.2_9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jre:1.4.2_5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2018-10-30T16:26Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1302",
"ASSIGNER" : "secalert@redhat.com"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=175040",
"name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=175040",
"refsource" : "CONFIRM",
"tags" : [ "Patch" ]
}, {
"url" : "http://bugs.php.net/bug.php?id=22048",
"name" : "http://bugs.php.net/bug.php?id=22048",
"refsource" : "CONFIRM",
"tags" : [ "Exploit" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The IMAP functionality in PHP before 4.3.1 allows remote attackers to cause a denial of service via an e-mail message with a (1) To or (2) From header with an address that contains a large number of \"\\\" (backslash) characters."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php:php:4.2:*:dev:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php:php:4.3.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php:php:4.2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php:php:4.2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php:php:4.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php:php:4.2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2018-10-30T16:25Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1303",
"ASSIGNER" : "secalert@redhat.com"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=175040",
"name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=175040",
"refsource" : "CONFIRM",
"tags" : [ "Patch" ]
}, {
"url" : "http://bugs.php.net/bug.php?id=24150",
"name" : "http://bugs.php.net/bug.php?id=24150",
"refsource" : "CONFIRM",
"tags" : [ "Exploit" ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10346",
"name" : "oval:org.mitre.oval:def:10346",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in the imap_fetch_overview function in the IMAP functionality (php_imap.c) in PHP before 4.3.3 allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a long e-mail address in a (1) To or (2) From header."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php:php:4.3.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php:php:4.3.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php:php:4.3.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2018-10-30T16:25Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1304",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2003-q3/0081.html",
"name" : "20030705 [Vulnerability] : ProductCart database file can be downloaded remotely",
"refsource" : "FULLDISC",
"tags" : [ ]
}, {
"url" : "http://www.earlyimpact.com/pdf/ProductCart_Security_Tips.pdf",
"name" : "http://www.earlyimpact.com/pdf/ProductCart_Security_Tips.pdf",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/8112",
"name" : "8112",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/9195",
"name" : "9195",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/9816",
"name" : "shopping-cart-database-access(9816)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/438189/100/200/threaded",
"name" : "20060622 productcart soltan_defacer",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "EarlyImpact ProductCart 1.0 through 2.0 stores database/EIPC.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive database information via a direct request."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.5003:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.5003r:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.6_br003:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.6002:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.6br001:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.6br003:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.6_b002:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.6_b003:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.6b001:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:early_impact:productcart:2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.6b003:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.5004:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.5002:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.6_b001:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.6_b:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.6b:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.6_br001:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.6b002:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:early_impact:productcart:2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.6br:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.6003:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.6_br:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:early_impact:productcart:1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2018-10-19T15:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1305",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archive.cert.uni-stuttgart.de/archive/bugtraq/2003/07/msg00068.html",
"name" : "20030707 Internet Explorer Crash",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.osvdb.org/2291",
"name" : "2291",
"refsource" : "OSVDB",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Microsoft Internet Explorer allows remote attackers to cause a denial of service (resource consumption) via a Javascript src attribute that recursively loads the current web page."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0.2900:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1306",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/sf/www-mobile/2003-q3/0021.html",
"name" : "[WWW-Mobile-Code] 20030706 can - IIS Version Disclosure",
"refsource" : "MLIST",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.osvdb.org/29370",
"name" : "29370",
"refsource" : "OSVDB",
"tags" : [ "Exploit" ]
}, {
"url" : "http://secunia.com/advisories/9194",
"name" : "9194",
"refsource" : "SECUNIA",
"tags" : [ "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Microsoft URLScan 2.5, with the RemoveServerHeader option enabled, allows remote attackers to obtain sensitive information (server name and version) via an HTTP request that generates certain errors such as 400 \"Bad Request,\" which leak the Server header in the response."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:microsoft:urlscan:2.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "HIGH",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 2.6
},
"severity" : "LOW",
"exploitabilityScore" : 4.9,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1307",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/348368",
"name" : "20031226 Hijacking Apache https by mod_php",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://bugs.php.net/38915",
"name" : "http://bugs.php.net/38915",
"refsource" : "MISC",
"tags" : [ "Exploit" ]
}, {
"url" : "http://hackerdom.ru/~dimmo/phpexpl.c",
"name" : "http://hackerdom.ru/~dimmo/phpexpl.c",
"refsource" : "MISC",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/9302",
"name" : "9302",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/archive/1/449298/100/0/threaded",
"name" : "20061020 Re: PHP \"exec\", \"system\", \"popen\" (+small POC)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/449234/100/0/threaded",
"name" : "20061019 PHP \"exec\", \"system\", \"popen\" problem",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "** DISPUTED ** The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying \"The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP.\""
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.28:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.28:beta:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.38:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.39:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.34:beta:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.35:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.42:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.43:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.36:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.47:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.28:beta:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.37:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.32:beta:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.44:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.46:*:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.41:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.32:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.48:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.45:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.40:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.46:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:S/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "SINGLE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.1,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2018-10-19T15:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1308",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.fvwm.org/news/",
"name" : "http://www.fvwm.org/news/",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/9161",
"name" : "9161",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "CRLF injection vulnerability in fvwm-menu-directory for fvwm 2.5.x before 2.5.10 and 2.4.x before 2.4.18 allows local users to execute arbitrary commands via carriage returns in a filename."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fvwm:fvwm:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "2.4.17",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fvwm:fvwm:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "2.5.8",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1309",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0070.html",
"name" : "20030805 Local ZoneAlarm Firewall (probably all versions - tested on v3.1)",
"refsource" : "VULNWATCH",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://sec-labs.hack.pl/advisories/seclabs-adv-zone-alarm-04-08-2003.txt",
"name" : "http://sec-labs.hack.pl/advisories/seclabs-adv-zone-alarm-04-08-2003.txt",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://sec-labs.hack.pl/papers/win32ddc.php",
"name" : "http://sec-labs.hack.pl/papers/win32ddc.php",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://download.zonelabs.com/bin/free/information/znalm/zaReleaseHistory.html",
"name" : "http://download.zonelabs.com/bin/free/information/znalm/zaReleaseHistory.html",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/8342",
"name" : "8342",
"refsource" : "BID",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.osvdb.org/2375",
"name" : "2375",
"refsource" : "OSVDB",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.osvdb.org/4362",
"name" : "4362",
"refsource" : "OSVDB",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://secunia.com/advisories/9459",
"name" : "9459",
"refsource" : "SECUNIA",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12824",
"name" : "device-driver-gain-privileges(12824)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The DeviceIoControl function in the TrueVector Device Driver (VSDATANT) in ZoneAlarm before 3.7.211, Pro before 4.0.146.029, and Plus before 4.0.146.029 allows local users to gain privileges via certain signals (aka \"Device Driver Attack\")."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:zonelabs:zonealarm:3.7.211:*:plus:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:zonelabs:zonealarm:3.7.211:*:pro:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:zonelabs:zonealarm:3.7.202:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1310",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://sec-labs.hack.pl/papers/win32ddc.php",
"name" : "http://sec-labs.hack.pl/papers/win32ddc.php",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/8329",
"name" : "8329",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.osvdb.org/4362",
"name" : "4362",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/9460",
"name" : "9460",
"refsource" : "SECUNIA",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12824",
"name" : "device-driver-gain-privileges(12824)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The DeviceIoControl function in the Norton Device Driver (NAVAP.sys) in Symantec Norton AntiVirus 2002 allows local users to gain privileges by overwriting memory locations via certain control codes (aka \"Device Driver Attack\")."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:symantec:norton_antivirus:2003:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:symantec:norton_antivirus:2002:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1311",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://curl.haxx.se/mail/archive-2003-05/0172.html",
"name" : "[curl-users] 20030529 Re: https, redirection and authentication using POST",
"refsource" : "MLIST",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.osvdb.org/30741",
"name" : "30741",
"refsource" : "OSVDB",
"tags" : [ "Exploit" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder does not ensure that the TARGET parameter names a valid redirection resource, which allows remote attackers to construct a URL that might trick users into visiting an arbitrary web site referenced by this parameter."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:netegrity:siteminder:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 6.8
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : true
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1312",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://curl.haxx.se/mail/archive-2003-05/0172.html",
"name" : "[curl-users] 20030529 Re: https, redirection and authentication using POST",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/30741",
"name" : "30741",
"refsource" : "OSVDB",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder places a session ID string in the value of the SMSESSION parameter in a URL, which might allow remote attackers to obtain the ID by sniffing, reading Referer logs, or other methods."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:netegrity:siteminder:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1313",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/340244",
"name" : "20031004 EMML, EMGB : Include() hole",
"refsource" : "VULNWATCH",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/8767",
"name" : "8767",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://securitytracker.com/id?1007884",
"name" : "1007884",
"refsource" : "SECTRACK",
"tags" : [ "Exploit" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple PHP remote file inclusion vulnerabilities in EternalMart Mailing List Manager (EMLM) 1.32 allow remote attackers to execute arbitrary PHP code via a URL in (1) the emml_admin_path parameter to admin/auth.php or (2) the emml_path parameter to emml_email_func.php."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:eternalmart:mailing_list_manager:1.32:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1314",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/340244",
"name" : "20031004 EMML, EMGB : Include() hole",
"refsource" : "VULNWATCH",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/8767",
"name" : "8767",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "http://securitytracker.com/id?1007885",
"name" : "1007885",
"refsource" : "SECTRACK",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/21720",
"name" : "21720",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "https://www.exploit-db.com/exploits/2980",
"name" : "2980",
"refsource" : "EXPLOIT-DB",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "PHP remote file inclusion vulnerability in admin/auth.php in EternalMart Guestbook (EMGB) 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the emgb_admin_path parameter."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:eternalmart:eternalmart_guestbook:1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-10-19T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1315",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.neocrome.net/index.php?m=single&id=76",
"name" : "http://www.neocrome.net/index.php?m=single&id=76",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.neocrome.net/page.php?id=1250",
"name" : "http://www.neocrome.net/page.php?id=1250",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/9168",
"name" : "9168",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/2943",
"name" : "2943",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://securitytracker.com/id?1008416",
"name" : "1008416",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10396",
"name" : "10396",
"refsource" : "SECUNIA",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13922",
"name" : "landdownunder-auth-sql-injection(13922)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "SQL injection vulnerability in auth.php in Land Down Under (LDU) v601 and earlier allows remote attackers to execute arbitrary SQL commands."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:neocrome:land_down_under:701:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1316",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/8507",
"name" : "8507",
"refsource" : "BID",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://www.osvdb.org/3666",
"name" : "3666",
"refsource" : "OSVDB",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://securitytracker.com/id?1007592",
"name" : "1007592",
"refsource" : "SECTRACK",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://secunia.com/advisories/9622",
"name" : "9622",
"refsource" : "SECUNIA",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13042",
"name" : "endonesia-mod-path-disclosure(13042)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "mod.php in eNdonesia 8.2 allows remote attackers to obtain sensitive information via a ' (quote) value in the lng parameter, which reveals the path in an error message. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:endonesia:endonesia:8.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1317",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/8506",
"name" : "8506",
"refsource" : "BID",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://www.osvdb.org/2480",
"name" : "2480",
"refsource" : "OSVDB",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://securitytracker.com/id?1007592",
"name" : "1007592",
"refsource" : "SECTRACK",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://secunia.com/advisories/9622",
"name" : "9622",
"refsource" : "SECUNIA",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13041",
"name" : "endonesia-mod-xss(13041)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in mod.php in eNdonesia 8.2 allows remote attackers to inject arbitrary web script or HTML via the mod parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:endonesia:endonesia:8.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 6.8
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1318",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.tripbit.org/advisories/twilight_advisory.txt",
"name" : "http://www.tripbit.org/advisories/twilight_advisory.txt",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/22090",
"name" : "22090",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=105820430209748&w=2",
"name" : "20030713 TA-2003-07 Denial of Service Attack against Twilight WebServer v1.3.3.0",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Twilight Webserver 1.3.3.0 allows remote attackers to cause a denial of service (application crash) via a GET request for a long URI, a different vulnerability than CVE-2004-2376."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:twilight_utilities:twilight_webserver:1.3.3.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.8
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2016-10-18T02:39Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1319",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-06/0083.html",
"name" : "20030608 [SmartFTP] Two Buffer Overflow Vulnerabilities",
"refsource" : "BUGTRAQ",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://security.nnov.ru/docs4679.html",
"name" : "http://security.nnov.ru/docs4679.html",
"refsource" : "MISC",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7858",
"name" : "7858",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.securityfocus.com/bid/7861",
"name" : "7861",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "http://securitytracker.com/id?1006956",
"name" : "1006956",
"refsource" : "SECTRACK",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://secunia.com/advisories/8998",
"name" : "8998",
"refsource" : "SECUNIA",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12231",
"name" : "smartftp-long-list-bo(12231)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12228",
"name" : "smartftp-pwd-directory-bo(12228)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple buffer overflows in SmartFTP 1.0.973, and other versions before 1.0.976, allow remote attackers to execute arbitrary code via (1) a long response to a PWD command, which triggers a stack-based overflow, and (2) a long line in a response to a file LIST command, which triggers a heap-based overflow."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:smartftp:smartftp:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "1.0.973",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "HIGH",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.6
},
"severity" : "HIGH",
"exploitabilityScore" : 4.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : true
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1320",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-399"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.kb.cert.org/vuls/id/AAMN-5L74VD",
"name" : "http://www.kb.cert.org/vuls/id/AAMN-5L74VD",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/287771",
"name" : "VU#287771",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "SonicWALL firmware before 6.4.0.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted Internet Key Exchange (IKE) response packets, possibly including (1) a large Security Parameter Index (SPI) field, (2) a large number of payloads, or (3) a long payload."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:sonicwall:firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "6.4.0.1",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "HIGH",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.1
},
"severity" : "MEDIUM",
"exploitabilityScore" : 4.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1321",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=106150462504484&w=2",
"name" : "20030821 Buffer overflow in Avant Browser 8.02",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/8471",
"name" : "8471",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12974",
"name" : "avantbrowser-http-bo(12974)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in Avant Browser 8.02 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long URL in an HTTP request."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:avant_force:avant_browser:8.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1322",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/324136",
"name" : "20030606 Multiple Buffer Overflow Vulnerabilities Found in MERCUR Mail server v.4.2 (SP2) - IMAP protocol",
"refsource" : "BUGTRAQ",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7842",
"name" : "7842",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.iss.net/security_center/static/12203.php",
"name" : "mercur-multiple-bo(12203)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple stack-based buffer overflows in Atrium MERCUR IMAPD in MERCUR Mailserver before 4.2.15.0 allow remote attackers to execute arbitrary code via a long (1) EXAMINE, (2) DELETE, (3) SUBSCRIBE, (4) RENAME, (5) UNSUBSCRIBE, (6) LIST, (7) LSUB, (8) STATUS, (9) LOGIN, (10) CREATE, or (11) SELECT command."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:atrium_software:mercur_mailserver:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "4.2",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1323",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.elmme-mailer.org/elm-2.4ME+PL109S.patch.gz",
"name" : "http://www.elmme-mailer.org/elm-2.4ME+PL109S.patch.gz",
"refsource" : "CONFIRM",
"tags" : [ "Patch" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Elm ME+ 2.4 before PL109S, when installed setgid mail and the operating system lacks POSIX saved ID support, allows local users to read and modify certain files with the privileges of the mail group via unspecified vectors."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:elm_development_group:elm:2.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 6.8
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1324",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.elmme-mailer.org/elm-2.4ME+PL109S.patch.gz",
"name" : "http://www.elmme-mailer.org/elm-2.4ME+PL109S.patch.gz",
"refsource" : "CONFIRM",
"tags" : [ "Patch" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Race condition in the can_open function in Elm ME+ 2.4, when installed setgid mail and the operating system lacks POSIX saved ID support, allows local users to read and modify certain files with the privileges of the mail group."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:elmme-mailer:elm_me\\+:2.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1325",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://aluigi.altervista.org/adv/csdos.txt",
"name" : "http://aluigi.altervista.org/adv/csdos.txt",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://packetstormsecurity.org/0304-exploits/hl-headnut.c",
"name" : "http://packetstormsecurity.org/0304-exploits/hl-headnut.c",
"refsource" : "MISC",
"tags" : [ "Exploit" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The SV_CheckForDuplicateNames function in Valve Software Half-Life CSTRIKE Dedicated Server 1.1.1.0 and earlier allows remote authenticated users to cause a denial of service (infinite loop and daemon hang) via a certain connection string to UDP port 27015 that represents \"absence of player informations,\" a related issue to CVE-2006-0734."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:valve_software:half-life_cstrike_dedicated_server:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "1.1.1.0",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:A/AC:M/Au:S/C:N/I:N/A:C",
"accessVector" : "ADJACENT_NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "SINGLE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 5.2
},
"severity" : "MEDIUM",
"exploitabilityScore" : 4.4,
"impactScore" : 6.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1326",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.iss.net/security_center/static/11258.php",
"name" : "ie-dialog-zone-bypass(11258)",
"refsource" : "XF",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.ciac.org/ciac/bulletins/n-038.shtml",
"name" : "N-038",
"refsource" : "CIAC",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6779",
"name" : "6779",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A49",
"name" : "oval:org.mitre.oval:def:49",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A178",
"name" : "oval:org.mitre.oval:def:178",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A126",
"name" : "oval:org.mitre.oval:def:126",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-004",
"name" : "MS03-004",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model to run malicious script or arbitrary programs via dialog boxes, aka \"Improper Cross Domain Security Validation with dialog box.\""
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-02-19T05:00Z",
"lastModifiedDate" : "2018-10-12T21:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1327",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-09/0348.html",
"name" : "20030922 Wu_ftpd all versions (not) vulnerability.",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.slackware.org/security/viewer.php?l=slackware-security&y=2003&m=slackware-security.365971",
"name" : "SSA:2003-259-03",
"refsource" : "SLACKWARE",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/8668",
"name" : "8668",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/2594",
"name" : "2594",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://securitytracker.com/id?1007775",
"name" : "1007775",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/9835",
"name" : "9835",
"refsource" : "SECUNIA",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13269",
"name" : "wuftp-mailadmin-sockprintf-bo(13269)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in the SockPrintf function in wu-ftpd 2.6.2 and earlier, when compiled with MAIL_ADMIN option enabled on a system that supports very long pathnames, might allow remote anonymous users to execute arbitrary code by uploading a file with a long pathname, which triggers the overflow when wu-ftpd constructs a notification message to the administrator."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "AND",
"children" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "2.6.2",
"cpe_name" : [ ]
} ]
} ],
"cpe_match" : [ ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 9.3
},
"severity" : "HIGH",
"exploitabilityScore" : 8.6,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1328",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.iss.net/security_center/static/11259.php",
"name" : "ie-showhelp-zone-bypass(11259)",
"refsource" : "XF",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0083.html",
"name" : "20030206 showHelp(\"file:\") disables security in IE - Sandblad advisory #11",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/400577",
"name" : "VU#400577",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
}, {
"url" : "http://www.ciac.org/ciac/bulletins/n-038.shtml",
"name" : "N-038",
"refsource" : "CIAC",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6780",
"name" : "6780",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A57",
"name" : "oval:org.mitre.oval:def:57",
"refsource" : "OVAL",
"tags" : [ ]
}, {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-004",
"name" : "MS03-004",
"refsource" : "MS",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The showHelp() function in Microsoft Internet Explorer 5.01, 5.5, and 6.0 supports certain types of pluggable protocols that allow remote attackers to bypass the cross-domain security model and execute arbitrary code, aka \"Improper Cross Domain Security Validation with ShowHelp functionality.\""
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-02-19T05:00Z",
"lastModifiedDate" : "2018-10-12T21:33Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1329",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_2.6.2/connect-dos.patch",
"name" : "ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_2.6.2/connect-dos.patch",
"refsource" : "CONFIRM",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.osvdb.org/34670",
"name" : "34670",
"refsource" : "OSVDB",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "ftpd.c in wu-ftpd 2.6.2, when running on \"operating systems that only allow one non-connected socket bound to the same local address,\" does not close failed connections, which allows remote attackers to cause a denial of service."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:washington_university:wu-ftpd:2.6.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.8
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1330",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.mimesweeper.com/download/bin/Patches/MAILsweeper_Patches_301_ReadMe.htm",
"name" : "http://www.mimesweeper.com/download/bin/Patches/MAILsweeper_Patches_301_ReadMe.htm",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/7226",
"name" : "7226",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11745",
"name" : "mailsweeper-onstrip-bypass-filter(11745)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Clearswift MAILsweeper for SMTP 4.3.6 SP1 does not execute custom \"on strip unsuccessful\" hooks, which allows remote attackers to bypass e-mail attachment filtering policies via an attachment that MAILsweeper can detect but not remove."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "AND",
"children" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:microsoft:all_windows:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:clearswift_limited:mailsweeper:4.3.6_sp1:*:smtp:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ],
"cpe_match" : [ ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1331",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2003-q2/1303.html",
"name" : "20030612 libmysqlclient 4.x and below mysql_real_connect() buffer overflow.",
"refsource" : "FULLDISC",
"tags" : [ ]
}, {
"url" : "http://bugs.mysql.com/bug.php?id=564",
"name" : "http://bugs.mysql.com/bug.php?id=564",
"refsource" : "CONFIRM",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/7887",
"name" : "7887",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12337",
"name" : "mysql-mysqlrealconnect-bo(12337)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Stack-based buffer overflow in the mysql_real_connect function in the MySql client library (libmysqlclient) 4.0.13 and earlier allows local users to execute arbitrary code via a long socket name, a different vulnerability than CVE-2001-1453."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:*:gamma:*:*:*:*:*:*",
"versionEndIncluding" : "4.0.9",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:H/Au:N/C:N/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "HIGH",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 4.9,
"impactScore" : 4.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2019-10-07T16:42Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1332",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securiteam.com/exploits/5TP0M2AAKS.html",
"name" : "http://www.securiteam.com/exploits/5TP0M2AAKS.html",
"refsource" : "MISC",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-096.html",
"name" : "RHSA-2003:096",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12749",
"name" : "samba-reply-nttrans-bo(12749)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Stack-based buffer overflow in the reply_nttrans function in Samba 2.2.7a and earlier allows remote attackers to execute arbitrary code via a crafted request, a different vulnerability than CVE-2003-0201."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "AND",
"children" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "2.2.7a",
"cpe_name" : [ ]
} ]
} ],
"cpe_match" : [ ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1333",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-noinfo"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://groups.google.com/group/intersystems-public-cache/browse_thread/thread/8bdc0e496226edd1/60e9179edb4a4d43",
"name" : "http://groups.google.com/group/intersystems-public-cache/browse_thread/thread/8bdc0e496226edd1/60e9179edb4a4d43",
"refsource" : "CONFIRM",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unspecified vulnerability in the Cache' Server Page (CSP) implementation in InterSystems Cache' 4.0.3 through 5.0.5 allows remote attackers to \"gain complete control\" of a server."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:intersystems:cache_database:4.1.16:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:intersystems:cache_database:5.0.12:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:intersystems:cache_database:5.0.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:intersystems:cache_database:5.0.17:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:intersystems:cache_database:5.0.19:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:intersystems:cache_database:5.0.21:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:intersystems:cache_database:5.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:intersystems:cache_database:4.0.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:intersystems:cache_database:4.1.15:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:intersystems:cache_database:5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:intersystems:cache_database:4.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2010-06-23T04:00Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1334",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-79"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.bitfolge.de/snif-en.html",
"name" : "http://www.bitfolge.de/snif-en.html",
"refsource" : "CONFIRM",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in Kai Blankenhorn Bitfolge simple and nice index file (aka snif) before 1.2.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:kai_blankenhorn_bitfolge:simple_and_nice_index_file:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "1.2.6",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : true
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2010-06-23T04:00Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1335",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-22"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.bitfolge.de/snif-en.html",
"name" : "http://www.bitfolge.de/snif-en.html",
"refsource" : "CONFIRM",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Directory traversal vulnerability in Kai Blankenhorn Bitfolge simple and nice index file (aka snif) before 1.2.5 allows remote attackers to download files from locations above the snif directory."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:kai_blankenhorn_bitfolge:simple_and_nice_index_file:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "1.2.4",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2010-06-23T04:00Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1336",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-119"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/ntbugtraq/2003-q4/0060.html",
"name" : "20031015 mIRC Buffer Overflow in irc protocol handler",
"refsource" : "NTBUGTRAQ",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.securiteam.com/windowsntfocus/6M00B0U8KE.html",
"name" : "http://www.securiteam.com/windowsntfocus/6M00B0U8KE.html",
"refsource" : "MISC",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.securityfocus.com/bid/8819",
"name" : "8819",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch" ]
}, {
"url" : "http://www.osvdb.org/2665",
"name" : "2665",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/9996",
"name" : "9996",
"refsource" : "SECUNIA",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13405",
"name" : "mirc-ircprotocol-execute-code(13405)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in mIRC before 6.11 allows remote attackers to execute arbitrary code via a long irc:// URL."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mirc:mirc:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "6.1",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 9.3
},
"severity" : "HIGH",
"exploitabilityScore" : 8.6,
"impactScore" : 10.0,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : true
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1337",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-119"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-06/0235.html",
"name" : "20030629 Aprelium Abyss webserver X1 arbitrary code execution and header injection",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/8062",
"name" : "8062",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12466",
"name" : "abyss-http-get-bo(12466)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Heap-based buffer overflow in Aprelium Abyss Web Server 1.1.2 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:aprelium_technologies:abyss_web_server:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "1.1.2",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1338",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-06/0235.html",
"name" : "20030629 Aprelium Abyss webserver X1 arbitrary code execution and header injection",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "CRLF injection vulnerability in Aprelium Abyss Web Server 1.1.2 and earlier allows remote attackers to inject arbitrary HTTP headers and possibly conduct HTTP Response Splitting attacks via CRLF sequences in the Location header."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:aprelium_technologies:abyss_web_server:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "1.1.2",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : true
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2010-06-23T04:00Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1339",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-119"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=107090390002654&w=2",
"name" : "20031207 eZ Multiple Packages Stack Overflow Vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://seclists.org/bugtraq/2003/Dec/0195.html",
"name" : "20031211 eZ and eZphotoshare fixes",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.governmentsecurity.org/archive/t5390.html",
"name" : "http://www.governmentsecurity.org/archive/t5390.html",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://securitytracker.com/id?1008412",
"name" : "1008412",
"refsource" : "SECTRACK",
"tags" : [ "Exploit" ]
}, {
"url" : "https://www.exploit-db.com/exploits/133",
"name" : "133",
"refsource" : "EXPLOIT-DB",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Stack-based buffer overflow in eZnet.exe, as used in eZ (a) eZphotoshare, (b) eZmeeting, (c) eZnetwork, and (d) eZshare allows remote attackers to cause a denial of service (crash) or execute arbitrary code, as demonstrated via (1) a long GET request and (2) a long operation or autologin parameter to SwEzModule.dll."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ezmeeting:ezmeeting:3.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ezmeeting:ezmeeting:3.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ezmeeting:ezmeeting:3.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1340",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-89"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/323425",
"name" : "20030530 Php-Nuke:users and admins password hashes vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://securityreason.com/securityalert/3185",
"name" : "3185",
"refsource" : "SREASON",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/archive/1/480866/100/0/threaded",
"name" : "20070927 Re: [waraxe-2007-SA#056] - Another Sql Injection in NukeSentinel 2.5.11",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 5.6 and 6.5 allow remote authenticated users to execute arbitrary SQL commands via (1) a uid (user) cookie to modules.php; and allow remote attackers to execute arbitrary SQL commands via an aid (admin) cookie to the Web_Links module in a (2) viewlink, (3) MostPopular, or (4) NewLinksDate action, different vectors than CVE-2003-0279."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phpnuke:php-nuke:6.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phpnuke:php-nuke:5.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "SINGLE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 6.5
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2018-10-19T15:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1341",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-16"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0020.html",
"name" : "20030114 Assorted Trend Vulns Rev 2.0",
"refsource" : "VULNWATCH",
"tags" : [ ]
}, {
"url" : "http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=13353",
"name" : "http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=13353",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6616",
"name" : "6616",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch" ]
}, {
"url" : "http://www.osvdb.org/6181",
"name" : "6181",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/7881",
"name" : "7881",
"refsource" : "SECUNIA",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11059",
"name" : "officescan-cgichkmasterpwd-auth-bypass(11059)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The default installation of Trend Micro OfficeScan 3.0 through 3.54 and 5.x allows remote attackers to bypass authentication from cgiChkMasterPasswd.exe and gain access to the web management console via a direct request to cgiMasterPwd.exe."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:trend_micro:officescan:3.1.1:*:corporate_for_windows_nt_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:trend_micro:officescan:3.13:*:corporate_for_windows_nt_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:trend_micro:officescan:3.5:*:corporate:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:trend_micro:officescan:3.0:*:corporate:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:trend_micro:officescan:3.0:*:corporate_for_windows_nt_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:trend_micro:officescan:3.5:*:corporate_for_windows_nt_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:trend_micro:officescan:3.54:*:corporate:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:trend_micro:officescan:3.11:*:corporate:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:trend_micro:virus_buster:3.52:*:corporate:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:trend_micro:virus_buster:3.53:*:corporate:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:trend_micro:officescan:3.11:*:corporate_for_windows_nt_server:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:trend_micro:officescan:3.13:*:corporate:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:trend_micro:virus_buster:3.54:*:corporate:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1342",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-399"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0020.html",
"name" : "20030114 Assorted Trend Vulns Rev 2.0",
"refsource" : "VULNWATCH",
"tags" : [ ]
}, {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0021.html",
"name" : "20030114 RE: [VulnWatch] Assorted Trend Vulns Rev 2.0",
"refsource" : "VULNWATCH",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6617",
"name" : "6617",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/6185",
"name" : "6185",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/7881",
"name" : "7881",
"refsource" : "SECUNIA",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11060",
"name" : "trend-vcs-activesupport-dos(11060)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Trend Micro Virus Control System (TVCS) 1.8 running with IIS allows remote attackers to cause a denial of service (memory consumption) in IIS via multiple URL requests for ActiveSupport.exe."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "AND",
"children" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_information_server:3.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_information_server:4.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:trend_micro:virus_control_system:1.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ],
"cpe_match" : [ ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2020-11-23T19:49Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1343",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-287"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0021.html",
"name" : "20030114 RE: [VulnWatch] Assorted Trend Vulns Rev 2.0",
"refsource" : "VULNWATCH",
"tags" : [ ]
}, {
"url" : "http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=13352",
"name" : "http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=13352",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6619",
"name" : "6619",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch" ]
}, {
"url" : "http://secunia.com/advisories/7881",
"name" : "7881",
"refsource" : "SECUNIA",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11061",
"name" : "scanmail-smgsmxcfg30-password-bypass(11061)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Trend Micro ScanMail for Exchange (SMEX) before 3.81 and before 6.1 might install a back door account in smg_Smxcfg30.exe, which allows remote attackers to gain access to the web management interface via the vcc parameter, possibly \"3560121183d3\"."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:trend_micro:scanmail:*:*:microsoft_exchange:*:*:*:*:*",
"versionEndIncluding" : "3.8",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:trend_micro:scanmail:*:*:microsoft_exchange:*:*:*:*:*",
"versionEndIncluding" : "6.0",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1344",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-310"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0021.html",
"name" : "20030114 RE: [VulnWatch] Assorted Trend Vulns Rev 2.0",
"refsource" : "VULNWATCH",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6618",
"name" : "6618",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "http://secunia.com/advisories/7881",
"name" : "7881",
"refsource" : "SECUNIA",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11063",
"name" : "trend-vcs-weak-encryption(11063)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Trend Micro Virus Control System (TVCS) Log Collector allows remote attackers to obtain usernames, encrypted passwords, and other sensitive information via a URL request for getservers.exe with the action parameter set to \"selects1\", which returns log files."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:trend_micro:virus_control_system:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1345",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-22"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/6574",
"name" : "6574",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104261317218210&w=2",
"name" : "20030114 Vulnerability in WebCollection Plus (TM)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11064",
"name" : "webcollection-plus-directory-traversal(11064)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Directory traversal vulnerability in s.dll in WebCollection Plus 5.00 allows remote attackers to view arbitrary files in c:\\ via a full pathname in the d parameter."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:follett_software:webcollection_plus:5.00:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1346",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-264"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/6609",
"name" : "6609",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.securitytracker.com/id?1005926",
"name" : "1005926",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104267037431451&w=2",
"name" : "20030114 D-Link DWL-900AP+ Security Hole",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104311601319909&w=2",
"name" : "20030116 Re: D-Link DWL-900AP+ Security Hole",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11074",
"name" : "dlink-airplus-restore-default(11074)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "D-Link wireless access point DWL-900AP+ 2.2, 2.3 and possibly 2.5 allows remote attackers to set factory default settings by upgrading the firmware using AirPlus Access Point Manager."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:d-link:dwl-900ap\\+:2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:d-link:dwl-900ap\\+:2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:d-link:dwl-900ap\\+:2.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1347",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-79"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/306770",
"name" : "20030114 Multiple XSS in Geeklog 1.3.7",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.geeklog.net/filemgmt/visit.php?lid=101",
"name" : "http://www.geeklog.net/filemgmt/visit.php?lid=101",
"refsource" : "CONFIRM",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.securityfocus.com/bid/6601",
"name" : "6601",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/6602",
"name" : "6602",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/6603",
"name" : "6603",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "http://securityreason.com/securityalert/3226",
"name" : "3226",
"refsource" : "SREASON",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6604",
"name" : "6604",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11075",
"name" : "geeklog-php-scripts-xss(11075)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Geeklog 1.3.7 allow remote attackers to inject arbitrary web script or HTML via the (1) cid parameter to comment.php, (2) uid parameter to profiles.php, (3) uid to users.php, and (4) homepage field."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:geeklog:geeklog:1.3.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : true
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1348",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-79"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/308312",
"name" : "20030125 ftls.org Guestbook 1.1 Script Injection",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/6686",
"name" : "6686",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "http://securityreason.com/securityalert/3227",
"name" : "3227",
"refsource" : "SREASON",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11155",
"name" : "guestbook-multiple-field-xss(11155)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in guestbook.cgi in ftls.org Guestbook 1.1 allows remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) name, or (3) title field."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ftls:guestbook:1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : true
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1349",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-22"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0022.html",
"name" : "20030115 Directory traversal vulnerabilities found in NITE ftp-server version 1.83",
"refsource" : "VULNWATCH",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6648",
"name" : "6648",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.securitytracker.com/id?1005923",
"name" : "1005923",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/7879",
"name" : "7879",
"refsource" : "SECUNIA",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11062",
"name" : "niteserver-dotdot-directory-traversal(11062)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Directory traversal vulnerability in NITE ftp-server (NiteServer) 1.83 allows remote attackers to list arbitrary directories via a \"\\..\" (backslash dot dot) in the CD (CWD) command."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:thomas_krebs:niteserver_ftpd:1.83:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1350",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-20"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/308300",
"name" : "20030124 List Site Pro v2 user account Hijacking vulnerablity",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/6685",
"name" : "6685",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "http://securityreason.com/securityalert/3230",
"name" : "3230",
"refsource" : "SREASON",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11156",
"name" : "listsitepro-account-hijacking(11156)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "List Site Pro 2.0 allows remote attackers to hijack user accounts by inserting a \"|\" (pipe), which is used as a field delimiter, into the bannerurl field."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:list_site_pro:list_site_pro:2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1351",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-22"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/308162",
"name" : "20030124 Vulnerability in edittag.pl",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/6675",
"name" : "6675",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://securityreason.com/securityalert/3231",
"name" : "3231",
"refsource" : "SREASON",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11159",
"name" : "edittag-dotdot-directory-traversal(11159)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Directory traversal vulnerability in edittag.cgi in EditTag 1.1 allows remote attackers to read arbitrary files via a \"%2F..\" (encoded slash dot dot) in the file parameter."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:greg_billock:edittag:1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1352",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-16"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-01/0179.html",
"name" : "20030115 Gabber 0.8.7 leaks presence information without user authorization",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6624",
"name" : "6624",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11115",
"name" : "gabber-information-leak(11115)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Gabber 0.8.7 sends an email to a specific address during user login and logout, which allows remote attackers to obtain user session activity and Gabber version number by sniffing."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gabber:gabber:0.8.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1353",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-79"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-01/0119.html",
"name" : "20030116 Outreach Project Tool",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6631",
"name" : "6631",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11096",
"name" : "opt-news-post-xss(11096)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Outreach Project Tool (OPT) 0.946b allow remote attackers to inject arbitrary web script or HTML, as demonstrated using the news field."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:lanifex:outreach_project_tool:0.946b:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : true
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1354",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-119"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://seclists.org/lists/bugtraq/2003/Jan/0178.html",
"name" : "20030122 PivX Multi-Vendor Game Server dDoS Advisory",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.pivx.com/kristovich/adv/mk001/",
"name" : "http://www.pivx.com/kristovich/adv/mk001/",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.securiteam.com/securitynews/5EP0O0K8UO.html",
"name" : "http://www.securiteam.com/securitynews/5EP0O0K8UO.html",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6636",
"name" : "6636",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11084",
"name" : "battlefield-udp-query-dos(11084)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple GameSpy 3D 2.62 compatible gaming servers generate very large UDP responses to small requests, which allows remote attackers to use the servers as an amplifier in DDoS attacks with spoofed UDP query packets, as demonstrated using Battlefield 1942."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gamespy3d:gamespy_3d:2.62:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1355",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-119"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0342.html",
"name" : "20030226 [VSA0307] Battlefield 1942 remote DoS",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/6967",
"name" : "6967",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11426",
"name" : "battlefield-remoteconsole-username-dos(11426)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in the remote console (rcon) in Battlefield 1942 1.2 and 1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long user name and password."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:electronic_arts:battlefield_1942:1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:electronic_arts:battlefield_1942:1.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1356",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-264"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/6640",
"name" : "6640",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "http://archives.neohapsis.com/archives/hp/2003-q1/0009.html",
"name" : "SSRT3454",
"refsource" : "HP",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11107",
"name" : "hpux-sort-file-handling(11107)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5758",
"name" : "oval:org.mitre.oval:def:5758",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The \"file handling\" in sort in HP-UX 10.01 through 10.20, and 11.00 through 11.11 is \"incorrect,\" which allows attackers to gain access or cause a denial of service via unknown vectors."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.04:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.20:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.01:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1357",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-16"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/308733",
"name" : "20030128 ProxyView default undocumented password",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6708",
"name" : "6708",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://securityreason.com/securityalert/3228",
"name" : "3228",
"refsource" : "SREASON",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11185",
"name" : "proxyview-administrator-default-password(11185)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "ProxyView has a default administrator password of Administrator for Embedded Windows NT, which allows remote attackers to gain access."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:replicom:proxyview:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1358",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-264"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/324381",
"name" : "20030710 [LSD] HP-UX security vulnerabilities",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/advisories/4960",
"name" : "HPSBUX0302-240",
"refsource" : "HP",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6837",
"name" : "6837",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "http://securityreason.com/securityalert/3236",
"name" : "3236",
"refsource" : "SREASON",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11312",
"name" : "hp-rsf3000-daemon-access(11312)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "rs.F300 for HP-UX 10.0 through 11.22 uses the PATH environment variable to find and execute programs such as rm while operating at raised privileges, which allows local users to gain privileges by modifying the path to point to a malicious rm program."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.16:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.20:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.04:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.09:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.0.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.00:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.24:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.26:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.30:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.01:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.34:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.22:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.08:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.20:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1359",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-119"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/324381",
"name" : "20030610 [LSD] HP-UX security vulnerabilities",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/advisories/4959",
"name" : "HPSBUX0302-241",
"refsource" : "HP",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6836",
"name" : "6836",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch" ]
}, {
"url" : "http://securityreason.com/securityalert/3236",
"name" : "3236",
"refsource" : "SREASON",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11313",
"name" : "hp-stmkfont-bo(11313)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5587",
"name" : "oval:org.mitre.oval:def:5587",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in stmkfont utility of HP-UX 10.0 through 11.22 allows local users to gain privileges via a long command line argument."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.16:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.04:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.08:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.09:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.0.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.20:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.24:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.20:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.30:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.01:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.00:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.26:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.34:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.22:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:avaya:predictive_dialer_system:12:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:avaya:predictive_dialer_system:9.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:avaya:predictive_dialer_system:11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1360",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-119"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/324381",
"name" : "20030610 [LSD] HP-UX security vulnerabilities",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/advisories/4957",
"name" : "HPSBUX0302-243",
"refsource" : "HP",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6834",
"name" : "6834",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://securityreason.com/securityalert/3236",
"name" : "3236",
"refsource" : "SREASON",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11314",
"name" : "hp-landiag-lanadmin-bo(11314)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in the setupterm function of (1) lanadmin and (2) landiag programs of HP-UX 10.0 through 10.34 allows local users to execute arbitrary code via a long TERM environment variable."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.00:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.01:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.26:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.30:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.20:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.24:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.08:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.09:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.34:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.16:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1361",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-noinfo"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0333.html",
"name" : "20030225 VERITAS Software Technical Advisory (fwd)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://seer.support.veritas.com/docs/254442.htm",
"name" : "http://seer.support.veritas.com/docs/254442.htm",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://seer.support.veritas.com/docs/252933.htm",
"name" : "http://seer.support.veritas.com/docs/252933.htm",
"refsource" : "CONFIRM",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.securityfocus.com/bid/6928",
"name" : "6928",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11418",
"name" : "veritas-bmr-root-access(11418)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unknown vulnerability in VERITAS Bare Metal Restore (BMR) of Tivoli Storage Manager (TSM) 3.1.0 through 3.2.1 allows remote attackers to gain root privileges on the BMR Main Server."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:veritas:bare_metal_restore:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:ibm:tivoli_storage_manager:3.1.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:ibm:tivoli_storage_manager:3.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1362",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-16"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/hp/2003-q1/0033.html",
"name" : "HPSBUX0302-245",
"refsource" : "HP",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6878",
"name" : "6878",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11366",
"name" : "hp-bastille-info-disclosure(11366)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Bastille B.02.00.00 of HP-UX 11.00 and 11.11 does not properly configure the (1) NOVRFY and (2) NOEXPN options in the sendmail.cf file, which could allow remote attackers to verify the existence of system users and expand defined sendmail aliases."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:bastille:b.02.00.05:*:hp-ux:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 7.8
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1363",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0149.html",
"name" : "20030212 Abyss WebServer Brute Force Vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6842",
"name" : "6842",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.iss.net/security_center/static/11310.php",
"name" : "abyss-web-admin-bruteforce(11310)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The remote web management interface of Aprelium Technologies Abyss Web Server 1.1.2 and earlier does not log connection attempts to the web management port (9999), which allows remote attackers to mount brute force attacks on the administration console without detection."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:aprelium_technologies:abyss_web_server:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "1.1.2",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 6.4
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 4.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1364",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-20"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-04/0095.html",
"name" : "20030405 Abyss X1 1.1.2 remote crash",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/7287",
"name" : "7287",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11718",
"name" : "abyss-http-get-dos(11718)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Aprelium Technologies Abyss Web Server 1.1.2, and possibly other versions before 1.1.4, allows remote attackers to cause a denial of service (crash) via an HTTP GET message with empty (1) Connection or (2) Range fields."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:aprelium_technologies:abyss_web_server:1.1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "COMPLETE",
"baseScore" : 8.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 7.8,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1365",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-20"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/311414",
"name" : "20030211 Security bug in CGI::Lite::escape_dangerous_chars() function",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0065.html",
"name" : "20030211 Security bug in CGI::Lite::escape_dangerous_chars() function",
"refsource" : "VULNWATCH",
"tags" : [ "Exploit" ]
}, {
"url" : "http://search.cpan.org/~smylers/CGI-Lite-2.02/Lite.pm",
"name" : "http://search.cpan.org/~smylers/CGI-Lite-2.02/Lite.pm",
"refsource" : "CONFIRM",
"tags" : [ "Exploit" ]
}, {
"url" : "http://use.perl.org/~cbrooks/journal/10542",
"name" : "http://use.perl.org/~cbrooks/journal/10542",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6833",
"name" : "6833",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://securityreason.com/securityalert/3237",
"name" : "3237",
"refsource" : "SREASON",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11308",
"name" : "cgilite-shell-command-execution(11308)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The escape_dangerous_chars function in CGI::Lite 2.0 and earlier does not correctly remove special characters including (1) \"\\\" (backslash), (2) \"?\", (3) \"~\" (tilde), (4) \"^\" (carat), (5) newline, or (6) carriage return, which could allow remote attackers to read or write arbitrary files, or execute arbitrary commands, in shell scripts that rely on CGI::Lite to filter such dangerous inputs."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:perl:cgi_lite:2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1366",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-200"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/309962",
"name" : "20030203 ASA-0001: OpenBSD chpass/chfn/chsh file content leak",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.epita.fr/~bevand_m/asa/asa-0001",
"name" : "http://www.epita.fr/~bevand_m/asa/asa-0001",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6748",
"name" : "6748",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://securityreason.com/securityalert/3238",
"name" : "3238",
"refsource" : "SREASON",
"tags" : [ ]
}, {
"url" : "http://www.securitytracker.com/id?1006035",
"name" : "1006035",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11233",
"name" : "openbsd-chpass-information-disclosure(11233)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "chpass in OpenBSD 2.0 through 3.2 allows local users to read portions of arbitrary files via a hard link attack on a temporary file used to store user database information."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:3.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:3.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:2.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:3.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:2.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:2.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:2.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:openbsd:openbsd:2.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:M/Au:N/C:P/I:P/A:N",
"accessVector" : "LOCAL",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 3.3
},
"severity" : "LOW",
"exploitabilityScore" : 3.4,
"impactScore" : 4.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1367",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-16"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/310113",
"name" : "20030204 Majordomo info leakage, all versions",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/6761",
"name" : "6761",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://securityreason.com/securityalert/3235",
"name" : "3235",
"refsource" : "SREASON",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11243",
"name" : "majordomo-whichaccess-email-disclosure(11243)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The which_access variable for Majordomo 2.0 through 1.94.4, and possibly earlier versions, is set to \"open\" by default, which allows remote attackers to identify the email addresses of members of mailing lists via a \"which\" command."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:great_circle_associates:majordomo:1.94.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:great_circle_associates:majordomo:1.94.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:great_circle_associates:majordomo:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "2.0",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 7.8
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1368",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-119"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0054.html",
"name" : "20030204 Banner Buffer Overflows found in Multible FTP Clients",
"refsource" : "VULNWATCH",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6764",
"name" : "6764",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11234",
"name" : "32bit-ftp-banner-bo(11234)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in the 32bit FTP client 9.49.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long FTP server banner."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:electrasoft:ftp_client:9.49.01:*:32bit:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 6.4
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 4.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1369",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-119"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0054.html",
"name" : "20030204 Banner Buffer Overflows found in Multible FTP Clients",
"refsource" : "VULNWATCH",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/6762",
"name" : "6762",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11235",
"name" : "bytecatcher-ftp-banner-bo(11235)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in ByteCatcher FTP client 1.04b allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long FTP server banner."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:save_it_software_pty:bytecatcherftp:1.04b:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 6.8
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1370",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-79"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-01/0330.html",
"name" : "20030127 [SCSA-003] Multiple Cross Site Scripting & Script Injection Vulnerabilities in Nuked-Klan",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/6697",
"name" : "6697",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.securityfocus.com/bid/6699",
"name" : "6699",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6700",
"name" : "6700",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11176",
"name" : "nuked-klan-index-xss(11176)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Nuked-Klan 1.2b allow remote attackers to inject arbitrary HTML or web script via (1) the Author field in the Guestbook module, (2) the Titre or Pseudo fields in the Forum module, or (3) \"La Tribune Libre\" in the Shoutbox module."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:nuked-klan:nuked-klan:1.2_beta:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : true
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1371",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-79"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0276.html",
"name" : "20030221 [SCSA-006] XSS & Function Execution Vulnerabilities in Nuked-Klan",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/6917",
"name" : "6917",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11424",
"name" : "nukedklan-information-disclosure(11424)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Nuked-Klan 1.3b, and possibly earlier versions, allows remote attackers to obtain sensitive server information via an op parameter set to phpinfo for the (1) Team, (2) News, or (3) Liens modules."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:nuked-klan:nuked-klan:1.3_beta:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : true
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1372",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-79"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0231.html",
"name" : "20030219 myphpnuke xss",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/6892",
"name" : "6892",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.osvdb.org/3931",
"name" : "3931",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/8125",
"name" : "8125",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11376",
"name" : "phpbb-index-sql-injection(11376)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in links.php script in myPHPNuke 1.8.8, and possibly earlier versions, allows remote attackers to inject arbitrary HTML and web script via the (1) ratenum or (2) query parameters."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "AND",
"children" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:microsoft:all_windows:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:unix:unix:any_version:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:myphpnuke:myphpnuke:1.8.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ],
"cpe_match" : [ ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : true
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1373",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-22"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0245.html",
"name" : "20030220 phpBB Security Bugs",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6889",
"name" : "6889",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11407",
"name" : "phpbb-auth-read-files(11407)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Directory traversal vulnerability in auth.php for PhpBB 1.4.0 through 1.4.4 allows remote attackers to read and include arbitrary files via .. (dot dot) sequences followed by NULL (%00) characters in CGI parameters, as demonstrated using the lang parameter in prefs.php."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:1.4.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:1.4.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:1.4.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phpbb_group:phpbb:1.4.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 6.8
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1374",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-119"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0156.html",
"name" : "20030213 HPUX disable buffer overflow vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/6845",
"name" : "6845",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11316",
"name" : "hp-lp-disable-bo(11316)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in disable of HP-UX 11.0 may allow local users to execute arbitrary code via a long argument to the (1) -r or (2)-c options."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1375",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-119"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/310908",
"name" : "20030207 HPUX Wall Buffer Overflow",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/advisories/5369",
"name" : "HPSBUX0305-258",
"refsource" : "HP",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6800",
"name" : "6800",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "http://securityreason.com/securityalert/3264",
"name" : "3264",
"refsource" : "SREASON",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11272",
"name" : "hp-wall-bo(11272)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5439",
"name" : "oval:org.mitre.oval:def:5439",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in wall for HP-UX 10.20 through 11.11 may allow local users to execute arbitrary code by calling wall with a large file as an argument."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.04:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:10.20:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1376",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-255"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/311059",
"name" : "20030208 Yet another plaintext attack to ZIP encryption scheme.",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/6805",
"name" : "6805",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://securityreason.com/securityalert/3265",
"name" : "3265",
"refsource" : "SREASON",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11296",
"name" : "winzip-pkzip-weak-encryption(11296)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "WinZip 8.0 uses weak random number generation for password protected ZIP files, which allows local users to brute force the encryption keys and extract the data from the zip file by guessing the state of the stream coder."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:winzip:winzip:8.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1377",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-119"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/312924",
"name" : "20030223 sircd proof-of-concept / advisory",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6924",
"name" : "6924",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11409",
"name" : "sircd-reverse-dns-bo(11409)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in the reverse DNS lookup of Smart IRC Daemon (SIRCD) 0.4.0 and 0.4.4 allows remote attackers to execute arbitrary code via a client with a long hostname."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sircd:sircd:0.4.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sircd:sircd:0.4.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "COMPLETE",
"baseScore" : 8.3
},
"severity" : "HIGH",
"exploitabilityScore" : 8.6,
"impactScore" : 8.5,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1378",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-264"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/312910",
"name" : "20030223 O UT LO OK E XPRE SS 6 .00 : broken",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/archive/1/312929",
"name" : "20030224 Re: O UT LO OK E XPRE SS 6 .00 : broken",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6923",
"name" : "6923",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11411",
"name" : "outlook-codebase-execute-programs(11411)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:outlook:2000:sr1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:outlook_express:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:outlook:2000:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:outlook:2000:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:C/I:C/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "NONE",
"baseScore" : 8.8
},
"severity" : "HIGH",
"exploitabilityScore" : 8.6,
"impactScore" : 9.2,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : true
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1379",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-200"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/313080",
"name" : "20030225 clarkconnect(d) information disclosure",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6934",
"name" : "6934",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11419",
"name" : "clarkconnect-clarkconnectd-info-disclosure(11419)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "clarkconnectd in ClarkConnect Linux 1.2 allows remote attackers to obtain sensitive information about the server via the characters (1) A, which reveals the date and time, (2) F, (3) M, which reveals 'ifconfig' information, (4) P, which lists the processes, (5) Y, which reveals the snort log files, or (6) b, which reveals /var/log/messages."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:point_clark_networks:clarkconnect:1.2:*:linux:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1380",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-22"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/312032",
"name" : "20030217 [immune advisory] Mulitple vulnerabilities found in BisonFTP",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/6873",
"name" : "6873",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11347",
"name" : "bisonftp-ls-view-files(11347)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Directory traversal vulnerability in BisonFTP Server 4 release 2 allows remote attackers to (1) list directories above the root via an 'ls @../' command, or (2) list files above the root via a \"mget @../FILE\" command."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:bisonftp:bisonftp_server_4:r2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1381",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-134"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/313273",
"name" : "20030226 [VSA0308] Half-Life AMX-Mod remote (root) hole",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6968",
"name" : "6968",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://securityreason.com/securityalert/3258",
"name" : "3258",
"refsource" : "SREASON",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11427",
"name" : "amx-amxsay-format-string(11427)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Format string vulnerability in AMX 0.9.2 and earlier, a plugin for Valve Software's Half-Life Server, allows remote attackers to execute arbitrary commands via format string specifiers in the amx_say command."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:amxmod.net:amx_mod:0.9.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 6.8
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1382",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-119"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/313363",
"name" : "20030227 ISMAIL (All Versions) Remote Buffer Overrun",
"refsource" : "BUGTRAQ",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.securityfocus.com/bid/6972",
"name" : "6972",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://securityreason.com/securityalert/3254",
"name" : "3254",
"refsource" : "SREASON",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11432",
"name" : "ismail-smtp-domain-bo(11432)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in ISMail 1.4.3 and earlier allow remote attackers to execute arbitrary code via long domain names in (1) MAIL FROM or (2) RCPT TO fields."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:instantservers_inc.:ismail:1.4.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1383",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-264"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/313575",
"name" : "20030301 web-erp 0.1.4 database access vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6996",
"name" : "6996",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://securityreason.com/securityalert/3257",
"name" : "3257",
"refsource" : "SREASON",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11443",
"name" : "weberp-logicworks-ini-access(11443)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "WEB-ERP 0.1.4 and earlier allows remote attackers to obtain sensitive information via an HTTP request for the logicworks.ini file, which contains the MySQL database username and password."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:logicworks:web_erp:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "0.1.4",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1384",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-79"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://cert.uni-stuttgart.de/archive/bugtraq/2003/03/msg00024.html",
"name" : "20030302 [SCSA-008] Cross Site Scripting & Script Injection Vulnerability in PY-Livredor",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-March/004015.html",
"name" : "20030302 [SCSA-008] Cross Site Scripting & Script Injection Vulnerability in PY-Livredor",
"refsource" : "FULLDISC",
"tags" : [ "Exploit" ]
}, {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0102.html",
"name" : "20030302 [SCSA-008] Cross Site Scripting & Script Injection Vulnerability in PY-Livredor",
"refsource" : "VULNWATCH",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.security-corp.org/advisories/SCSA-008.txt",
"name" : "http://www.security-corp.org/advisories/SCSA-008.txt",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6997",
"name" : "6997",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11448",
"name" : "pylivredor-guestbook-xss(11448)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in index.php in PY-Livredor 1.0 allows remote attackers to insert arbitrary web script or HTML via the (1) titre, (2) Votre pseudo, (3) Votre e-mail, or (4) Votre message fields."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:py_software:py-livredor:1.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : true
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1385",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-94"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0099.html",
"name" : "20030227 Invision Power Board (PHP)",
"refsource" : "VULNWATCH",
"tags" : [ "Exploit", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/6976",
"name" : "6976",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/3357",
"name" : "3357",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/8182",
"name" : "8182",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11435",
"name" : "invision-ipchat-file-include(11435)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "ipchat.php in Invision Power Board 1.1.1 allows remote attackers to execute arbitrary PHP code, if register_globals is enabled, by modifying the root_path parameter to reference a URL on a remote web server that contains the code."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:invision_power_services:invision_power_board:1.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 6.8
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : true
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1386",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-264"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0377.html",
"name" : "20030228 axis2400 webcams",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-03/0370.html",
"name" : "20030325 Axis Video and Camera Servers - System log access and file access/overwrite via HTTP/CGI",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.websec.org/adv/axis2400.txt.html",
"name" : "http://www.websec.org/adv/axis2400.txt.html",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6980",
"name" : "6980",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11440",
"name" : "axis-messages-unauth-access(11440)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "AXIS 2400 Video Server 2.00 through 2.33 allows remote attackers to obtain sensitive information via an HTTP request to /support/messages, which displays the server's /var/log/messages file."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:axis:2400_video_server:2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:axis:2400_video_server:2.20:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:axis:2401_video_server:2.31:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:axis:2401_video_server:2.32:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:axis:2401_video_server:2.33:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:axis:2400_video_server:2.31:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:axis:2400_video_server:2.32:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:axis:2400_video_server:2.33:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:axis:2401_video_server:2.20:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 6.4
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 4.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1387",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-119"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/311194",
"name" : "20030209 Opera Username Buffer Overflow Vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/315794",
"name" : "20030320 Opara 6.06 Released, Security-Hole Left",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/6811",
"name" : "6811",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "http://securityreason.com/securityalert/3253",
"name" : "3253",
"refsource" : "SREASON",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11281",
"name" : "opera-username-url-bo(11281)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in Opera 6.05 and 6.06, and possibly other versions, allows remote attackers to execute arbitrary code via a URL with a long username."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:6.0.5:*:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:6.0.6:*:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:7.0_beta1:*:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:7.0_beta2:*:win32:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1388",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-119"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-04/0116.html",
"name" : "20030407 Unchecked Buffer in Opera 7.02",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11740",
"name" : "opera-long-url-bo(11740)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in Opera 7.02 Build 2668 allows remote attackers to crash Opera via a long HTTP request ending in a .ZIP extension."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "AND",
"children" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:microsoft:all_windows:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:unix:unix:any_version:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:opera_software:opera:7.02_build_2668:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ],
"cpe_match" : [ ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 9.3
},
"severity" : "HIGH",
"exploitabilityScore" : 8.6,
"impactScore" : 10.0,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1389",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-310"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/311176",
"name" : "20030210 RTS CryptoBuddy Multiple Encryption Implementation Vulnerabilities",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6815",
"name" : "6815",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11294",
"name" : "cryptobuddy-truncate-weak-security(11294)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "RTS CryptoBuddy 1.2 and earlier truncates long passphrases without warning the user, which may make it easier to conduct certain brute force guessing attacks."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:research_triangle_software:cryptobuddy:1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:research_triangle_software:cryptobuddy:1.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1390",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-310"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/311176",
"name" : "20030210 RTS CryptoBuddy Multiple Encryption Implementation Vulnerabilities",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11297",
"name" : "cryptobuddy-plaintext-password-bytes(11297)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "RTS CryptoBuddy 1.2 and earlier stores bytes 53 through 55 of a 55-byte passphrase in plaintext, which makes it easier for local users to guess the passphrase."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:research_triangle_software:cryptobuddy:1.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:research_triangle_software:cryptobuddy:1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1391",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-310"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/311176",
"name" : "20030210 RTS CryptoBuddy Multiple Encryption Implementation Vulnerabilities",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6810",
"name" : "6810",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11298",
"name" : "cryptobuddy-password-dictionary(11298)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "RTS CryptoBuddy 1.0 and 1.2 uses a weak encryption algorithm for the passphrase and generates predictable keys, which makes it easier for attackers to guess the passphrase."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:research_triangle_software:cryptobuddy:1.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:research_triangle_software:cryptobuddy:1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1392",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-310"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/311176",
"name" : "20030210 RTS CryptoBuddy Multiple Encryption Implementation Vulnerabilities",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6812",
"name" : "6812",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11317",
"name" : "cryptobuddy-password-information-disclosure(11317)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "CryptoBuddy 1.0 and 1.2 does not use the user-supplied passphrase to encrypt data, which could allow local users to use their own passphrase to decrypt the data."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:research_triangle_software:cryptobuddy:1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:research_triangle_software:cryptobuddy:1.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:all_windows:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:N",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "NONE",
"baseScore" : 6.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 9.2,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1393",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-119"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/311159",
"name" : "20030210 Buffer OverFlow in SQLBase 8.1.0 - NII Advisory",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/314379",
"name" : "20030308 NII Advisory - Buffer Overflow in SQLBase (Revised)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6808",
"name" : "6808",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/8023",
"name" : "8023",
"refsource" : "SECUNIA",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://securityreason.com/securityalert/3256",
"name" : "3256",
"refsource" : "SREASON",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11269",
"name" : "sqlbase-execute-long-bo(11269)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in Gupta SQLBase 8.1.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long EXECUTE command."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gupta_technologies:sqlbase:8.1.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "SINGLE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 8.5
},
"severity" : "HIGH",
"exploitabilityScore" : 6.8,
"impactScore" : 10.0,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1394",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-255"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/313580",
"name" : "20030228 Easy obtaining User+Pass+More on CoffeeCup Password Wizard All Versions",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/6995",
"name" : "6995",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://securityreason.com/securityalert/3259",
"name" : "3259",
"refsource" : "SREASON",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11447",
"name" : "coffeecup-password-file-retrieval(11447)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "CoffeeCup Software Password Wizard 4.0 stores sensitive information such as usernames and passwords in a .apw file under the web document root with insufficient access control, which allows remote attackers to obtain that information via a direct request for the file."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:coffeecup_software:coffeecup_password_wizard:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "4.0",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1395",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-119"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/309935",
"name" : "20030202 Denial of service against Kazaa Media Desktop v2",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/6747",
"name" : "6747",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://securityreason.com/securityalert/3252",
"name" : "3252",
"refsource" : "SREASON",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11228",
"name" : "kazaa-automated-ad-bo(11228)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in KaZaA Media Desktop 2.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a response to the ad server."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:kazaa:kazaa_media_desktop:2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:kazaa:kazaa_media_desktop:2.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "COMPLETE",
"baseScore" : 9.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 8.5,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1396",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-119"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-04/0346.html",
"name" : "20030427 [Opera 7/6] Long File Extension Heap Buffer Overrun Vulnerability in Download.",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/7450",
"name" : "7450",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11894",
"name" : "opera-file-extension-bo(11894)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Heap-based buffer overflow in Opera 6.05 through 7.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a filename with a long extension."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:6.0.1:*:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:7.0.2:*:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:7.0.3:*:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:6.0:*:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:7.0.1:*:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:6.0.2:*:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:6.0.3:*:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:7.0:*:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:7.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:6.0.4:*:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:6.0.5:*:win32:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : true
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1397",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-119"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/311214",
"name" : "20030210 Java-Applet crashes Opera 6.05 and 7.01",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/6814",
"name" : "6814",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://securityreason.com/securityalert/3255",
"name" : "3255",
"refsource" : "SREASON",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11280",
"name" : "opera-plugincontextshowdocument-bo(11280)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The PluginContext object of Opera 6.05 and 7.0 allows remote attackers to cause a denial of service (crash) via an HTTP request containing a long string that gets passed to the ShowDocument method."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:7.0_beta2:*:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:7.0:*:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:7.0_beta1:*:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:6.0.5:*:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:7.0.1:*:win32:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1398",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-200"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0131.html",
"name" : "20030211 Field Notice - IOS Accepts ICMP Redirects in Non-default Configuration Settings",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6823",
"name" : "6823",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://securitytracker.com/id?1006075",
"name" : "1006075",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11306",
"name" : "cisco-ios-icmp-redirect(11306)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cisco IOS 12.0 through 12.2, when IP routing is disabled, accepts false ICMP redirect messages, which allows remote attackers to cause a denial of service (network routing modification)."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1t:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.1e:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0s:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2e:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0st:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.0t:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2s:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:cisco:ios:12.2t:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 9.3
},
"severity" : "HIGH",
"exploitabilityScore" : 8.6,
"impactScore" : 10.0,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1399",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0278.html",
"name" : "20030222 eject 2.0.10 vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/6914",
"name" : "6914",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11380",
"name" : "linux-eject-information-disclosure(11380)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "eject 2.0.10, when installed setuid on systems such as SuSE Linux 7.3, generates different error messages depending on whether a specified file exists or not, which allows local users to obtain sensitive information."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:eject:eject:2.0.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:eject:eject:2.0.12:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:eject:eject:2.0.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"accessVector" : "LOCAL",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 1.9
},
"severity" : "LOW",
"exploitabilityScore" : 3.4,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1400",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-79"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/309959",
"name" : "20030203 PHP-Nuke Avatar Code injection vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/archive/1/310115",
"name" : "20030204 Re: PHP-Nuke Avatar Code injection vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6750",
"name" : "6750",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11229",
"name" : "phpnuke-avatar-code-execution(11229)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in the Your_Account module for PHP-Nuke 5.0 through 6.0 allows remote attackers to inject arbitrary web script or HTML via the user_avatar parameter."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:francisco_burzi:php-nuke:5.2a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:francisco_burzi:php-nuke:5.3.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:francisco_burzi:php-nuke:5.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:francisco_burzi:php-nuke:5.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:francisco_burzi:php-nuke:5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:francisco_burzi:php-nuke:5.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:francisco_burzi:php-nuke:5.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:francisco_burzi:php-nuke:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:francisco_burzi:php-nuke:5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:francisco_burzi:php-nuke:5.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : true
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1401",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-255"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0069.html",
"name" : "20030215 php-Board (php)",
"refsource" : "VULNWATCH",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/6862",
"name" : "6862",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11338",
"name" : "phpboard-login-plaintext-passwords(11338)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "login.php in php-Board 1.0 stores plaintext passwords in $username.txt with insufficient access control under the web document root, which allows remote attackers to obtain sensitive information via a direct request."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:php_board:php_board:1.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 5.8
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 4.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1402",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-20"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0071.html",
"name" : "20030215 Kietu ( PHP )",
"refsource" : "VULNWATCH",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6863",
"name" : "6863",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/10754",
"name" : "10754",
"refsource" : "SECUNIA",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.osvdb.org/3777",
"name" : "3777",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11341",
"name" : "kietu-hit-file-include(11341)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "PHP remote file inclusion vulnerability in hit.php for Kietu 2.0 and 2.3 allows remote attackers to execute arbitrary PHP code via the url_hit parameter, a different vulnerability than CVE-2006-5015."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:kietu:kietu:2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:kietu:kietu:2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1403",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-20"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0070.html",
"name" : "20030215 DotBr (PHP)",
"refsource" : "VULNWATCH",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/6864",
"name" : "6864",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/5091",
"name" : "5091",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11353",
"name" : "dotbr-foo-info-disclosure(11353)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "foo.php3 in DotBr 0.1 allows remote attackers to obtain sensitive information via a direct request, which calls the phpinfo function."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:dotbr:botbr:0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1404",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-200"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0070.html",
"name" : "20030215 DotBr (PHP)",
"refsource" : "VULNWATCH",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6865",
"name" : "6865",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/5092",
"name" : "5092",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11354",
"name" : "dotbr-config-info-disclosure(11354)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "DotBr 0.1 stores config.inc with insufficient access control under the web document root, which allows remote attackers to obtain sensitive information such as SQL usernames and passwords."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:dotbr:botbr:0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1405",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-20"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0070.html",
"name" : "20030215 DotBr (PHP)",
"refsource" : "VULNWATCH",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/6866",
"name" : "6866",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6867",
"name" : "6867",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/5089",
"name" : "5089",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/5090",
"name" : "5090",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11355",
"name" : "dotbr-exec-execute-commands(11355)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "DotBr 0.1 allows remote attackers to execute arbitrary shell commands via the cmd parameter to (1) exec.php3 or (2) system.php3."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:dotbr:botbr:0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1406",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-94"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0072.html",
"name" : "20030216 D-Forum (PHP)",
"refsource" : "VULNWATCH",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/6879",
"name" : "6879",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11342",
"name" : "dform-header-file-include(11342)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "PHP remote file inclusion vulnerability in D-Forum 1.00 through 1.11 allows remote attackers to execute arbitrary PHP code via a URL in the (1) my_header parameter to header.php3 or (2) my_footer parameter to footer.php3."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:adalis_infomatique:d_forum:1.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:adalis_infomatique:d_forum:1.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:adalis_infomatique:d_forum:1.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1407",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-119"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/311359",
"name" : "20030211 SECURITY.NNOV: Windows NT 4.0/2000 cmd.exe long path buffer overflow/DoS",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/6829",
"name" : "6829",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://securityreason.com/securityalert/3251",
"name" : "3251",
"refsource" : "SREASON",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11329",
"name" : "win-cmd-cd-bo(11329)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in cmd.exe in Windows NT 4.0 may allow local users to execute arbitrary code via a long pathname argument to the cd command."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1408",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-200"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/311660",
"name" : "20030212 Lotus Domino DOT Bug Allows for Source Code Viewing",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/archive/1/311806",
"name" : "20030213 Re: Lotus Domino DOT Bug Allows for Source Code Viewing",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6841",
"name" : "6841",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11311",
"name" : "lotus-domino-dot-file-download(11311)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Lotus Domino Server 5.0 and 6.0 allows remote attackers to read the source code for files via an HTTP request with a filename with a trailing dot."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:lotus:domino_server:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:lotus:domino_server:5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1409",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-200"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0049.html",
"name" : "20030204 TOPo 1.43 and prior - Path Disclosure (in.php, out.php)",
"refsource" : "BUGTRAQ",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.securityfocus.com/bid/6768",
"name" : "6768",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/8008",
"name" : "8008",
"refsource" : "SECUNIA",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11248",
"name" : "topo-path-disclosure(11248)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "TOPo 1.43 allows remote attackers to obtain sensitive information by sending an HTTP request with an invalid parameter to (1) in.php or (2) out.php, which reveals the path to the TOPo directory in the error message."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ej3:topo:1.43:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1410",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-94"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/311173",
"name" : "20030209 Cedric Email Reader (PHP)",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/6818",
"name" : "6818",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.osvdb.org/5487",
"name" : "5487",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/8024",
"name" : "8024",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11278",
"name" : "cedric-email-file-include(11278)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "PHP remote file inclusion vulnerability in email.php (aka email.php3) in Cedric Email Reader 0.2 and 0.3 allows remote attackers to execute arbitrary PHP code via the cer_skin parameter."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:isoca:cedric_email_reader:0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:isoca:cedric_email_reader:0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 6.8
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1411",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-94"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/311173",
"name" : "20030209 Cedric Email Reader (PHP)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6820",
"name" : "6820",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.osvdb.org/5900",
"name" : "5900",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/8024",
"name" : "8024",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11278",
"name" : "cedric-email-file-include(11278)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "PHP remote file inclusion vulnerability in emailreader_execute_on_each_page.inc.php in Cedric Email Reader 0.4 allows remote attackers to execute arbitrary PHP code via the emailreader_ini parameter."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:isoca:cedric_email_reader:0.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 6.8
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1412",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-94"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-February/003932.html",
"name" : "20030223 GOnicus System Administrator php injection",
"refsource" : "FULLDISC",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6922",
"name" : "6922",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securitytracker.com/id?1006162",
"name" : "1006162",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/8120",
"name" : "8120",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11408",
"name" : "gosa-plugin-file-include(11408)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/313282/30/25760/threaded",
"name" : "20030224 GOnicus System Administrator php injection",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "PHP remote file inclusion vulnerability in index.php for GONiCUS System Administrator (GOsa) 1.0 allows remote attackers to execute arbitrary PHP code via the plugin parameter to (1) 3fax/1blocklists/index.php; (2) 6departamentadmin/index.php, (3) 5terminals/index.php, (4) 4mailinglists/index.php, (5) 3departaments/index.php, and (6) 2groupd/index.php in 2administration/; or (7) the base parameter to include/help.php."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gonicus:gonicus_system_administration:1.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 6.8
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2018-10-19T15:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1413",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-22"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/313517",
"name" : "20030228 Re: QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6992",
"name" : "6992",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "http://securityreason.com/securityalert/3260",
"name" : "3260",
"refsource" : "SREASON",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11445",
"name" : "darwin-dotdot-file-existence(11445)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "parse_xml.cgi in Apple Darwin Streaming Server 4.1.1 allows remote attackers to determine the existence of arbitrary files by using \"..\" sequences in the filename parameter and comparing the resulting error messages."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apple:darwin_streaming_server:4.1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apple:quicktime_streaming_server:4.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1414",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-22"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/313517",
"name" : "20030228 Re: QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6990",
"name" : "6990",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "http://securityreason.com/securityalert/3260",
"name" : "3260",
"refsource" : "SREASON",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11446",
"name" : "darwin-dotdotdot-directory-traversal(11446)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Directory traversal vulnerability in parse_xml.cg Apple Darwin Streaming Server 4.1.2 and Apple Quicktime Streaming Server 4.1.1 allows remote attackers to read arbitrary files via a ... (triple dot) in the filename parameter."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apple:darwin_streaming_server:4.1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apple:quicktime_streaming_server:4.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1415",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-119"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/312187",
"name" : "20030218 [SecurityOffice] Netcharts XBRL Server v4.0.0 Information Leakage Vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6877",
"name" : "6877",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/8091",
"name" : "8091",
"refsource" : "SECUNIA",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://securityreason.com/securityalert/3261",
"name" : "3261",
"refsource" : "SREASON",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11345",
"name" : "netcharts-chunked-encoding-bo(11345)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "NetCharts XBRL Server 4.0.0 allows remote attackers to obtain sensitive information via an HTTP request with an invalid chunked transfer encoding specification."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:visual_mining:netcharts_xbrl_server:4.0.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 6.8
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1416",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-20"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/312032",
"name" : "20030217 [immune advisory] Mulitple vulnerabilities found in BisonFTP",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6869",
"name" : "6869",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11346",
"name" : "bisonftp-ls-cwd-dos(11346)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "BisonFTP Server 4 release 2 allows remote attackers to cause a denial of service (CPU consumption) via a long (1) ls or (2) cwd command."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:bisonftp:bisonftp_server_4:r2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1417",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-255"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.ncipher.com/support/advisories/advisory7_keyduplicates.html",
"name" : "http://www.ncipher.com/support/advisories/advisory7_keyduplicates.html",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6927",
"name" : "6927",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104619088801750&w=2",
"name" : "20030225 nCipher Advisory #7: Unexpected copies of imported software keys",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11422",
"name" : "ncipher-duplicate-keys(11422)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "nCipher Support Software 6.00, when using generatekey KeySafe to import keys, does not delete the temporary copies of the key, which may allow local users to gain access to the key by reading the (1) key.pem or (2) key.der files."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ncipher:support_software:6.00:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.4
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.4,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1418",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-200"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.openbsd.org/errata32.html",
"name" : "[3.2] 008: SECURITY FIX: February 25, 2003",
"refsource" : "OPENBSD",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6939",
"name" : "6939",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6943",
"name" : "6943",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11438",
"name" : "apache-mime-information-disclosure(11438)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource" : "CONFIRM",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child process IDs (PID)."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.24:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.25:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.26:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.27:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.22:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:1.3.23:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-10-20T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1419",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-20"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0338.html",
"name" : "20030225 Re: Netscape 6/7 crashes by a simple stylesheet...",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/6959",
"name" : "6959",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11444",
"name" : "netscape-javascript-reformatdate-dos(11444)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Netscape 7.0 allows remote attackers to cause a denial of service (crash) via a web page with an invalid regular expression argument to the JavaScript reformatDate function."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:netscape:navigator:7.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : true
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1420",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-79"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/313216",
"name" : "20030226 Secunia Research: Opera browser Cross Site Scripting",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6962",
"name" : "6962",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11423",
"name" : "opera-automatic-redirection-xss(11423)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in Opera 6.0 through 7.0 with automatic redirection disabled allows remote attackers to inject arbitrary web script or HTML via the HTTP Location header."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:6.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:6.0.1:*:linux:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:6.0.5:*:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:6.0:*:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:6.10:*:linux:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:6.0.1:*:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:6.0.2:*:linux:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:7.0.1:*:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:7.0:*:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:6.0.2:*:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:6.0.3:*:linux:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:8.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:6.0.3:*:win32:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:opera_software:opera_web_browser:6.0.4:*:win32:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : true
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1421",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-399"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/6854",
"name" : "6854",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11340",
"name" : "suckbot-modmysqllogger-dos(11340)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unspecified vulnerability in mod_mysql_logger shared object in SuckBot 0.006 allows remote attackers to cause a denial of service (seg fault) via unknown attack vectors."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:suckbot:suckbot:0.006:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1422",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-16"
}, {
"lang" : "en",
"value" : "NVD-CWE-noinfo"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://syslinux.zytor.com/history.php",
"name" : "http://syslinux.zytor.com/history.php",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6876",
"name" : "6876",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "http://secunia.com/advisories/8077",
"name" : "8077",
"refsource" : "SECUNIA",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11351",
"name" : "syslinux-gain-privileges(11351)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple unspecified vulnerabilities in the installer for SYSLINUX 2.01, when running setuid root, allow local users to gain privileges via unknown vectors."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gentoo:syslinux:2.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"acInsufInfo" : true,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1423",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-264"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://securitytracker.com/id?1006117",
"name" : "1006117",
"refsource" : "SECTRACK",
"tags" : [ "Exploit" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11358",
"name" : "petitforum-liste-info-disclosure(11358)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Petitforum stores the liste.txt data file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as e-mail addresses and encrypted passwords."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "AND",
"children" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:microsoft:all_windows:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:unix:unix:any_version:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:petitforum:petitforum:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ],
"cpe_match" : [ ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1424",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-255"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://securitytracker.com/id?1006117",
"name" : "1006117",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11359",
"name" : "petitforum-message-auth-bypass(11359)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "message.php in Petitforum does not properly authenticate users, which allows remote attackers to impersonate forum users via a modified connect cookie."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:petitforum:petitforum:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 6.8
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1425",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-20"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0087.html",
"name" : "20030218 Cpanel 5 and below remote command execution and local root vulnerabilities",
"refsource" : "VULNWATCH",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6882",
"name" : "6882",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11356",
"name" : "cpanel-guestbook-command-execution(11356)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "guestbook.cgi in cPanel 5.0 allows remote attackers to execute arbitrary commands via the template parameter."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cpanel:cpanel:5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1426",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-16"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0087.html",
"name" : "20030218 Cpanel 5 and below remote command execution and local root vulnerabilities",
"refsource" : "VULNWATCH",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6885",
"name" : "6885",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11357",
"name" : "cpanel-scriptfilename-gain-privileges(11357)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Openwebmail in cPanel 5.0, when run using suid Perl, adds the directory in the SCRIPT_FILENAME environment variable to Perl's @INC include array, which allows local users to execute arbitrary code by modifying SCRIPT_FILENAME to reference a directory containing a malicious openwebmail-shared.pl executable."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cpanel:cpanel:5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:M/Au:N/C:P/I:P/A:N",
"accessVector" : "LOCAL",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 3.3
},
"severity" : "LOW",
"exploitabilityScore" : 3.4,
"impactScore" : 4.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1427",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-22"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/311160",
"name" : "20030209 Bug in Netgear FM114P Wireless Router firmware",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/6807",
"name" : "6807",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11279",
"name" : "netgear-fm114p-directory-traversal(11279)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Directory traversal vulnerability in the web configuration interface in Netgear FM114P 1.4 allows remote attackers to read arbitrary files, such as the netgear.cfg configuration file, via a hex-encoded (%2e%2e%2f) ../ (dot dot slash) in the port parameter."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:netgear:fm114p:1.4_beta_release_17:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 6.4
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 4.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1428",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/311161",
"name" : "20030210 Gallery 1.3.3",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/6809",
"name" : "6809",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11284",
"name" : "gallery-album-insecure-directory(11284)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Gallery 1.3.3 creates directories with insecure permissions, which allows local users to read, modify, or delete photos."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "AND",
"children" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bharat_mediratta:gallery:1.3.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ],
"cpe_match" : [ ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:A/AC:L/Au:N/C:P/I:P/A:N",
"accessVector" : "ADJACENT_NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.8
},
"severity" : "MEDIUM",
"exploitabilityScore" : 6.5,
"impactScore" : 4.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1429",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-119"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0088.html",
"name" : "20030219 [SCSA-005] Proxomitron Naoko Long Path Buffer Overflow/DoS",
"refsource" : "VULNWATCH",
"tags" : [ "Exploit" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11364",
"name" : "proxomitron-parameter-length-bo(11364)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in Proxomitron Naoko 4.4 allows remote attackers to execute arbitrary code via a long request."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:proxomitron:proxomitron_naoko:4.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1430",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-22"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0063.html",
"name" : "20030205 Unreal engine: results of my research",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0142.html",
"name" : "20030211 Re: Epic Games threatens to sue security researchers",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6775",
"name" : "6775",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11299",
"name" : "ut-file-directory-traversal(11299)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Directory traversal vulnerability in Unreal Tournament Server 436 and earlier allows remote attackers to access known files via a \"..\" (dot dot) in an unreal:// URL."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "AND",
"children" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:microsoft:all_windows:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:epic_games:unreal_engine:226f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:epic_games:unreal_engine:433:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:epic_games:unreal_engine:436:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ],
"cpe_match" : [ ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1431",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-119"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0063.html",
"name" : "20030205 Unreal engine: results of my research",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0142.html",
"name" : "20030211 Re: Epic Games threatens to sue security researchers",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.pivx.com/luigi/adv/ueng-adv.txt",
"name" : "http://www.pivx.com/luigi/adv/ueng-adv.txt",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6774",
"name" : "6774",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11301",
"name" : "ut-url-memory-corruption(11301)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in Epic Games Unreal Engine 226f through 436 allows remote attackers to cause a denial of service (crash) via a long host string in the Unreal URL."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:epic_games:unreal_engine:433:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:epic_games:unreal_engine:436:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:epic_games:unreal_engine:226f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.1
},
"severity" : "HIGH",
"exploitabilityScore" : 8.6,
"impactScore" : 6.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1432",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-94"
}, {
"lang" : "en",
"value" : "CWE-189"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0063.html",
"name" : "20030205 Unreal engine: results of my research",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0142.html",
"name" : "20030211 Re: Epic Games threatens to sue security researchers",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-05/0142.html",
"name" : "20030513 UT2003 client passive DoS exploit",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6770",
"name" : "6770",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/6772",
"name" : "6772",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12012",
"name" : "ut-negative-udp-dos(12012)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11305",
"name" : "ut-negative-memory-corruption(11305)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11302",
"name" : "ut-packet-dos(11302)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Epic Games Unreal Engine 226f through 436 allows remote attackers to cause a denial of service (CPU consumption or crash) and possibly execute arbitrary code via (1) a packet with a negative size value, which is treated as a large positive number during memory allocation, or (2) a negative size value in a package file."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:epic_games:unreal_tournament_2003:demo_version_2206_win32:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:epic_games:unreal_engine:226f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:epic_games:unreal_engine:433:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:epic_games:unreal_engine:436:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:epic_games:unreal_tournament_2003:2199_linux:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:epic_games:unreal_tournament_2003:2199_win32:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:epic_games:unreal_tournament_2003:demo_version_2206_linux:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1433",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-287"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0063.html",
"name" : "20030205 Unreal engine: results of my research",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0142.html",
"name" : "20030211 Re: Epic Games threatens to sue security researchers",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.pivx.com/luigi/adv/ueng-adv.txt",
"name" : "http://www.pivx.com/luigi/adv/ueng-adv.txt",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6771",
"name" : "6771",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11304",
"name" : "ut-join-request-dos(11304)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Epic Games Unreal Engine 226f through 436 does not validate the challenge key, which allows remote attackers to exhaust the player limit by joining the game multiple times."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:epic_games:unreal_engine:226f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:epic_games:unreal_engine:433:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:epic_games:unreal_engine:436:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1434",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-287"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0244.html",
"name" : "20030220 login_ldap security announcement",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6903",
"name" : "6903",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11374",
"name" : "loginldap-password-bypass(11374)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "login_ldap 3.1 and 3.2 allows remote attackers to initiate unauthenticated bind requests if (1) bind_anon_dn is on, which allows a bind with no password provided, (2) bind_anon_cred is on, which allows a bind with no DN, or (3) bind_anon is on, which allows a bind with no DN or password."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:pete_werner:login_ldap:3.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:pete_werner:login_ldap:3.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 6.8
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1435",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-89"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0246.html",
"name" : "20030220 PHPNuke SQL Injection",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/6887",
"name" : "6887",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11375",
"name" : "phpnuke-search-sql-injection(11375)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "SQL injection vulnerability in PHP-Nuke 5.6 and 6.0 allows remote attackers to execute arbitrary SQL commands via the days parameter to the search module."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:francisco_burzi:php-nuke:5.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:francisco_burzi:php-nuke:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1436",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-94"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/6731",
"name" : "6731",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "http://securitytracker.com/id?1006031",
"name" : "1006031",
"refsource" : "SECTRACK",
"tags" : [ "Patch" ]
}, {
"url" : "http://secunia.com/advisories/7986",
"name" : "7986",
"refsource" : "SECUNIA",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11217",
"name" : "nukebrowser-php-file-include(11217)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "PHP remote file inclusion vulnerability in nukebrowser.php in Nukebrowser 2.1 to 2.5 allows remote attackers to execute arbitrary PHP code via the filhead parameter."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:crossnuke:nukebrowser:2.41:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:crossnuke:nukebrowser:2.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:crossnuke:nukebrowser:2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:crossnuke:nukebrowser:2.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:crossnuke:nukebrowser:2.20:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:crossnuke:nukebrowser:2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 6.8
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1437",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-25.jsp",
"name" : "BEA03-25.00",
"refsource" : "BEA",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/6719",
"name" : "6719",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11220",
"name" : "weblogic-keystore-plaintext-passwords(11220)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "BEA WebLogic Express and WebLogic Server 7.0 and 7.0.0.1, stores passwords in plaintext when a keystore is used to store a private key or trust certificate authorities, which allows local users to gain access."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "AND",
"children" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:redhat:linux:6.2:*:i386:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:redhat:linux:7.1:*:i386:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.11i:v1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:ibm:aix:4.3.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:*:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp1:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:express:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:express:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ],
"cpe_match" : [ ]
}, {
"operator" : "AND",
"children" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:redhat:linux:6.2:*:i386:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:redhat:linux:7.1:*:i386:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.11i:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:ibm:aix:4.3.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ],
"cpe_match" : [ ]
}, {
"operator" : "AND",
"children" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ],
"cpe_match" : [ ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 2.1
},
"severity" : "LOW",
"exploitabilityScore" : 3.9,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2018-10-30T16:25Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1438",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-362"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-26.01.jsp",
"name" : "BEA03-26.01",
"refsource" : "BEA",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.securityfocus.com/bid/6717",
"name" : "6717",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.securitytracker.com/id?1006018",
"name" : "1006018",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11221",
"name" : "weblogic-clustered-race-condition(11221)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Race condition in BEA WebLogic Server and Express 5.1 through 7.0.0.1, when using in-memory session replication or replicated stateful session beans, causes the same buffer to be provided to two users, which could allow one user to see session data that was intended for another user."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:6.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1439",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-255"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/309775",
"name" : "20030201 silc question - insecure memory",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/6743",
"name" : "6743",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11244",
"name" : "silc-plaintext-account-information(11244)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/309941/30/26090/threaded",
"name" : "20030201 Re: silc question - insecure memory",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Secure Internet Live Conferencing (SILC) 0.9.11 and 0.9.12 stores passwords and sessions in plaintext in memory, which could allow local users to obtain sensitive information."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:silc:secure_internet_live_conferencing:0.9.12:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:silc:secure_internet_live_conferencing:0.9.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2018-10-19T15:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1440",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-20"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://sourceforge.net/project/shownotes.php?release_id=137128",
"name" : "http://sourceforge.net/project/shownotes.php?release_id=137128",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6739",
"name" : "6739",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "http://secunia.com/advisories/7994",
"name" : "7994",
"refsource" : "SECUNIA",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.securitytracker.com/id?1006038",
"name" : "1006038",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11247",
"name" : "spamprobe-newlines-href-dos(11247)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "SpamProbe 0.8a allows remote attackers to cause a denial of service (crash) via HTML e-mail with newline characters within an href tag, which is not properly handled by certain regular expressions."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:burton_computer_corporation:spamprobe:0.8a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1441",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-20"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.posadis.org/advisories/pos_adv_003.txt",
"name" : "http://www.posadis.org/advisories/pos_adv_003.txt",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6799",
"name" : "6799",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.osvdb.org/3522",
"name" : "3522",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/8018",
"name" : "8018",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11285",
"name" : "posadis-dns-packet-dos(11285)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Posadis 0.50.4 through 0.50.8 allows remote attackers to cause a denial of service (crash) via a DNS message without a question section, which triggers null dereference."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:posadis:posadis:0.50.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:posadis:posadis:0.50.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:posadis:posadis:0.50.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:posadis:posadis:0.50.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:posadis:posadis:0.50.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1442",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-287"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0127.html",
"name" : "20030211 Ericsson HM220dp ADSL modem Insecure Web Administration Vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6824",
"name" : "6824",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104619331706574&w=2",
"name" : "20030225 RE: Ericsson HM220dp ADSL modem Insecure Web Administration Vulne",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11290",
"name" : "ericsson-hm220dp-auth-bypass(11290)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The web administration page for the Ericsson HM220dp ADSL modem does not require authentication, which could allow remote attackers to gain access from the LAN side."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:ericsson:hm220dp_adsl_modem:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1443",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-20"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0130.html",
"name" : "20030211 SECURITY.NNOV: Kaspersky Antivirus DoS",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11292",
"name" : "kav-device-name-bypass(11292)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Kaspersky Antivirus (KAV) 4.0.9.0 does not detect viruses in files with MS-DOS device names in their filenames, which allows local users to bypass virus protection, as demonstrated using aux.vbs and aux.com."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:kaspersky_lab:kaspersky_anti-virus:4.0.9.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.4
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.4,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1444",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-20"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0130.html",
"name" : "20030211 SECURITY.NNOV: Kaspersky Antivirus DoS",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11291",
"name" : "kav-long-path-dos(11291)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Kaspersky Antivirus (KAV) 4.0.9.0 allows local users to cause a denial of service (CPU consumption or crash) and prevent malicious code from being detected via a file with a long pathname."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:kaspersky_lab:kaspersky_anti-virus:4.0.9.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.4
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.4,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1445",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-119"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/311334",
"name" : "20030211 SECURITY.NNOV: Far buffer overflow",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/6822",
"name" : "6822",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "http://securityreason.com/securityalert/3281",
"name" : "3281",
"refsource" : "SREASON",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11293",
"name" : "far-long-path-bo(11293)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Stack-based buffer overflow in Far Manager 1.70beta1 and earlier allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long pathname."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:rarlab:far_manager:1.65:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:rarlab:far_manager:1.70_beta_1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:rarlab:far_manager:1.70_beta_4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1446",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-119"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0260.html",
"name" : "20030221 Rogue buffer overflow",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/6912",
"name" : "6912",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11382",
"name" : "rogue-saveintofile-bo(11382)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in the save_into_file function in save.c for Rogue 5.2-2 allows local users to execute arbitrary code with games group privileges by setting a long HOME environment variable and invoking the save game function with a ~ (tilde)."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:rogue:rogue:5.2-2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:rogue:rogue:985.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:N/I:C/A:N",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "NONE",
"baseScore" : 4.9
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1447",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-310"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/310118",
"name" : "20030204 Weak password protection in WebSphere 4.0.4 XML configuration export",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/archive/1/310796",
"name" : "20030206 Re: Weak password protection in WebSphere 4.0.4 XML configuration export",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6758",
"name" : "6758",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://securityreason.com/securityalert/3277",
"name" : "3277",
"refsource" : "SREASON",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11245",
"name" : "websphere-xml-weak-encryption(11245)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "IBM WebSphere Advanced Server Edition 4.0.4 uses a weak encryption algorithm (XOR and base64 encoding), which allows local users to decrypt passwords when the configuration file is exported to XML."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:websphere_application_server:4.0.4:*:advanced_server:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"accessVector" : "LOCAL",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 1.9
},
"severity" : "LOW",
"exploitabilityScore" : 3.4,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1448",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-399"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.immunitysec.com/downloads/advantages_of_block_based_analysis.html",
"name" : "http://www.immunitysec.com/downloads/advantages_of_block_based_analysis.html",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6766",
"name" : "6766",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11274",
"name" : "win2k-netbios-continuation-dos(11274)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Memory leak in the Windows 2000 kernel allows remote attackers to cause a denial of service (SMB request hang) via a NetBIOS continuation packet."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.8
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2019-04-30T14:27Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1449",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-16"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0088.html",
"name" : "20030206 FW-1 NG FP3 Bug - Data flow problem when transferring large files",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6787",
"name" : "6787",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11295",
"name" : "esafe-gateway-filter-bypass(11295)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Aladdin Knowlege Systems eSafe Gateway 3.5.126.0 does not check the entire stream of Content Vectoring Protocol (CVP) data, which allows remote attackers to bypass virus protection."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:aladdin_knowledge_systems:esafe_gateway:3.5.126.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1450",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-20"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/312133",
"name" : "20030217 [argv] BitchX-353 Vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-February/003850.html",
"name" : "20030217 [argv] BitchX-353 Vulnerability",
"refsource" : "FULLDISC",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.linuxsecurity.com/content/view/104622/104/",
"name" : "200302-11",
"refsource" : "GENTOO",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6880",
"name" : "6880",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "http://securityreason.com/securityalert/3279",
"name" : "3279",
"refsource" : "SREASON",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11363",
"name" : "bitchx-irc-namreply-dos(11363)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "BitchX 75p3 and 1.0c16 through 1.0c20cvs allows remote attackers to cause a denial of service (segmentation fault) via a malformed RPL_NAMREPLY numeric 353 message."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bitchx:bitchx:1.0_c16:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bitchx:bitchx:1.0_c19:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bitchx:bitchx:1.0_c20cvs:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bitchx:bitchx:75p3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1451",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-119"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-02/0233.html",
"name" : "20030219 [SNS Advisory No.61] Symantec Norton AntiVirus 2002 Buffer Overflow Vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.lac.co.jp/security/english/snsadv_e/61_e.html",
"name" : "http://www.lac.co.jp/security/english/snsadv_e/61_e.html",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://securityresponse.symantec.com/avcenter/security/Content/2003.02.28.html",
"name" : "http://securityresponse.symantec.com/avcenter/security/Content/2003.02.28.html",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6886",
"name" : "6886",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11365",
"name" : "nav-email-filename-bo(11365)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in Symantec Norton AntiVirus 2002 allows remote attackers to execute arbitrary code via an e-mail attachment with a compressed ZIP file that contains a file with a long filename."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:symantec:norton_antivirus:2002:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 6.4
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 4.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1452",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-16"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/319811",
"name" : "20030428 Qpopper v4.0.x poppassd local root exploit",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0047.html",
"name" : "20030429 [INetCop Security Advisory] Qpopper v4.0.x poppassd local root",
"refsource" : "VULNWATCH",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/7447",
"name" : "7447",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "http://securityreason.com/securityalert/3268",
"name" : "3268",
"refsource" : "SREASON",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11877",
"name" : "qpopper-poppassd-root-access(11877)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Untrusted search path vulnerability in Qualcomm qpopper 4.0 through 4.05 allows local users to execute arbitrary code by modifying the PATH environment variable to reference a malicious smbpasswd program."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:qualcomm:qpopper:4.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:qualcomm:qpopper:4.0_b14:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:qualcomm:qpopper:4.0.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:qualcomm:qpopper:4.0.5_fc2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:qualcomm:qpopper:4.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:qualcomm:qpopper:4.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:qualcomm:qpopper:4.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:qualcomm:qpopper:4.0.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 3.6
},
"severity" : "LOW",
"exploitabilityScore" : 3.9,
"impactScore" : 4.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1453",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-79"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/319715",
"name" : "20030425 XOOPS MyTextSanitizer CSS 1.3x & 2.x",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/7434",
"name" : "7434",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch" ]
}, {
"url" : "http://securityreason.com/securityalert/3269",
"name" : "3269",
"refsource" : "SREASON",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11872",
"name" : "xoops-mytextsanitizer-xss(11872)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in the MytextSanitizer function in XOOPS 1.3.5 through 1.3.9 and XOOPS 2.0 through 2.0.1 allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in an IMG tag."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xoops:xoops:2.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xoops:xoops:1.3.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xoops:xoops:2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xoops:xoops:1.3.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xoops:xoops:1.3.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xoops:xoops:1.3.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xoops:xoops:1.3.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : true
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1454",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/319747",
"name" : "20030425 Invision Power Board Plaintext Password Disclosure Vuln",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/7440",
"name" : "7440",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://securityreason.com/securityalert/3276",
"name" : "3276",
"refsource" : "SREASON",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11871",
"name" : "invision-admin-plaintext-password(11871)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Invision Power Services Invision Board 1.0 through 1.1.1, when a forum is password protected, stores the administrator password in a cookie in plaintext, which could allow remote attackers to gain access."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "AND",
"children" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:microsoft:all_windows:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:unix:unix:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:invision_power_services:invision_board:1.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:invision_power_services:invision_board:1.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:invision_power_services:invision_board:1.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ],
"cpe_match" : [ ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1455",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-119"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://sourceforge.net/project/shownotes.php?release_id=138437",
"name" : "http://sourceforge.net/project/shownotes.php?release_id=138437",
"refsource" : "CONFIRM",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.securityfocus.com/bid/7582",
"name" : "7582",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.securityfocus.com/bid/7590",
"name" : "7590",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12101",
"name" : "poptop-launchbcrelay-pptpctrlc-bo(12101)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple buffer overflows in the launch_bcrelay function in pptpctrl.c in PoPToP 1.1.4-b1 through PoPToP 1.1.4-b3 allow local users to execute arbitrary code."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:poptop:pptp_server:1.1.4b1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:poptop:pptp_server:1.1.4b2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:poptop:pptp_server:1.1.4b3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1456",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-20"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/319763",
"name" : "20030426 Album.pl Vulnerability - Remote Command Execution",
"refsource" : "BUGTRAQ",
"tags" : [ "Patch" ]
}, {
"url" : "http://perl.bobbitt.ca/yabbse/index.php?board=2;action=display;threadid=720",
"name" : "http://perl.bobbitt.ca/yabbse/index.php?board=2;action=display;threadid=720",
"refsource" : "CONFIRM",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.securityfocus.com/bid/7444",
"name" : "7444",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://securityreason.com/securityalert/3270",
"name" : "3270",
"refsource" : "SREASON",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11878",
"name" : "albumpl-command-execution(11878)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Album.pl 6.1 allows remote attackers to execute arbitrary commands, when an alternative configuration file is used, via unknown attack vectors."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "AND",
"children" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:microsoft:all_windows:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:unix:unix:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mike_bobbitt:album.pl:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "6.1",
"cpe_name" : [ ]
} ]
} ],
"cpe_match" : [ ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"acInsufInfo" : true,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1457",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-16"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/319946",
"name" : "20030429 Auerswald COMsuite/ Back Door",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/7458",
"name" : "7458",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://securityreason.com/securityalert/3282",
"name" : "3282",
"refsource" : "SREASON",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11923",
"name" : "comsuite-runasositron-backdoor-account(11923)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Auerswald COMsuite CTI ControlCenter 3.1 creates a default \"runasositron\" user account with an easily guessable password, which allows local users or remote attackers to gain access."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:auerswald:comsuite_cti_controlcenter:3.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1458",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-89"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/321000",
"name" : "20030509 ttcms and ttforum exploits",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/7543",
"name" : "7543",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://securityreason.com/securityalert/3278",
"name" : "3278",
"refsource" : "SREASON",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12273",
"name" : "ttcms-profile-sql-injection(12273)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "SQL injection vulnerability in Profile.php in ttCMS 2.2 and ttForum allows remote attackers to execute arbitrary SQL commands via the member name."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ttcms:ttforum:1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ttcms:ttcms:2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1459",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-94"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/321000",
"name" : "20030509 ttcms and ttforum exploits",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/7542",
"name" : "7542",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "http://securityreason.com/securityalert/3278",
"name" : "3278",
"refsource" : "SREASON",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12271",
"name" : "ttcms-ttforum-file-include(12271)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple PHP remote file inclusion vulnerabilities in ttCMS 2.2 and ttForum allow remote attackers to execute arbitrary PHP code via the (1) template parameter in News.php or (2) installdir parameter in install.php."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ttcms:ttcms:2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ttcms:ttforum:1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 6.8
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1460",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-264"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.boomerangsworld.de/worker/wchanges.php3?lang=en",
"name" : "http://www.boomerangsworld.de/worker/wchanges.php3?lang=en",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/7460",
"name" : "7460",
"refsource" : "BID",
"tags" : [ "Patch" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Worker Filemanager 1.0 through 2.7 sets the permissions on the destination directory to world-readable and executable while copying data, which could allow local users to obtain sensitive information."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ralf_hoffmann:worker_filemanager:1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ralf_hoffmann:worker_filemanager:1.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ralf_hoffmann:worker_filemanager:2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ralf_hoffmann:worker_filemanager:2.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ralf_hoffmann:worker_filemanager:2.6.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ralf_hoffmann:worker_filemanager:1.3.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ralf_hoffmann:worker_filemanager:1.3.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ralf_hoffmann:worker_filemanager:2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ralf_hoffmann:worker_filemanager:2.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ralf_hoffmann:worker_filemanager:1.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ralf_hoffmann:worker_filemanager:2.2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ralf_hoffmann:worker_filemanager:2.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ralf_hoffmann:worker_filemanager:2.3.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ralf_hoffmann:worker_filemanager:2.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ralf_hoffmann:worker_filemanager:2.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ralf_hoffmann:worker_filemanager:2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ralf_hoffmann:worker_filemanager:1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ralf_hoffmann:worker_filemanager:1.3.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ralf_hoffmann:worker_filemanager:2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ralf_hoffmann:worker_filemanager:2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ralf_hoffmann:worker_filemanager:2.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 3.6
},
"severity" : "LOW",
"exploitabilityScore" : 3.9,
"impactScore" : 4.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:36Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1461",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-119"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/320323",
"name" : "20030502 HP-UX 11.0 /usr/lbin/rwrite",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/archive/1/320371",
"name" : "20030503 rwrite buffer overflow in hp-ux",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/7489",
"name" : "7489",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch" ]
}, {
"url" : "http://securityreason.com/securityalert/3283",
"name" : "3283",
"refsource" : "SREASON",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11919",
"name" : "hp-rwrite-bo(11919)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4897",
"name" : "oval:org.mitre.oval:def:4897",
"refsource" : "OVAL",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in rwrite for HP-UX 11.0 could allow local users to execute arbitrary code via a long argument. NOTE: the vendor was unable to reproduce the problem on a system that had been patched for an lp vulnerability (CVE-2002-1473)."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:hp-ux:11.00:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1462",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-05/0058.html",
"name" : "20030504 Mod_Survey SYSBASE vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://gathering.itm.mh.se/modsurvey/SA20030504.txt",
"name" : "http://gathering.itm.mh.se/modsurvey/SA20030504.txt",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://gathering.itm.mh.se/modsurvey/changelog.php",
"name" : "http://gathering.itm.mh.se/modsurvey/changelog.php",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/7498",
"name" : "7498",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11861",
"name" : "modsurvey-nonexistent-survey-dos(11861)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "mod_survey 3.0.0 through 3.0.15-pre6 does not check whether a survey exists before creating a subdirectory for it, which allows remote attackers to cause a denial of service (disk consumption and possible crash)."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mod_survey:mod_survey:3.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mod_survey:mod_survey:3.0.14e:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mod_survey:mod_survey:3.0.15pre1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mod_survey:mod_survey:3.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mod_survey:mod_survey:3.0.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mod_survey:mod_survey:3.0.13:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mod_survey:mod_survey:3.0.14:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mod_survey:mod_survey:3.0.14d:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mod_survey:mod_survey:3.0.15pre6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mod_survey:mod_survey:3.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mod_survey:mod_survey:3.0.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mod_survey:mod_survey:3.0.12:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mod_survey:mod_survey:3.0.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mod_survey:mod_survey:3.0.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mod_survey:mod_survey:3.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mod_survey:mod_survey:3.0.15pre2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mod_survey:mod_survey:3.0.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mod_survey:mod_survey:3.0.15pre3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mod_survey:mod_survey:3.0.15pre5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mod_survey:mod_survey:3.0.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mod_survey:mod_survey:3.0.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mod_survey:mod_survey:3.0.15pre4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mod_survey:mod_survey:3.0.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1463",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-20"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/319735",
"name" : "20030425 Path disclosure and file access on WebAdmin",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/7438",
"name" : "7438",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/7439",
"name" : "7439",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://securityreason.com/securityalert/3286",
"name" : "3286",
"refsource" : "SREASON",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11875",
"name" : "webadmin-webadmindll-view-files(11875)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11874",
"name" : "webadmin-webadmindll-path-disclosure(11874)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Absolute path traversal vulnerability in Alt-N Technologies WebAdmin 2.0.0 through 2.0.2 allows remote attackers with administrator privileges to (1) determine the installation path by reading the contents of the Name parameter in a link, and (2) read arbitrary files via an absolute path in the Name parameter."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "AND",
"children" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:microsoft:all_windows:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:alt-n:webadmin:2.0.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:alt-n:webadmin:2.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:alt-n:webadmin:2.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ],
"cpe_match" : [ ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "SINGLE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 3.5
},
"severity" : "LOW",
"exploitabilityScore" : 6.8,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1464",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-119"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/320555",
"name" : "20030506 Siemens Mobile Phone - Buffer Overflow",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/7507",
"name" : "7507",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://securityreason.com/securityalert/3287",
"name" : "3287",
"refsource" : "SREASON",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11950",
"name" : "siemens-sms-image-bo(11950)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in Siemens 45 series mobile phones allows remote attackers to cause a denial of service (disconnect and unavailable inbox) via a Short Message Service (SMS) message with a long image name."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:siemens:m45:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:siemens:s45:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.8
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1465",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-22"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/321310",
"name" : "20030513 Phorum Vulnerabilities",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/7569",
"name" : "7569",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch" ]
}, {
"url" : "http://securityreason.com/securityalert/3288",
"name" : "3288",
"refsource" : "SREASON",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12482",
"name" : "phorum-download-directory-traversal(12482)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Directory traversal vulnerability in download.php in Phorum 3.4 through 3.4.2 allows remote attackers to read arbitrary files."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phorum:phorum:3.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phorum:phorum:3.4.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phorum:phorum:3.4.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1466",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/321310",
"name" : "20030513 Phorum Vulnerabilities",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/7581",
"name" : "7581",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.securityfocus.com/bid/7583",
"name" : "7583",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://securityreason.com/securityalert/3288",
"name" : "3288",
"refsource" : "SREASON",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unspecified vulnerability in Phorum 3.4 through 3.4.2 allows remote attackers to use Phorum as a connection proxy to other sites via (1) register.php or (2) login.php."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phorum:phorum:3.4.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phorum:phorum:3.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phorum:phorum:3.4.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:37Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1467",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-79"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/321310",
"name" : "20030513 Phorum Vulnerabilities",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/7572",
"name" : "7572",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.securityfocus.com/bid/7573",
"name" : "7573",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.securityfocus.com/bid/7576",
"name" : "7576",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/7577",
"name" : "7577",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/7584",
"name" : "7584",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "http://securityreason.com/securityalert/3288",
"name" : "3288",
"refsource" : "SREASON",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12502",
"name" : "phorum-register-html-injection(12502)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12487",
"name" : "phorum-multiple-xss(12487)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in (1) login.php, (2) register.php, (3) post.php, and (4) common.php in Phorum before 3.4.3 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "AND",
"children" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:microsoft:all_windows:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:unix:unix:any_version:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phorum:phorum:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "3.4.2",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phorum:phorum:3.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phorum:phorum:3.4.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ],
"cpe_match" : [ ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : true
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1468",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-200"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/321313",
"name" : "20030512 Re: Lot of SQL injection on PHP-Nuke 6.5 (secure weblog!)",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/7589",
"name" : "7589",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12436",
"name" : "phpnuke-weblinks-path-disclosure(12436)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The Web_Links module in PHP-Nuke 6.0 through 6.5 final allows remote attackers to obtain the full web server path via an invalid cid parameter that is non-numeric or null, which leaks the pathname in an error message."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:francisco_burzi:php-nuke:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:francisco_burzi:php-nuke:6.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:francisco_burzi:php-nuke:6.5_beta1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:francisco_burzi:php-nuke:6.5_final:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1469",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-200"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/319867",
"name" : "20030426 NII Advisory - Path Disclosure in Cold Fusion MX Server",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.nii.co.in/vuln/pdmac.html",
"name" : "http://www.nii.co.in/vuln/pdmac.html",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/7443",
"name" : "7443",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "http://securityreason.com/securityalert/3307",
"name" : "3307",
"refsource" : "SREASON",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11879",
"name" : "coldfusion-mx-path-disclosure(11879)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The default configuration of ColdFusion MX has the \"Enable Robust Exception Information\" option selected, which allows remote attackers to obtain the full path of the web server via a direct request to CFIDE/probe.cfm, which leaks the path in an error message."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "AND",
"children" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_nt:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:macromedia:coldfusion:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:macromedia:coldfusion_professional:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:macromedia:coldfusion:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:macromedia:coldfusion:*:*:developer:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ],
"cpe_match" : [ ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1470",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-119"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/319879",
"name" : "20030427 MDaemon SMTP/POP/IMAP server =>v.6.7.5: IMAP buffer overflow",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/7446",
"name" : "7446",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://securityreason.com/securityalert/3296",
"name" : "3296",
"refsource" : "SREASON",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11896",
"name" : "mdaemon-imap-create-bo(11896)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in IMAP service in MDaemon 6.7.5 and earlier allows remote authenticated users to cause a denial of service (crash) and execute arbitrary code via a CREATE command with a long mailbox name."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:alt-n:mdaemon:6.7.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "SINGLE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 9.0
},
"severity" : "HIGH",
"exploitabilityScore" : 8.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1471",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-20"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archive.cert.uni-stuttgart.de/bugtraq/2003/04/msg00364.html",
"name" : "20030428 MDaemon SMTP/POP/IMAP server: =>6.0.7: POP remote DoS",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-04/0359.html",
"name" : "20030428 RE: MDaemon SMTP/POP/IMAP server: =>6.0.7: POP remote DoS",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/7445",
"name" : "7445",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11882",
"name" : "mdaemon-pop3-negative-dos(11882)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "MDaemon POP server 6.0.7 and earlier allows remote authenticated users to cause a denial of service (crash) via a (1) DELE or (2) UIDL with a negative number."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:alt-n:mdaemon:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "6.0.7",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:S/C:N/I:N/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "SINGLE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 6.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 6.8,
"impactScore" : 6.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1472",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-119"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/319818",
"name" : "20030428 Buffer overflow in 3D-ftp",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/7451",
"name" : "7451",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "http://securityreason.com/securityalert/3297",
"name" : "3297",
"refsource" : "SREASON",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11883",
"name" : "3dftp-ftp-banner-bo(11883)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in 3D-FTP client 4.0 allows remote FTP servers to cause a denial of service (crash) and possibly execute arbitrary code via a long banner."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "AND",
"children" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:microsoft:all_windows:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:3d-ftp:3d-ftp:4.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ],
"cpe_match" : [ ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1473",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-119"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2003-05/0122.html",
"name" : "20030509 ltris-and-slashem-tty possible trouble",
"refsource" : "FULLDISC",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/321001",
"name" : "20030508 ltris-and-slashem-tty possible trouble",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/7537",
"name" : "7537",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11978",
"name" : "ltris-bo(11978)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in LTris 1.0.1 of FreeBSD Ports Collection 2003-02-25 and earlier allows local users to execute arbitrary code with gid \"games\" permission via a long HOME environment variable."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:lgames:ltris:1.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1474",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-264"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2003-05/0122.html",
"name" : "20030509 ltris-and-slashem-tty possible trouble",
"refsource" : "FULLDISC",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/321001",
"name" : "20030508 ltris-and-slashem-tty possible trouble",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.iss.net/security_center/static/11979.php",
"name" : "slashem-tty-insecure-permissions(11979)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "slashem-tty in the FreeBSD Ports Collection is installed with write permissions for the games group, which allows local users with group games privileges to modify slashem-tty and execute arbitrary code as other users, as demonstrated using a separate vulnerability in LTris."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:freebsd:slashem-tty:0.0.6e.4f.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:37Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1475",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-287"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/320980",
"name" : "20030509 Netbus 1.x exploit",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/7538",
"name" : "7538",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://securityreason.com/securityalert/3289",
"name" : "3289",
"refsource" : "SREASON",
"tags" : [ "Exploit" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11982",
"name" : "netbus-password-authentication-bypass(11982)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Netbus 1.5 through 1.7 allows more than one client to be connected at the same time, but only prompts the first connection for authentication, which allows remote attackers to gain access."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:netbus:netbus:1.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:netbus:netbus:1.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:netbus:netbus:1.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 6.8
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1476",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.cerberusftp.com/cerberus-releasenotes.htm#KnownIssues",
"name" : "http://www.cerberusftp.com/cerberus-releasenotes.htm#KnownIssues",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/7556",
"name" : "7556",
"refsource" : "BID",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cerberus FTP Server 2.1 stores usernames and passwords in plaintext, which could allow local users to gain access."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cerberus:ftp_server:2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 2.1
},
"severity" : "LOW",
"exploitabilityScore" : 3.9,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:37Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1477",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-119"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.clearswift.com/download/bin/Patches/ReadMe_SMTP_438.htm",
"name" : "http://www.clearswift.com/download/bin/Patches/ReadMe_SMTP_438.htm",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/7562",
"name" : "7562",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12052",
"name" : "mailsweeper-powerpoint-file-dos(12052)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "MAILsweeper for SMTP 4.3.6 and 4.3.7 allows remote attackers to cause a denial of service (CPU consumption) via a PowerPoint attachment that either (1) is corrupt or (2) contains \"embedded objects.\""
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "AND",
"children" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:microsoft:all_windows:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper_for_smtp:4.3.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper_for_smtp:4.3.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ],
"cpe_match" : [ ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.8
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1478",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-119"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/320266",
"name" : "20030502 Re: April appeared to be a month of IE bugs. Here",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/7486",
"name" : "7486",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11971",
"name" : "kde-konqueror-dos(11971)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Konqueror in KDE 3.0.3 allows remote attackers to cause a denial of service (core dump) via a web page that begins with a \"xFFxFE\" byte sequence and a large number of CRLF sequences, as demonstrated using freeze.htm."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:kde:konqueror:3.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : true
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1479",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-79"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/320345",
"name" : "20030502 Code Injection Vulnerabilities in WebcamXP Chat Feature",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.frame4.com/content/advisories/FSA-2003-002.txt",
"name" : "http://www.frame4.com/content/advisories/FSA-2003-002.txt",
"refsource" : "MISC",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/7490",
"name" : "7490",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://securityreason.com/securityalert/3304",
"name" : "3304",
"refsource" : "SREASON",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11952",
"name" : "webcamxp-multiple-xss(11952)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in webcamXP 1.02.432 and 1.02.535 allows remote attackers to inject arbitrary web script or HTML via the message field."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:darkwet:webcam_xp:1.02.432:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:darkwet:webcam_xp:1.02.535:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : true
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1480",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-310"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securiteam.com/tools/5WP031FA0U.html",
"name" : "http://www.securiteam.com/tools/5WP031FA0U.html",
"refsource" : "MISC",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/7500",
"name" : "7500",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "http://secunia.com/advisories/8753",
"name" : "8753",
"refsource" : "SECUNIA",
"tags" : [ "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "MySQL 3.20 through 4.1.0 uses a weak algorithm for hashed passwords, which makes it easier for attackers to decrypt the password via brute force methods."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.22:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.22.27:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.22:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.24:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.28:gamma:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.36:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.38:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.44:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.46:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mysql:mysql:4.1.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.22.28:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.22.29:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.22.30:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.22.32:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.31:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.32:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.33:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.34:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.47:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.48:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.49:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.50:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.52:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:4.0.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:4.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:4.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:4.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:4.0.8:gamma:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:4.0.11:gamma:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.20:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.20.32a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.21:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.22.26:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.23:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.25:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.26:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.27:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.28:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.29:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.30:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.35:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.37:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.39:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.40:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.41:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.42:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.43:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.45:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.51:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.53:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.53a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.54:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.54a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.55:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:3.23.56:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:4.0.5a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:4.0.7:gamma:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:4.0.9:gamma:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:oracle:mysql:4.1.0:alpha:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2019-12-17T17:11Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1481",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-200"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/320438",
"name" : "20030504 CommuniGatePro 4.0.6 [EXPLOIT]",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/7501",
"name" : "7501",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch" ]
}, {
"url" : "http://securityreason.com/securityalert/3290",
"name" : "3290",
"refsource" : "SREASON",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11932",
"name" : "communigate-pro-session-hijacking(11932)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "CommuniGate Pro 3.1 through 4.0.6 sends the session ID in the referer field for an HTTP request for an image, which allows remote attackers to hijack mail sessions via an e-mail with an IMG tag that references a malicious URL that captures the referer."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:stalker:communigate_pro:3.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:stalker:communigate_pro:3.2.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:stalker:communigate_pro:4.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:stalker:communigate_pro:3.2_b5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:stalker:communigate_pro:3.2_b7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:stalker:communigate_pro:4.0.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:stalker:communigate_pro:4.0_b2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:stalker:communigate_pro:4.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:stalker:communigate_pro:3.3_b2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:stalker:communigate_pro:3.4_b3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:stalker:communigate_pro:4.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:stalker:communigate_pro:4.0_b3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:stalker:communigate_pro:3.3_b1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:stalker:communigate_pro:3.3.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 5.8
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 4.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : true
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1482",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-255"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.kurczaba.com/html/security/0305031.htm",
"name" : "http://www.kurczaba.com/html/security/0305031.htm",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/7496",
"name" : "7496",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://securitytracker.com/id?1006691",
"name" : "1006691",
"refsource" : "SECTRACK",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The backup configuration file for Microsoft MN-500 wireless base station stores administrative passwords in plaintext, which allows local users to gain access."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:microsoft:mn-500_wireless_base_station:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:37Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1483",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-255"
}, {
"lang" : "en",
"value" : "CWE-310"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://downloads.securityfocus.com/vulnerabilities/exploits/flashfxp_decrypt.c",
"name" : "http://downloads.securityfocus.com/vulnerabilities/exploits/flashfxp_decrypt.c",
"refsource" : "MISC",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/7499",
"name" : "7499",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "http://securitytracker.com/id?1006730",
"name" : "1006730",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12298",
"name" : "flashfxp-weak-password-encryption(12298)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "FlashFXP 1.4 uses a weak encryption algorithm for user passwords, which allows attackers to decrypt the passwords and gain access."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:flashfxp:flashfxp:1.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 6.4
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 4.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1484",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-119"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/320544",
"name" : "20030505 Crash in Internet Explorer 6.0 Sp1",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/7502",
"name" : "7502",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://securityreason.com/securityalert/3292",
"name" : "3292",
"refsource" : "SREASON",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11946",
"name" : "ie-anchorclick-dos(11946)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (crash) by creating a DHTML link that uses the AnchorClick \"A\" object with a blank href attribute."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : true
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1485",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-20"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.clearswift.com/download/bin/Patches/ReadMe_SMTP_438.htm",
"name" : "http://www.clearswift.com/download/bin/Patches/ReadMe_SMTP_438.htm",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/7568",
"name" : "7568",
"refsource" : "BID",
"tags" : [ "Patch" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Clearswift MAILsweeper 4.0 through 4.3.7 allows remote attackers to bypass filtering via a file attachment that contains \"multiple extensions combined with large blocks of white space.\""
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.3.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.3.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.3.6_sp1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.3.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.3.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:clearswift:mailsweeper:4.3.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:37Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1486",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-200"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/321310",
"name" : "20030513 Phorum Vulnerabilities",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/7571",
"name" : "7571",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "http://securityreason.com/securityalert/3288",
"name" : "3288",
"refsource" : "SREASON",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12499",
"name" : "phorum-multiple-path-disclosure(12499)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Phorum 3.4 through 3.4.2 allows remote attackers to obtain the full path of the web server via an incorrect HTTP request to (1) smileys.php, (2) quick_listrss.php, (3) purge.php, (4) news.php, (5) memberlist.php, (6) forum_listrss.php, (7) forum_list_rdf.php, (8) forum_list.php, or (9) move.php, which leaks the information in an error message."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phorum:phorum:3.4.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phorum:phorum:3.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phorum:phorum:3.4.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1487",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-20"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/321310",
"name" : "20030513 Phorum Vulnerabilities",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/7574",
"name" : "7574",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.securityfocus.com/bid/7578",
"name" : "7578",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.securityfocus.com/bid/7579",
"name" : "7579",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "http://securityreason.com/securityalert/3288",
"name" : "3288",
"refsource" : "SREASON",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12500",
"name" : "phorum-command-execution(12500)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple \"command injection\" vulnerabilities in Phorum 3.4 through 3.4.2 allow remote attackers to execute arbitrary commands and modify the Phorum configuration files via the (1) UserAdmin program, (2) Edit user profile, or (3) stats program."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phorum:phorum:3.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phorum:phorum:3.4.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phorum:phorum:3.4.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1488",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-20"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/7427",
"name" : "7427",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "http://secunia.com/advisories/8683",
"name" : "8683",
"refsource" : "SECUNIA",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=vulnwatch&m=105128431109082&w=2",
"name" : "20030425 True Galerie 1.0 : Admin Access & File Copy",
"refsource" : "VULNWATCH",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11886",
"name" : "truegalerie-verifadmin-admin-access(11886)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The (1) verif_admin.php and (2) check_admin.php scripts in Truegalerie 1.0 allow remote attackers to gain administrator access via a request to admin.php without the connect parameter and with the loggedin parameter set to any value, such as 1."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:truelogik:truegalerie:1.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 6.4
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 4.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1489",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-287"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://secunia.com/advisories/8683",
"name" : "8683",
"refsource" : "SECUNIA",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://marc.info/?l=vulnwatch&m=105128431109082&w=2",
"name" : "20030425 True Galerie 1.0 : Admin Access & File Copy",
"refsource" : "VULNWATCH",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "upload.php in Truegalerie 1.0 allows remote attackers to read arbitrary files by specifying the target filename in the file cookie in form.php, then downloading the file from the image gallery."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:truegalerie:truegalerie:1.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2016-10-18T02:39Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1490",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-20"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/319712",
"name" : "20030424 SonicWall Pro DoS?",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/7435",
"name" : "7435",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://securityreason.com/securityalert/3291",
"name" : "3291",
"refsource" : "SREASON",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11876",
"name" : "sonicwallpro-http-post-dos(11876)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "SonicWall Pro running firmware 6.4.0.1 allows remote attackers to cause a denial of service (device reset) via a long HTTP POST to the internal interface, possibly due to a buffer overflow."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:sonicwall:pro100:6.4.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:sonicwall:pro200:6.4.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:sonicwall:pro300:6.4.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.8
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1491",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-94"
}, {
"lang" : "en",
"value" : "CWE-16"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2003-q2/0352.html",
"name" : "20030422 UDP bypassing in Kerio Firewall 2.1.4",
"refsource" : "FULLDISC",
"tags" : [ ]
}, {
"url" : "http://www.securiteam.com/securitynews/5FP0N1P9PI.html",
"name" : "http://www.securiteam.com/securitynews/5FP0N1P9PI.html",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/7436",
"name" : "7436",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11880",
"name" : "kerio-pf-firewall-bypass(11880)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Kerio Personal Firewall (KPF) 2.1.4 has a default rule to accept incoming packets from DNS (UDP port 53), which allows remote attackers to bypass the firewall filters via packets with a source port of 53."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:kerio:personal_firewall:2.1.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1492",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-59"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/319919",
"name" : "20030429 \"netscape navigator\" is cracked.",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/7456",
"name" : "7456",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11924",
"name" : "netscape-domain-obtain-info(11924)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Netscape Navigator 7.0.2 and Mozilla allows remote attackers to access cookie information in a different domain via an HTTP request for a domain with an extra . (dot) at the end."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:netscape:navigator:7.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : true
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1493",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-noinfo"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/hp/2003-q4/0019.html",
"name" : "HPSBUX0310-291",
"refsource" : "HP",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/8859",
"name" : "8859",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13467",
"name" : "openview-nnm-packet-dos(13467)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Memory leak in HP OpenView Network Node Manager (NNM) 6.2 and 6.4 allows remote attackers to cause a denial of service (memory exhaustion) via crafted TCP packets."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:openview_network_node_manager:6.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:openview_network_node_manager:6.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:openview_network_node_manager:6.4:*:hp_ux_11.x:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:openview_network_node_manager:6.4:*:nt_4.x_windows_2000:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:openview_network_node_manager:5.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:openview_network_node_manager:6.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:openview_network_node_manager:6.2:*:hp_ux_10.x:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:openview_network_node_manager:6.2:*:hp_ux_11.x:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:openview_network_node_manager:6.4:*:solaris:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:openview_network_node_manager:6.41:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:openview_network_node_manager:6.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:openview_network_node_manager:6.1:*:hp_ux_10.x:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:openview_network_node_manager:6.1:*:solaris:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:openview_network_node_manager:6.31:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:openview_network_node_manager:6.1:*:hp_ux_11.x:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:openview_network_node_manager:6.2:*:nt_4.x_windows_2000:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:openview_network_node_manager:6.2:*:solaris:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:openview_network_node_manager:6.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1494",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-119"
}, {
"lang" : "en",
"value" : "CWE-399"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/hp/2003-q4/0019.html",
"name" : "HPSBUX0310-291",
"refsource" : "HP",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/8859",
"name" : "8859",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13467",
"name" : "openview-nnm-packet-dos(13467)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unspecified vulnerability in HP OpenView Network Node Manager (NNM) 6.2 and 6.4 allows remote attackers to cause a denial of service (CPU consumption) via a crafted TCP packet."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:openview_network_node_manager:6.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:openview_network_node_manager:6.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1495",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-264"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www-1.ibm.com/services/continuity/recover1.nsf/MSS/MSS-OAR-E01-2003.1357.1",
"name" : "SSRT3632",
"refsource" : "COMPAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/8878",
"name" : "8878",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13496",
"name" : "hp-management-gain-privileges(13496)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unspecified vulnerability in the non-SSL web agent in various HP Management Agent products allows local users or remote attackers to gain privileges or cause a denial of service via unknown attack vectors."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:insight_management_suite:4.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:insight_management_suite:5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:insight_manager:1.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:insight_manager:1.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:remote_diagnostics_enabling_agent:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:hp:insight_management_suite:3.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1496",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-119"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/advisories/5973",
"name" : "SSRT3589",
"refsource" : "COMPAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/8813",
"name" : "8813",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/9990",
"name" : "9990",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13418",
"name" : "tru64-dtmailpr-gain-privileges(13418)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unspecified vulnerability in CDE dtmailpr of HP Tru64 4.0F through 5.1B allows local users to gain privileges via unknown attack vectors. NOTE: due to lack of details in the vendor advisory, it is not clear whether this is the same issue as CVE-1999-0840."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:tru64:4.0f_pk7_bl18:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:tru64:4.0f_pk8_bl22:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:tru64:5.1_pk5_bl19:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:tru64:5.1_pk6_bl20:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:tru64:4.0g:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:tru64:4.0g_pk3_bl17:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:tru64:5.1a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:tru64:5.1a_pk1_bl1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:tru64:5.1a_pk2_bl2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:tru64:4.0g_pk4_bl22:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:tru64:5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:tru64:4.0f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:tru64:5.1a_pk4_bl21:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:tru64:5.1a_pk5_bl23:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:tru64:5.1_pk3_bl17:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:tru64:5.1b:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:tru64:5.1a_pk3_bl3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:tru64:4.0f_pk6_bl17:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:hp:tru64:5.1_pk4_bl18:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1497",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-119"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/341309",
"name" : "20031015 LinkSys EtherFast Router Denial of Service Attack",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.linksys.com/download/vertxt/befsx41_1453.txt",
"name" : "http://www.linksys.com/download/vertxt/befsx41_1453.txt",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/8834",
"name" : "8834",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://securityreason.com/securityalert/3298",
"name" : "3298",
"refsource" : "SREASON",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13436",
"name" : "linksys-etherfast-logpagenum-dos(13436)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in the system log viewer of Linksys BEFSX41 1.44.3 allows remote attackers to cause a denial of service via an HTTP request with a long Log_Page_Num variable."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:linksys:befsx41:1.43.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:S/C:N/I:N/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "SINGLE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 6.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 6.8,
"impactScore" : 6.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1498",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-79"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-10/0173.html",
"name" : "20031014 Cross-Site Scripting Vulnerability in Wrensoft Zoom Search Engine",
"refsource" : "BUGTRAQ",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.securityfocus.com/bid/8823",
"name" : "8823",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13431",
"name" : "zoom-search-xss(13431)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in search.php for WRENSOFT Zoom Search Engine 2.0 Build 1018 and earlier allows remote attackers to inject arbitrary web script or HTML via the zoom_query parameter."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:wrensoft:zoom_search_engine:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "2.0_build_1018",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : true
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1499",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-22"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-10/0200.html",
"name" : "20031019 ByteHoard Directory Traversal Vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012430.html",
"name" : "20031019 ByteHoard Directory Traversal Vulnerability",
"refsource" : "FULLDISC",
"tags" : [ ]
}, {
"url" : "http://www.securiteam.com/unixfocus/6L00L008KE.html",
"name" : "http://www.securiteam.com/unixfocus/6L00L008KE.html",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/8850",
"name" : "8850",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13456",
"name" : "bytehoard-dotdot-directory-traversal(13456)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Directory traversal vulnerability in index.php in Bytehoard 0.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the infolder parameter."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bytehoard:bytehoard:0.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1500",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-94"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/341757",
"name" : "20031019 ZH2003-31SA (security advisory): file inclusion vulnerability in cpCommerce",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://cpcommerce.org/forums/index.php?board=2;action=display;threadid=864",
"name" : "http://cpcommerce.org/forums/index.php?board=2;action=display;threadid=864",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.securiteam.com/unixfocus/6H00E2K8KG.html",
"name" : "http://www.securiteam.com/unixfocus/6H00E2K8KG.html",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/8851",
"name" : "8851",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://securityreason.com/securityalert/3301",
"name" : "3301",
"refsource" : "SREASON",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13457",
"name" : "cpCommerce-functionsphp-file-include(13457)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "PHP remote file inclusion vulnerability in _functions.php in cpCommerce 0.5f allows remote attackers to execute arbitrary code via the prefix parameter."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cpcommerce:cpcommerce:0.5f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 6.8
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1501",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-22"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/341870",
"name" : "20031020 Gast Arbeiter Privilege Escalation",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/8858",
"name" : "8858",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13469",
"name" : "gast-arbeiter-file-upload(13469)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Directory traversal vulnerability in the file upload CGI of Gast Arbeiter 1.3 allows remote attackers to write arbitrary files via a .. (dot dot) in the req_file parameter."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gast_arbeiter:gast_arbeiter:1.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 6.4
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 4.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1502",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012043.html",
"name" : "20031015 Mod-Throttle [was: client attacks server - XSS]",
"refsource" : "FULLDISC",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/8822",
"name" : "8822",
"refsource" : "BID",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:snert.com:mod_throttle:3.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:37Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1503",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-119"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/ntbugtraq/2003-q4/0059.html",
"name" : "20031015 Buffer Overflow in AOL Instant Messager",
"refsource" : "NTBUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.digitalpranksters.com/advisories/aol/AIMProtocolBO.html",
"name" : "http://www.digitalpranksters.com/advisories/aol/AIMProtocolBO.html",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/8825",
"name" : "8825",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13443",
"name" : "aim-getfile-screenname-bo(13443)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in AOL Instant Messenger (AIM) 5.2.3292 allows remote attackers to execute arbitrary code via an aim:getfile URL with a long screen name."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:aol:instant_messenger:5.2.3292:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1504",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-89"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/341760",
"name" : "20031018 Get admin level on Goldlink script v3.0",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/8847",
"name" : "8847",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://securityreason.com/securityalert/3302",
"name" : "3302",
"refsource" : "SREASON",
"tags" : [ "Exploit" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13465",
"name" : "goldlink-variables-gain-access(13465)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "SQL injection vulnerability in variables.php in Goldlink 3.0 allows remote attackers to execute arbitrary SQL commands via the (1) vadmin_login or (2) vadmin_pass cookie in a request to goldlink.php."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:goldscripts:goldlink:3.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1505",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/342010",
"name" : "20031022 IE6 CSS-Crash",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/8874",
"name" : "8874",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "http://securityreason.com/securityalert/3295",
"name" : "3295",
"refsource" : "SREASON",
"tags" : [ "Exploit" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13809",
"name" : "ie-scrollbarbasecolor-dos(13809)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service (crash) by creating a web page or HTML e-mail with a textarea in a div element whose scrollbar-base-color is modified by a CSS style, which is then moved."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : true
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1506",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-79"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/342160",
"name" : "20031022 CensorNet: Cross Site Scripting Vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/342551",
"name" : "20031027 Re: CensorNet: Cross Site Scripting Vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/342577",
"name" : "20031027 Re: CensorNet: Cross Site Scripting Vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/8876",
"name" : "8876",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "http://securityreason.com/securityalert/3299",
"name" : "3299",
"refsource" : "SREASON",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13507",
"name" : "censornet-cgi-xss(13507)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in dansguardian.pl in Adelix CensorNet 3.0 through 3.2 allows remote attackers to execute arbitrary script as other users by injecting arbitrary HTML or script into the DENIEDURL parameter."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:daniel_barron:dansguardian:3.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:daniel_barron:dansguardian:3.1_r5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:daniel_barron:dansguardian:3.1_r6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:daniel_barron:dansguardian:3.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : true
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1507",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/341329",
"name" : "20031015 Few issues previously unpublished in English",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/8837",
"name" : "8837",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://securitytracker.com/id?1007924",
"name" : "1007924",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13446",
"name" : "wgsd-default-admin-account(13446)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Planet Technology WGSD-1020 and WSW-2401 Ethernet switches use a default \"superuser\" account with the \"planet\" password, which allows remote attackers to gain administrative access."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:planet_technology_corp:wgsd-1020:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:planet_technology_corp:wsw-2401:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1508",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-119"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/342179",
"name" : "20031023 (Fw) : mIRC 6.12 (latest) DCC Exploit",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.irchelp.org/irchelp/mirc/exploit.html",
"name" : "http://www.irchelp.org/irchelp/mirc/exploit.html",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/8880",
"name" : "8880",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "http://securityreason.com/securityalert/3303",
"name" : "3303",
"refsource" : "SREASON",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in mIRC 6.12, when the DCC get dialog window has been minimized and the user opens the minimized window, allows remote attackers to cause a denial of service (crash) via a long filename."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:mirc:mirc:6.12:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:37Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1509",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://service.real.com/help/faq/security/securityupdate_october2003.html",
"name" : "http://service.real.com/help/faq/security/securityupdate_october2003.html",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/8839",
"name" : "8839",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13445",
"name" : "realoneplayer-temporary-script-execution(13445)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Real Networks RealOne Enterprise Desktop 6.0.11.774, RealOne Player 2.0, and RealOne Player 6.0.11.818 through RealOne Player 6.0.11.853 allows remote attackers to execute arbitrary script in the local security zone by embedding script in a temp file before the temp file is executed by the default web browser."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:realnetworks:realone_enterprise_desktop:6.0.11.774:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:realnetworks:realone_player:2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:realnetworks:realone_player:6.0.11.818:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:realnetworks:realone_player:6.0.11.830:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:realnetworks:realone_player:6.0.11.841:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:realnetworks:realone_player:6.0.11.853:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-08-17T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1510",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securiteam.com/windowsntfocus/6S0052K8LQ.html",
"name" : "http://www.securiteam.com/windowsntfocus/6S0052K8LQ.html",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/8810",
"name" : "8810",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13402",
"name" : "tinyweb-httpget-dos(13402)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "TinyWeb 1.9 allows remote attackers to cause a denial of service (CPU consumption) via a \".%00.\" in an HTTP GET request to the cgi-bin directory."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:rit_research_labs:tinyweb:1.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.8
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1511",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-79"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/341452",
"name" : "20031016 CSS Vulnerability in Bajie HTTP JServer",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/8841",
"name" : "8841",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch" ]
}, {
"url" : "http://secunia.com/advisories/10023",
"name" : "10023",
"refsource" : "SECUNIA",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://securityreason.com/securityalert/3306",
"name" : "3306",
"refsource" : "SREASON",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.geocities.com/gzhangx/websrv/docs/security.html",
"name" : "http://www.geocities.com/gzhangx/websrv/docs/security.html",
"refsource" : "CONFIRM",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in Bajie Java HTTP Server 0.95 through 0.95zxv4 allows remote attackers to inject arbitrary web script or HTML via (1) the query string to test.txt, (2) the guestName parameter to the custMsg servlet, or (3) the cookiename parameter to the CookieExample servlet."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bajie:java_http_server:0.95:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bajie:java_http_server:0.95:zxc:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bajie:java_http_server:0.95:zxe1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bajie:java_http_server:0.95:zxv4:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bajie:java_http_server:0.95:d:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bajie:java_http_server:0.95:zxe:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : true
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:37Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1512",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-119"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/8818",
"name" : "8818",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in mIRC 6.1 and 6.11 allows remote attackers to cause a denial of service (crash) via a long DCC SEND request."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:khaled_mardam-bey:mirc:6.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:khaled_mardam-bey:mirc:6.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:37Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1513",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-79"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012361.html",
"name" : "20031019 Caucho Resin 2.x - Cross Site Scripting",
"refsource" : "FULLDISC",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/8852",
"name" : "8852",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "http://secunia.com/advisories/10031",
"name" : "10031",
"refsource" : "SECUNIA",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13460",
"name" : "resin-name-comment-xss(13460)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in example scripts in Caucho Technology Resin 2.0 through 2.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) env.jsp, (2) form.jsp, (3) session.jsp, (4) the move parameter to tictactoe.jsp, or the (5) name or (6) comment fields to guestbook.jsp."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:caucho_technology:resin:2.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:caucho_technology:resin:2.1.12:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:caucho_technology:resin:2.1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:caucho_technology:resin:2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : true
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1514",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-119"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/341754",
"name" : "20031019 eMule 2.2 [0.29c] - Web Control Panel - DOS(Denial Of Service)",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/8854",
"name" : "8854",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://securityreason.com/securityalert/3294",
"name" : "3294",
"refsource" : "SREASON",
"tags" : [ "Exploit" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13464",
"name" : "emule-long-password-dos(13464)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "eMule 0.29c allows remote attackers to cause a denial of service (crash) via a long password, possibly due to a buffer overflow."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:emule:emule:0.29c:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.8
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1515",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-264"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/341752",
"name" : "20031012 Origo ASR-8100 ADSL router remote factory reset",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/8855",
"name" : "8855",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://securityreason.com/securityalert/3300",
"name" : "3300",
"refsource" : "SREASON",
"tags" : [ "Exploit" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13463",
"name" : "origo-default-settings-restore(13463)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Origo ASR-8100 ADSL Router 3.21 has an administration service running on port 254 that does not require a password, which allows remote attackers to cause a denial of service by restoring the factory defaults."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:origo:asr-8100:adsl_router_3.21:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:h:origo:asr-8400:adsl_router:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.8
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1516",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/341815",
"name" : "20031020 Cross Site Java applets",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/8857",
"name" : "8857",
"refsource" : "BID",
"tags" : [ "Exploit" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:java_plug-in:1.4.2_01:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 6.8
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:37Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1517",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-200"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securiteam.com/securitynews/6T00T008KG.html",
"name" : "http://www.securiteam.com/securitynews/6T00T008KG.html",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/8860",
"name" : "8860",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13461",
"name" : "dansie-cartpl-path-disclosure(13461)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "cart.pl in Dansie shopping cart allows remote attackers to obtain the installation path via an invalid db parameter, which leaks the path in an error message."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:dansie:shopping_cart:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1518",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-119"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securiteam.com/windowsntfocus/6L00F158KE.html",
"name" : "http://www.securiteam.com/windowsntfocus/6L00F158KE.html",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.adiscon.com/Common/en/advisory/2003-09-15.asp",
"name" : "http://www.adiscon.com/Common/en/advisory/2003-09-15.asp",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/8821",
"name" : "8821",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13428",
"name" : "winsyslog-long-syslog-dos(13428)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Adiscon WinSyslog 4.21 SP1 allows remote attackers to cause a denial of service (CPU consumption) via a long syslog message."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:adiscon:winsyslog:4.21_sp1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:adiscon:winsyslog:5.0_beta:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.8
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1519",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-79"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/8862",
"name" : "8862",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "http://securitytracker.com/id?1007955",
"name" : "1007955",
"refsource" : "SECTRACK",
"tags" : [ "Exploit" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13452",
"name" : "vívísimo-clustering-engine-xss(13452)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in Vivisimo clustering engine allows remote attackers to inject arbitrary web script or HTML via the query parameter to the search program."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:vivisimo:clustering_engine:0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : true
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1520",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-89"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/341908",
"name" : "20031021 SQL Injection Vulnerability in FuzzyMonkey MyClassifieds SQL Version",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit", "Patch" ]
}, {
"url" : "http://www.fuzzymonkey.org/newfuzzy/software/data/03My_Classifieds_MySQL//README.html#changes",
"name" : "http://www.fuzzymonkey.org/newfuzzy/software/data/03My_Classifieds_MySQL//README.html#changes",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/8863",
"name" : "8863",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch" ]
}, {
"url" : "http://securityreason.com/securityalert/3293",
"name" : "3293",
"refsource" : "SREASON",
"tags" : [ "Exploit", "Patch" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "SQL injection vulnerability in FuzzyMonkey My Classifieds 2.11 allows remote attackers to execute arbitrary SQL commands via the email parameter."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fuzzymonkey:myclassifieds:2.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 6.8
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:37Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1521",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/341943",
"name" : "20031021 IE6 & Java 1.4.2_02 applet: Hardware stress on floppy drive",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/8867",
"name" : "8867",
"refsource" : "BID",
"tags" : [ "Exploit" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:java_plug-in:1.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:java_plug-in:1.4.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:java_plug-in:1.4.2_01:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:java_plug-in:1.4.2_02:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 6.4
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 4.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:37Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1522",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-79"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securiteam.com/windowsntfocus/6S00S008KW.html",
"name" : "http://www.securiteam.com/windowsntfocus/6S00S008KW.html",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.pscs.co.uk/products/vpop3/whatsnew.html",
"name" : "http://www.pscs.co.uk/products/vpop3/whatsnew.html",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/8869",
"name" : "8869",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13459",
"name" : "vpop3-login-xss(13459)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in PSCS VPOP3 Web Mail server 2.0e and 2.0f allows remote attackers to inject arbitrary web script or HTML via the redirect parameter to the admin/index.html page."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:pscs:vpop3_web_mail_server:2.0e:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:pscs:vpop3_web_mail_server:2.0f:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : true
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1523",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-89"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://mailman.fastxs.net/pipermail/dbmail/2003-July/003252.html",
"name" : "[Dbmail] 20030725 WARNING SECURITY FLAW IN IMAPSERVER",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/8829",
"name" : "8829",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "http://secunia.com/advisories/10001",
"name" : "10001",
"refsource" : "SECUNIA",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13416",
"name" : "dbmail-multiple-sql-injection(13416)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "SQL injection vulnerability in the IMAP daemon in dbmail 1.1 allows remote attackers to execute arbitrary SQL commands via the (1) login username, (2) mailbox name, and possibly other attack vectors."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:dbmail:dbmail:1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:dbmail:dbmail:1.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1524",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-264"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securiteam.com/windowsntfocus/6M00L0K8KI.html",
"name" : "http://www.securiteam.com/windowsntfocus/6M00L0K8KI.html",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/8870",
"name" : "8870",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13490",
"name" : "pgpdisk-obtain-information(13490)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "PGPi PGPDisk 6.0.2i does not unmount a PGP partition when the switch user function in Windows XP is used, which could allow local users to access data on another user's PGP partition."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:pgpi:pgpdisk:6.0.2i:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:M/Au:N/C:C/I:C/A:N",
"accessVector" : "LOCAL",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "NONE",
"baseScore" : 6.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.4,
"impactScore" : 9.2,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : true
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1525",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-noinfo"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.fuzzymonkey.org/newfuzzy/software/perl/photo/README.html",
"name" : "http://www.fuzzymonkey.org/newfuzzy/software/perl/photo/README.html",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/8872",
"name" : "8872",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13498",
"name" : "myphotogallery-unknown-vulnerabilities(13498)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unspecified vulnerability in My Photo Gallery 3.5, and possibly earlier versions, has unknown impact and attack vectors."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:my_photo_gallery:my_photo_gallery:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "3.5",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"acInsufInfo" : true,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1526",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-200"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/341743",
"name" : "20031018 PHP-Nuke Path Disclosure Vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/8848",
"name" : "8848",
"refsource" : "BID",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "PHP-Nuke 7.0 allows remote attackers to obtain the installation path via certain characters such as (1) \", (2) ', or (3) > in the search field, which reveals the path in an error message."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:francisco_burzi:php-nuke:7.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:37Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1527",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://online.securityfocus.com/archive/1/294411",
"name" : "20021008 Multiple Vendor PC firewall remote denial of services Vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/5917",
"name" : "5917",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.iss.net/security_center/static/10314.php",
"name" : "firewall-autoblock-spoofing-dos(10314)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "BlackICE Defender 2.9.cap and Server Protection 3.5.cdf, when configured to automatically block attacks, allows remote attackers to block IP addresses and cause a denial of service via spoofed packets."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:internet_security_systems_blackice_defender:2.9cap:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:iss:blackice_server_protection:3.5.cdf:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:37Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1528",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-59"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/9446",
"name" : "9446",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.securitytracker.com/id?1008801",
"name" : "1008801",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://securityreason.com/securityalert/3353",
"name" : "3353",
"refsource" : "SREASON",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/archive/1/350237/30/21640/threaded",
"name" : "20040119 Networker 6.0 - possible symlink attack",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "nsr_shutdown in Fujitsu Siemens NetWorker 6.0 allows local users to overwrite arbitrary files via a symlink attack on the nsrsh[PID] temporary file."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fujitsu:siemens_networker:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.2
},
"severity" : "HIGH",
"exploitabilityScore" : 3.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2018-10-19T15:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1529",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-22"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-03/0357.html",
"name" : "20030325 IRM 005: JWalk Application Server Version 3.2c9 Directory Traversal Vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.irmplc.com/advisory/adv5.htm",
"name" : "http://www.irmplc.com/advisory/adv5.htm",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/7160",
"name" : "7160",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/4927",
"name" : "4927",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://www.securitytracker.com/id?1006378",
"name" : "1006378",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/8411",
"name" : "8411",
"refsource" : "SECUNIA",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11623",
"name" : "jwalk-dotdot-directory-traversal(11623)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Directory traversal vulnerability in Seagull Software Systems J Walk application server 3.2C9, and other versions before 3.3c4, allows remote attackers to read arbitrary files via a \".%252e\" (encoded dot dot) in the URL."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:seagull_software_systems:j_walk_application_server:3.2c9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1530",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-89"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-01/0125.html",
"name" : "20030116 phpBB SQL Injection vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6634",
"name" : "6634",
"refsource" : "BID",
"tags" : [ "Exploit", "Patch" ]
}, {
"url" : "http://www.osvdb.org/4277",
"name" : "4277",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/7887/",
"name" : "7887",
"refsource" : "SECUNIA",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/archive/1/307212/30/26300/threaded",
"name" : "20030117 phpBB SQL Injection vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "SQL injection vulnerability in privmsg.php in phpBB 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the mark[] parameter."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phpbb:phpbb:2.0.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : true,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2018-10-19T15:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1531",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-79"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=104878375423320&w=2",
"name" : "20030327 [SCSA-013] Cross Site Scripting vulnerability in testcgi.exe",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.security-corporation.com/index.php?id=advisories&a=013-FR",
"name" : "http://www.security-corporation.com/index.php?id=advisories&a=013-FR",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/7214",
"name" : "7214",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.securitytracker.com/id?1006391",
"name" : "1006391",
"refsource" : "SECTRACK",
"tags" : [ "Exploit" ]
}, {
"url" : "http://secunia.com/advisories/8456",
"name" : "8456",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11638",
"name" : "ceilidh-textcgi-xss(11638)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in testcgi.exe in Lilikoi Software Ceilidh 2.70 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:lilikoi:ceilidh:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "2.70",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : true
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1532",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-89"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/6746",
"name" : "6746",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securitytracker.com/id?1006030",
"name" : "1006030",
"refsource" : "SECTRACK",
"tags" : [ "Exploit" ]
}, {
"url" : "http://secunia.com/advisories/7990",
"name" : "7990",
"refsource" : "SECUNIA",
"tags" : [ "Exploit" ]
}, {
"url" : "http://securityreason.com/securityalert/3348",
"name" : "3348",
"refsource" : "SREASON",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/archive/1/309921/30/26090/threaded",
"name" : "20030203 phpMyShop (php)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "SQL injection vulnerability in compte.php in PhpMyShop 1.00 allows remote attackers to execute arbitrary SQL commands via the (1) identifiant and (2) password parameters."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:julien_desaunay:phpmyshop:1.00:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2018-10-19T15:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1533",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-89"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/6594",
"name" : "6594",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securitytracker.com/id?1005948",
"name" : "1005948",
"refsource" : "SECTRACK",
"tags" : [ "Exploit" ]
}, {
"url" : "http://securityreason.com/securityalert/3349",
"name" : "3349",
"refsource" : "SREASON",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/archive/1/307224/30/26300/threaded",
"name" : "20030113 phpPass (PHP)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "SQL injection vulnerability in accesscontrol.php in PhpPass 2 allows remote attackers to execute arbitrary SQL commands via the (1) uid and (2) pwd parameters."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phppass:phppass:2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2018-10-19T15:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1534",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-79"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/7233",
"name" : "7233",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.securitytracker.com/id?1006412",
"name" : "1006412",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/8475",
"name" : "8475",
"refsource" : "SECUNIA",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://securityreason.com/securityalert/3347",
"name" : "3347",
"refsource" : "SREASON",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/archive/1/316745/30/25280/threaded",
"name" : "20030329 Justice Guestbook 1.3 vulnerabilities",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in jgb.php3 in Justice Guestbook 1.3 allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) homepage, (3) aim, (4) yim, (5) location, and (6) comment variables."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:justice_media:guestbook:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "1.3",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : true
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2018-10-19T15:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1535",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-200"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/7234",
"name" : "7234",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securitytracker.com/id?1006412",
"name" : "1006412",
"refsource" : "SECTRACK",
"tags" : [ "Exploit" ]
}, {
"url" : "http://secunia.com/advisories/8475",
"name" : "8475",
"refsource" : "SECUNIA",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://securityreason.com/securityalert/3347",
"name" : "3347",
"refsource" : "SREASON",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/archive/1/316745/30/25280/threaded",
"name" : "20030329 Justice Guestbook 1.3 vulnerabilities",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Justice Guestbook 1.3 allows remote attackers to obtain the full installation path via a direct request to cfooter.php3, which leaks the path in an error message."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:justice_media:guestbook:1.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2018-10-19T15:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1536",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-79"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-03/0275.html",
"name" : "20030318 Some XSS vulns",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/7141",
"name" : "7141",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/7144",
"name" : "7144",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.osvdb.org/7021",
"name" : "7021",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/7022",
"name" : "7022",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/8358",
"name" : "8358",
"refsource" : "SECUNIA",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11602",
"name" : "dcpportal-search-calendar-xss(11602)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Codeworx Technologies DCP-Portal 5.3.1 allow remote attackers to inject arbitrary web script or HTML via (1) the q parameter to search.php and (2) the year parameter to calendar.php."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:dcp-portal:dcp-portal:5.3.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-07-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1537",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-22"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0117.html",
"name" : "20030309 Postnuke v 0.723 SQL injection and directory traversing",
"refsource" : "VULNWATCH",
"tags" : [ "Exploit" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Directory traversal vulnerability in PostNuke 0.723 and earlier allows remote attackers to include arbitrary files named theme.php via the theme parameter to index.php."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:postnuke_software_foundation:postnuke:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "0.723",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:37Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1538",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-20"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.novell.com/linux/security/advisories/2003_005_susehelp.html",
"name" : "SUSE-SA:2003:005",
"refsource" : "SUSE",
"tags" : [ ]
}, {
"url" : "http://www.securitytracker.com/id?1005954",
"name" : "1005954",
"refsource" : "SECTRACK",
"tags" : [ "Patch" ]
}, {
"url" : "http://secunia.com/advisories/7906",
"name" : "7906",
"refsource" : "SECUNIA",
"tags" : [ "Patch", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "susehelp in SuSE Linux 8.1, Enterprise Server 8, Office Server, and Openexchange Server 4 does not properly filter shell metacharacters, which allows remote attackers to execute arbitrary commands via CGI queries."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:suse:suse_linux:8.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:suse:suse_linux_openexchange_server:4.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:suse:office_server:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:suse:suse_linux:8:*:enterprise_server:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 6.4
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 4.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:37Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1539",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-79"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://sourceforge.net/project/shownotes.php?release_id=144274",
"name" : "http://sourceforge.net/project/shownotes.php?release_id=144274",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://sourceforge.net/tracker/index.php?func=detail&aid=695597&group_id=60333&atid=493842",
"name" : "http://sourceforge.net/tracker/index.php?func=detail&aid=695597&group_id=60333&atid=493842",
"refsource" : "CONFIRM",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/7035",
"name" : "7035",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "http://secunia.com/advisories/8257",
"name" : "8257",
"refsource" : "SECUNIA",
"tags" : [ "Patch", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in ONEdotOH Simple File Manager (SFM) before 0.21 allows remote attackers to inject arbitrary web script or HTML via (1) file names and (2) directory names."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:onedotoh:simple_file_manager:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "0.19",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : true
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:37Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1540",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-200"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/7147",
"name" : "7147",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://securitytracker.com/id?1006352",
"name" : "1006352",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/8396",
"name" : "8396",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://securityreason.com/securityalert/3645",
"name" : "3645",
"refsource" : "SREASON",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11571",
"name" : "wf-chat-plaintext-passwords(11571)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/315583/30/25430/threaded",
"name" : "20030319 WF-Chat",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "WF-Chat 1.0 Beta stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain authentication information via a direct request to (1) !pwds.txt and (2) !nicks.txt."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:wfchat:wfchat:1.0:beta:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2018-10-19T15:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1541",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-264"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/7167",
"name" : "7167",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.securitytracker.com/id?1006360",
"name" : "1006360",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/8392",
"name" : "8392",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://securityreason.com/securityalert/3653",
"name" : "3653",
"refsource" : "SREASON",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11609",
"name" : "guestbooktr3a-plaintext-password-disclosure(11609)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/315895/30/25400/threaded",
"name" : "20030321 Guestbook tr3.a",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "PlanetMoon Guestbook tr3.a stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the admin script password, and other passwords, via a direct request to files/passwd.txt."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:planetmoon:guestbook:tr3.a.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2018-10-19T15:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1542",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-22"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://platon.sk/projects/release_view_page.php?release_id=2",
"name" : "http://platon.sk/projects/release_view_page.php?release_id=2",
"refsource" : "CONFIRM",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.securityfocus.com/bid/6933",
"name" : "6933",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/8183",
"name" : "8183",
"refsource" : "SECUNIA",
"tags" : [ "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Directory traversal vulnerability in plugins/file.php in phpWebFileManager before 0.4.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the fm_path parameter."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ondrej_jombik:phpwebfilemanager:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "0.4",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T20:37Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1543",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-79"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.geocities.com/gzhangx/websrv/docs/security.html",
"name" : "http://www.geocities.com/gzhangx/websrv/docs/security.html",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.lucaercoli.it/advs/bajie.txt",
"name" : "http://www.lucaercoli.it/advs/bajie.txt",
"refsource" : "MISC",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securiteam.com/securitynews/5LP10009FC.html",
"name" : "http://www.securiteam.com/securitynews/5LP10009FC.html",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/7344",
"name" : "7344",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://securitytracker.com/id?1006428",
"name" : "1006428",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/8477",
"name" : "8477",
"refsource" : "SECUNIA",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11687",
"name" : "bajie-error-message-xss(11687)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in Bajie Http Web Server 0.95zxe, 0.95zxc, and possibly others, allows remote attackers to inject arbitrary web script or HTML via the query string, which is reflected in an error message."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bajie:java_http_server:0.95:zxc:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:bajie:java_http_server:0.95:zxe:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : true
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-08-08T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1544",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/308059",
"name" : "20030123 DoS attack on Windows 2000 Terminal Server",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/308164",
"name" : "20030124 RE: DoS attack on Windows 2000 Terminal Server",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://support.microsoft.com/kb/815225/en-us",
"name" : "815225",
"refsource" : "MSKB",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6672",
"name" : "6672",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.securitytracker.com/id?1005986",
"name" : "1005986",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/7959",
"name" : "7959",
"refsource" : "SECUNIA",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://securityreason.com/securityalert/3654",
"name" : "3654",
"refsource" : "SREASON",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11816",
"name" : "win2k-terminal-msgina-permissions(11816)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11141",
"name" : "win2k-terminal-msgina-dos(11141)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unrestricted critical resource lock in Terminal Services for Windows 2000 before SP4 and Windows XP allows remote authenticated users to cause a denial of service (reboot) by obtaining a read lock on msgina.dll, which prevents msgina.dll from being loaded."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp3:srv:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_2000:*:sp3:adv_srv:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "SINGLE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 6.8
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.0,
"impactScore" : 6.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-08-08T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1545",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-22"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/316198/30/25340/threaded",
"name" : "20030325 Re: PHPNuke viewpage.php allows Remote File retrieving",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/316233/30/25340/threaded",
"name" : "20030325 Re: PHPNuke viewpage.php allows Remote File retrieving",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/316341/30/25310/threaded",
"name" : "20030325 Re: PHPNuke viewpage.php allows Remote File retrieving",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/316327/30/25340/threaded",
"name" : "20030326 Re: PHPNuke viewpage.php allows Remote File retrieving",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/7191",
"name" : "7191",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.securitytracker.com/id?1006377",
"name" : "1006377",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/316585/30/25310/threaded",
"name" : "20030327 Re: PHPNuke viewpage.php allows Remote File retrieving",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/316209/30/25340/threaded",
"name" : "20030325 Re: PHPNuke viewpage.php and another SQL injections",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/316179/30/25340/threaded",
"name" : "20030325 PHPNuke viewpage.php allows Remote File retrieving",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Absolute path traversal vulnerability in nukestyles.com viewpage.php addon for PHP-Nuke allows remote attackers to read arbitrary files via a full pathname in the file parameter. NOTE: This was originally reported as an issue in PHP-Nuke 6.5, but this is an independent addon."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:nukestyles:viewpage:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:phpnuke:nukestyles_viewpage_module:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2018-10-19T15:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1546",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-79"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-03/0219.html",
"name" : "20030314 Guestbook v1.1.3 CSS Vuln",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/7104",
"name" : "7104",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.securitytracker.com/id?1006289",
"name" : "1006289",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/8317",
"name" : "8317",
"refsource" : "SECUNIA",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11540",
"name" : "filebased-guestbook-gbook-xss(11540)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in gbook.php in Filebased guestbook 1.1.3 allows remote attackers to inject arbitrary web script or HTML via the comment section."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:filebased:guestbook:1.1.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : true
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-08-08T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1547",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-79"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/7248",
"name" : "7248",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/8478",
"name" : "8478",
"refsource" : "SECUNIA",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://securityreason.com/securityalert/3718",
"name" : "3718",
"refsource" : "SREASON",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11675",
"name" : "phpnuke-blockforums-subject-xss(11675)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/317230/30/25220/threaded",
"name" : "20030401 Re: PHP-Nuke block-Forums.php subject vulnerabilities",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/316925/30/25250/threaded",
"name" : "20030331 PHP-Nuke block-Forums.php subject vulnerabilities",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in block-Forums.php in the Splatt Forum module for PHP-Nuke 6.x allows remote attackers to inject arbitrary web script or HTML via the subject parameter."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:francisco_burzi:php-nuke:6.5_beta1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:francisco_burzi:php-nuke:6.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : true
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2018-10-19T15:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1548",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-200"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/7126",
"name" : "7126",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securitytracker.com/id?1006308",
"name" : "1006308",
"refsource" : "SECTRACK",
"tags" : [ "Exploit" ]
}, {
"url" : "http://secunia.com/advisories/8320",
"name" : "8320",
"refsource" : "SECUNIA",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://securityreason.com/securityalert/3717",
"name" : "3717",
"refsource" : "SREASON",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11556",
"name" : "myabracadaweb-index-path-disclosure(11556)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/315317/30/25460/threaded",
"name" : "20030317 [SCSA-010] Path Disclosure & Cross Site Scripting Vulnerability in MyABraCaDaWeb",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "MyABraCaDaWeb 1.0.2 and earlier allows remote attackers to obtain sensitive information via an invalid IDAdmin or other parameter, which reveals the installation path in an error message."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:myabracadaweb:myabracadaweb:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "1.0.2",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2018-10-19T15:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1549",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-79"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.security-corporation.com/download/patch/MyABraCaDaWebv1.0.2XSSpatch.zip",
"name" : "http://www.security-corporation.com/download/patch/MyABraCaDaWebv1.0.2XSSpatch.zip",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.webmaster-mag.net/?module=distridoc&idCat=3",
"name" : "http://www.webmaster-mag.net/?module=distridoc&idCat=3",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/7127",
"name" : "7127",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.securitytracker.com/id?1006308",
"name" : "1006308",
"refsource" : "SECTRACK",
"tags" : [ "Exploit" ]
}, {
"url" : "http://secunia.com/advisories/8320",
"name" : "8320",
"refsource" : "SECUNIA",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://securityreason.com/securityalert/3717",
"name" : "3717",
"refsource" : "SREASON",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11557",
"name" : "myabracadaweb-index-makw-xss(11557)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/315317/30/25460/threaded",
"name" : "20030317 [SCSA-010] Path Disclosure & Cross Site Scripting Vulnerability in MyABraCaDaWeb",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in header.php in MyABraCaDaWeb 1.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the ma_kw parameter."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:myabracadaweb:myabracadaweb:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "1.0.2",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : true
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2018-10-19T15:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1550",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-200"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=104820295115420&w=2",
"name" : "20030320 [SCSA-011] Path Disclosure Vulnerability in XOOPS",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://marc.info/?l=bugtraq&m=104887510828106&w=2",
"name" : "20030328 Re: [SCSA-011] Path Disclosure Vulnerability in XOOPS",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.security-corporation.com/index.php?id=advisories&a=011-FR",
"name" : "http://www.security-corporation.com/index.php?id=advisories&a=011-FR",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/7149",
"name" : "7149",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "http://secunia.com/advisories/8353",
"name" : "8353",
"refsource" : "SECUNIA",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11587",
"name" : "xoops-xoopsoption-path-disclosure(11587)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "XOOPS 2.0, and possibly earlier versions, allows remote attackers to obtain sensitive information via an invalid xoopsOption parameter, which reveals the installation path in an error message."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xoops:xoops:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "2.0",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-08-08T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1551",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-noinfo"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://support.novell.com/servlet/tidfinder/2964956",
"name" : "http://support.novell.com/servlet/tidfinder/2964956",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6896",
"name" : "6896",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.securitytracker.com/id?1006171",
"name" : "1006171",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/8133",
"name" : "8133",
"refsource" : "SECUNIA",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11394",
"name" : "groupwise-script-execution(11394)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unspecified vulnerability in Novell GroupWise 6 SP3 WebAccess before Revision F has unknown impact and attack vectors related to \"malicious script.\""
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:novell:groupwise:*:revision_e:*:*:*:*:*:*",
"versionEndIncluding" : "6.0_sp3",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"acInsufInfo" : true,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2017-08-08T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1552",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-264"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11467",
"name" : "uploader-uploads-file-upload(11467)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/313819/30/25640/threaded",
"name" : "20030304 uploader.php script",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/313787/30/25670/threaded",
"name" : "20030304 uploader.php vulnerability",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unrestricted file upload vulnerability in uploader.php in Uploader 1.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:graeme:uploader:1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 6.8
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2018-10-19T15:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1553",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-200"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/7134",
"name" : "7134",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "http://securityreason.com/securityalert/3780",
"name" : "3780",
"refsource" : "SREASON",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11572",
"name" : "sips-user-obtain-information(11572)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/315504/30/25460/threaded",
"name" : "20030318 SIPS (PHP)",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Haakon Nilsen Simple Internet Publishing System (SIPS) 0.2.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain password and other user information via a direct request to a user-specific configuration directory."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sips:sips:0.2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2018-10-19T15:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1554",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-79"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/7235",
"name" : "7235",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.securitytracker.com/id?1006413",
"name" : "1006413",
"refsource" : "SECTRACK",
"tags" : [ "Exploit" ]
}, {
"url" : "http://secunia.com/advisories/8476",
"name" : "8476",
"refsource" : "SECUNIA",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://securityreason.com/securityalert/3781",
"name" : "3781",
"refsource" : "SREASON",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11658",
"name" : "scozbook-add-xss(11658)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/316747/30/25280/threaded",
"name" : "20030329 ScozBook BETA 1.1 vulnerabilities",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in scozbook/add.php in ScozNet ScozBook 1.1 BETA allows remote attackers to inject arbitrary web script or HTML via the (1) username, (2) useremail, (3) aim, (4) msn, (5) sitename and (6) siteaddy variables."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:scoznet:scozbook:1.1_beta:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : true
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2018-10-19T15:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1555",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-200"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/7236",
"name" : "7236",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securitytracker.com/id?1006413",
"name" : "1006413",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/8476",
"name" : "8476",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://securityreason.com/securityalert/3781",
"name" : "3781",
"refsource" : "SREASON",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11659",
"name" : "scozbook-view-path-disclosure(11659)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/316747/30/25280/threaded",
"name" : "20030329 ScozBook BETA 1.1 vulnerabilities",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "ScozNet ScozBook 1.1 BETA allows remote attackers to obtain sensitive information via an invalid PG parameter in view.php, which reveals the installation path in an error message."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:scoznet:scozbook:1.1_beta:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2018-10-19T15:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1556",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-79"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/7237",
"name" : "7237",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://securityreason.com/securityalert/3796",
"name" : "3796",
"refsource" : "SREASON",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/316764/30/25250/threaded",
"name" : "20030329 CGI-City's CCGuestBook Script Injection Vulns",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in cc_guestbook.pl in CGI City CC GuestBook allows remote attackers to inject arbitrary web script or HTML via the (1) name and (2) homepage_title (webpage title) parameters."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:cgi_city:cc_guestbook:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : true
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2018-10-19T15:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1557",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-119"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://marc.info/?l=bugtraq&m=104342896818777&w=2",
"name" : "20030123 SpamAssassin / spamc+BSMTP remote buffer overflow",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6679",
"name" : "6679",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "http://secunia.com/advisories/7983",
"name" : "7983",
"refsource" : "SECUNIA",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11154",
"name" : "spamassassin-spamc-offbyone-bo(11154)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/310212/30/26030/threaded",
"name" : "20030204 Re: GLSA: Mail-SpamAssasin",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/309912/30/26090/threaded",
"name" : "GLSA-200302-01",
"refsource" : "GENTOO",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Off-by-one buffer overflow in spamc of SpamAssassin 2.40 through 2.43, when using BSMTP mode (\"-B\"), allows remote attackers to execute arbitrary code via email containing headers with leading \".\" characters."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:spamassassin:spamassassin:2.42:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:spamassassin:spamassassin:2.43:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:spamassassin:spamassassin:2.40:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:spamassassin:spamassassin:2.41:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "HIGH",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.6
},
"severity" : "HIGH",
"exploitabilityScore" : 4.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2018-10-19T15:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1558",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-119"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.fefe.de/fnord/",
"name" : "http://www.fefe.de/fnord/",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/6635",
"name" : "6635",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "http://secunia.com/advisories/7893",
"name" : "7893",
"refsource" : "SECUNIA",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11121",
"name" : "fnord-httpdc-cgi-bo(11121)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/307400/30/26270/threaded",
"name" : "20030117 GLSA: fnord",
"refsource" : "BUGTRAQ",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in httpd.c of fnord 1.6 allows remote attackers to create a denial of service (crash) and possibly execute arbitrary code via a long CGI request passed to the do_cgi function."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:fefe:fnord:1.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2018-10-19T15:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1559",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-200"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/348360",
"name" : "20031224 IE 5.22 on Mac Transmitting HTTP Referer from Secure Page",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/348574",
"name" : "20031230 RE: IE 5.22 on Mac Transmitting HTTP Referer from Secure Page",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.gadgetopia.com/2003/12/23/OutlookWebAccessPrivacyHole.html",
"name" : "http://www.gadgetopia.com/2003/12/23/OutlookWebAccessPrivacyHole.html",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/9295",
"name" : "9295",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://securityreason.com/securityalert/3989",
"name" : "3989",
"refsource" : "SREASON",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Microsoft Internet Explorer 5.22, and other 5 through 6 SP1 versions, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:6:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:ie:5.22:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2009-01-29T05:28Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1560",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-200"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/348574",
"name" : "20031230 RE: IE 5.22 on Mac Transmitting HTTP Referer from Secure Page",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://securityreason.com/securityalert/4004",
"name" : "4004",
"refsource" : "SREASON",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Netscape 4 sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:netscape:navigator:4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2009-01-29T05:28Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1561",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-200"
}, {
"lang" : "en",
"value" : "NVD-CWE-noinfo"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/348574",
"name" : "20031230 RE: IE 5.22 on Mac Transmitting HTTP Referer from Secure Page",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://securityreason.com/securityalert/4004",
"name" : "4004",
"refsource" : "SREASON",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Opera, probably before 7.50, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:opera:opera:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : true
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2009-01-29T05:28Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1562",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-362"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/320153",
"name" : "20030501 Re: OpenSSH/PAM timing attack allows remote users identification",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/320302",
"name" : "20030501 Re: OpenSSH/PAM timing attack allows remote users identification",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/archive/1/320440",
"name" : "20030505 Re: OpenSSH/PAM timing attack allows remote users identification",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=248747",
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=248747",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/7482",
"name" : "7482",
"refsource" : "BID",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled and using PAM keyboard-interactive authentication, does not insert a delay after a root login attempt with the correct password, which makes it easier for remote attackers to use timing differences to determine if the password step of a multi-step authentication is successful, a different vulnerability than CVE-2003-0190."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openbsd:openssh:1.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openbsd:openssh:1.5.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openbsd:openssh:2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openbsd:openssh:2.5.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openbsd:openssh:2.9.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openbsd:openssh:3.0.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openbsd:openssh:3.0.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openbsd:openssh:3.2.2p1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openbsd:openssh:3.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openbsd:openssh:3.6.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openbsd:openssh:3.6.1p2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openbsd:openssh:3.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openbsd:openssh:3.1p1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openbsd:openssh:2.9.9p2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openbsd:openssh:3.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openbsd:openssh:2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openbsd:openssh:3.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openbsd:openssh:1.2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openbsd:openssh:3.5p1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openbsd:openssh:2.3.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openbsd:openssh:1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openbsd:openssh:3.4p1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openbsd:openssh:1.2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openbsd:openssh:2.9p1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openbsd:openssh:1.2.27:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openbsd:openssh:2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openbsd:openssh:3.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openbsd:openssh:3.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openbsd:openssh:2.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openbsd:openssh:3.0p1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openbsd:openssh:1.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openbsd:openssh:2.9p2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openbsd:openssh:1.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openbsd:openssh:2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openbsd:openssh:3.2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openbsd:openssh:3.0.2p1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openbsd:openssh:2.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openbsd:openssh:3.2.3p1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openbsd:openssh:2.5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openbsd:openssh:3.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openbsd:openssh:1.5.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openbsd:openssh:3.0.1p1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openbsd:openssh:3.6.1p1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openbsd:openssh:2.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:openbsd:openssh:3.3p1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "HIGH",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.6
},
"severity" : "HIGH",
"exploitabilityScore" : 4.9,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-09-05T04:00Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1563",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101393-1",
"name" : "101393",
"refsource" : "SUNALERT",
"tags" : [ ]
}, {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-200810-1",
"name" : "200810",
"refsource" : "SUNALERT",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/9137",
"name" : "9137",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.auscert.org.au/render.html?it=3672",
"name" : "ESB-2003.0843",
"refsource" : "AUSCERT",
"tags" : [ "US Government Resource" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Sun Cluster 2.2 through 3.2 for Oracle Parallel Server / Real Application Clusters (OPS/RAC) allows local users to cause a denial of service (cluster node panic or abort) by launching a daemon listening on a TCP port that would otherwise be used by the Distributed Lock Manager (DLM), possibly involving this daemon responding in a manner that spoofs a cluster reconfiguration."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "AND",
"children" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:cluster:2.2:*:sparc:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ],
"cpe_match" : [ ]
}, {
"operator" : "AND",
"children" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:cluster:3.1:*:sparc:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:cluster:3.0:*:sparc:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ],
"cpe_match" : [ ]
}, {
"operator" : "AND",
"children" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:sun:sunos:5.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:cluster:3.2:*:sparc:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ],
"cpe_match" : [ ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:H/Au:N/C:N/I:N/A:C",
"accessVector" : "LOCAL",
"accessComplexity" : "HIGH",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 4.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 1.9,
"impactScore" : 6.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2018-10-30T16:25Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1564",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-189"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://mail.gnome.org/archives/xml/2008-August/msg00034.html",
"name" : "[xml] 20080820 Security fix for libxml2",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "http://www.reddit.com/r/programming/comments/65843/time_to_upgrade_libxml2",
"name" : "http://www.reddit.com/r/programming/comments/65843/time_to_upgrade_libxml2",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://xmlsoft.org/news.html",
"name" : "http://xmlsoft.org/news.html",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0886.html",
"name" : "RHSA-2008:0886",
"refsource" : "REDHAT",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/31868",
"name" : "31868",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://www.stylusstudio.com/xmldev/200302/post20020.html",
"name" : "[xml-dev] 20030202 Re: Elliotte Rusty Harold on Web Services",
"refsource" : "MLIST",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "libxml2, possibly before 2.5.0, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, aka the \"billion laughs attack.\""
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:1.7.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:1.7.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:1.8.14:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:1.8.16:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:1.8.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.0.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.2.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.2.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.3.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.3.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.3.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.1.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.4.19:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.4.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.3.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.2.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.4.12:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.4.27:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.4.28:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:1.8.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.4.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.4.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.2.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.3.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.3.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.4.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.3.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:1.8.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:1.7.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.3.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:1.7.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:1.8.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.4.17:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.2.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.4.21:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.4.20:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.3.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.4.25:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.4.24:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.4.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.3.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:1.8.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.3.13:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.3.14:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.2.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.2.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.4.13:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:1.7.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.4.18:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.4.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:1.8.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:1.8.13:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.4.26:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.2.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.4.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.4.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.4.15:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.2.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.4.22:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.4.16:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:1.8.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:1.8.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.2.0:beta:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.3.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.4.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:1.8.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.4.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:1.8.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.3.12:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.4.14:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.3.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.2.11:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.4.29:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.4.30:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.4.23:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:xmlsoft:libxml2:2.4.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 9.3
},
"severity" : "HIGH",
"exploitabilityScore" : 8.6,
"impactScore" : 10.0,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : true
}
},
"publishedDate" : "2003-12-31T05:00Z",
"lastModifiedDate" : "2008-10-24T04:30Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1565",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ ]
} ]
},
"references" : {
"reference_data" : [ ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-1565. Reason: This candidate is a duplicate of CVE-2002-1565. Notes: All CVE users should reference CVE-2002-1565 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ ]
},
"impact" : { },
"publishedDate" : "2003-08-27T04:00Z",
"lastModifiedDate" : "2008-09-10T19:24Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1566",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-16"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.osvdb.org/4864",
"name" : "4864",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://archives.neohapsis.com/archives/ntbugtraq/2003-q4/0321.html",
"name" : "20031227 AQ-2003-02: Microsoft IIS Logging Failure",
"refsource" : "NTBUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/9313",
"name" : "9313",
"refsource" : "BID",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.aqtronix.com/Advisories/AQ-2003-02.txt",
"name" : "http://www.aqtronix.com/Advisories/AQ-2003-02.txt",
"refsource" : "MISC",
"tags" : [ "Exploit" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14077",
"name" : "iis-improper-httptrack-logging(14077)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Microsoft Internet Information Services (IIS) 5.0 does not log requests that use the TRACK method, which allows remote attackers to obtain sensitive information without detection."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2009-01-15T00:30Z",
"lastModifiedDate" : "2017-08-08T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1567",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-200"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.osvdb.org/5648",
"name" : "5648",
"refsource" : "OSVDB",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.aqtronix.com/Advisories/AQ-2003-02.txt",
"name" : "http://www.aqtronix.com/Advisories/AQ-2003-02.txt",
"refsource" : "MISC",
"tags" : [ "Exploit" ]
}, {
"url" : "http://archives.neohapsis.com/archives/ntbugtraq/2003-q4/0321.html",
"name" : "20031227 AQ-2003-02: Microsoft IIS Logging Failure",
"refsource" : "NTBUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.kb.cert.org/vuls/id/288308",
"name" : "VU#288308",
"refsource" : "CERT-VN",
"tags" : [ "US Government Resource" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The undocumented TRACK method in Microsoft Internet Information Services (IIS) 5.0 returns the content of the original request in the body of the response, which makes it easier for remote attackers to steal cookies and authentication credentials, or bypass the HttpOnly protection mechanism, by using TRACK to read the contents of the HTTP headers that are returned in the response, a technique that is similar to cross-site tracing (XST) using HTTP TRACE."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 5.8
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 4.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : true
}
},
"publishedDate" : "2009-01-15T00:30Z",
"lastModifiedDate" : "2009-01-16T05:00Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1568",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-20"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://data.goahead.com/Software/Webserver/2.1.8/release.htm#null-pointer-crash-in-webssafeurl",
"name" : "http://data.goahead.com/Software/Webserver/2.1.8/release.htm#null-pointer-crash-in-webssafeurl",
"refsource" : "CONFIRM",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "GoAhead WebServer before 2.1.6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an invalid URL, related to the websSafeUrl function."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:goahead:goahead_webserver:2.1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:goahead:goahead_webserver:2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:goahead_software:goahead_webserver:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "2.1.5",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:goahead_software:goahead_webserver:2.1.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:goahead_software:goahead_webserver:2.1.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:goahead:goahead_webserver:2.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:goahead:goahead_webserver:2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2009-02-06T19:30Z",
"lastModifiedDate" : "2009-02-09T05:00Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1569",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-20"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://data.goahead.com/Software/Webserver/2.1.8/release.htm#windows-95-98-me-aux-denial-of-service",
"name" : "http://data.goahead.com/Software/Webserver/2.1.8/release.htm#windows-95-98-me-aux-denial-of-service",
"refsource" : "CONFIRM",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "GoAhead WebServer before 2.1.5 on Windows 95, 98, and ME allows remote attackers to cause a denial of service (daemon crash) via an HTTP request with a (1) con, (2) nul, (3) clock$, or (4) config$ device name in a path component, different vectors than CVE-2001-0385."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "AND",
"children" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:goahead:goahead_webserver:2.1.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:goahead:goahead_webserver:2.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:goahead:goahead_webserver:2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:goahead:goahead_webserver:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "2.1.4",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:goahead:goahead_webserver:2.1.2:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:goahead:goahead_webserver:2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_95:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_98:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ],
"cpe_match" : [ ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2009-02-06T19:30Z",
"lastModifiedDate" : "2009-02-09T05:00Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1570",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-287"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21375360",
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21375360",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://securitytracker.com/id?1021947",
"name" : "1021947",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/34498",
"name" : "34498",
"refsource" : "SECUNIA",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/34285",
"name" : "34285",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.vupen.com/english/advisories/2009/0881",
"name" : "ADV-2009-0881",
"refsource" : "VUPEN",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1IC37554",
"name" : "IC37554",
"refsource" : "AIXAPAR",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49536",
"name" : "tsm-consolemode-info-disclosure(49536)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The server in IBM Tivoli Storage Manager (TSM) 5.1.x, 5.2.x before 5.2.1.2, and 6.x before 6.1 does not require credentials to observe the server console in some circumstances, which allows remote authenticated administrators to monitor server operations by establishing a console mode session, related to \"session exposure.\""
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:tivoli_storage_manager:5.1.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:tivoli_storage_manager:5.1.6:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:tivoli_storage_manager:5.1.7:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:tivoli_storage_manager:5.1.8:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:tivoli_storage_manager:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:tivoli_storage_manager:5.1.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:tivoli_storage_manager:5.1.9:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:tivoli_storage_manager:5.2.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:tivoli_storage_manager:5.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:tivoli_storage_manager:5.1.10:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:ibm:tivoli_storage_manager:5.2.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "SINGLE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 3.5
},
"severity" : "LOW",
"exploitabilityScore" : 6.8,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2009-03-31T18:24Z",
"lastModifiedDate" : "2017-08-17T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1571",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-264"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=25863",
"name" : "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=25863",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/2492",
"name" : "2492",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/9639",
"name" : "9639",
"refsource" : "SECUNIA",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "https://www.exploit-db.com/exploits/7488",
"name" : "7488",
"refsource" : "EXPLOIT-DB",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Web Wiz Guestbook 6.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database and obtain sensitive information via a direct request for database/WWGguestbook.mdb. NOTE: it was later reported that 8.21 is also affected."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:webwizguide:web_wiz_guestbook:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:webwizguide:web_wiz_guestbook:8.21:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2009-04-02T15:30Z",
"lastModifiedDate" : "2017-10-11T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1572",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-noinfo"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.illegalaccess.org/java/jmf.php",
"name" : "http://www.illegalaccess.org/java/jmf.php",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://archive.cert.uni-stuttgart.de/bugtraq/2003/06/msg00219.html",
"name" : "20030625 Privilege escalation applet, Java Media Framework",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://securitytracker.com/id?1006777",
"name" : "1006777",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F54760",
"name" : "54760",
"refsource" : "SUNALERT",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Sun Java Media Framework (JMF) 2.1.1 through 2.1.1c allows unsigned applets to cause a denial of service (JVM crash) and read or write unauthorized memory locations via the ReadEnv class, as demonstrated by reading environment variables using modified .data and .size fields."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jmf:2.1.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jmf:2.1.1a:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jmf:2.1.1b:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:jmf:2.1.1c:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 9.3
},
"severity" : "HIGH",
"exploitabilityScore" : 8.6,
"impactScore" : 10.0,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : true
}
},
"publishedDate" : "2009-06-01T22:30Z",
"lastModifiedDate" : "2009-06-02T04:00Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1573",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-89"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://secunia.com/advisories/10460",
"name" : "10460",
"refsource" : "SECUNIA",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://securitytracker.com/id?1008491",
"name" : "1008491",
"refsource" : "SECTRACK",
"tags" : [ ]
}, {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2004-01/0148.html",
"name" : "20040118 Proof-Of-Concept Denial-Of-Service Pointbase 4.6 Java SQL-DB",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "http://www.securityfocus.com/bid/9230",
"name" : "9230",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://seclists.org/bugtraq/2003/Dec/0249.html",
"name" : "20031216 J2EE 1.4 reference implementation: database component allows remote code execution",
"refsource" : "BUGTRAQ",
"tags" : [ ]
}, {
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2004-01/0675.html",
"name" : "20040118 Proof-Of-Concept Denial-Of-Service Pointbase 4.6 Java SQL-DB",
"refsource" : "FULLDISC",
"tags" : [ "Exploit" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14883",
"name" : "pointbase-command-execution(14883)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14882",
"name" : "pointbase-information-disclosure(14882)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14881",
"name" : "pointbase-insecure-permissions-dos(14881)",
"refsource" : "XF",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14008",
"name" : "j2ee-pointbase-sql-injection(14008)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to \"inadequate security settings and library bugs in sun.* and org.apache.* packages.\""
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:j2ee:1.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2009-06-01T22:30Z",
"lastModifiedDate" : "2017-08-17T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1574",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-287"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/14170",
"name" : "14170",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "http://sourceforge.net/tracker/index.php?func=detail&aid=748739&group_id=64258&atid=506846",
"name" : "http://sourceforge.net/tracker/index.php?func=detail&aid=748739&group_id=64258&atid=506846",
"refsource" : "CONFIRM",
"tags" : [ "Patch" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40347",
"name" : "tikiwiki-username-security-byass(40347)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "TikiWiki 1.6.1 allows remote attackers to bypass authentication by entering a valid username with an arbitrary password, possibly related to the Internet Explorer \"Remember Me\" feature. NOTE: some of these details are obtained from third party information."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:tiki:tikiwiki_cms\\/groupware:1.6.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : true,
"userInteractionRequired" : false
}
},
"publishedDate" : "2009-08-24T10:30Z",
"lastModifiedDate" : "2017-08-17T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1575",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-264"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-113207-05-1",
"name" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-113207-05-1",
"refsource" : "CONFIRM",
"tags" : [ "Patch" ]
}, {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200161-1",
"name" : "200161",
"refsource" : "SUNALERT",
"tags" : [ "Patch", "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "VERITAS File System (VxFS) 3.3.3, 3.4, and 3.5 before MP1 Rolling Patch 02 for Sun Solaris 2.5.1 through 9 does not properly implement inheritance of default ACLs in certain circumstances related to the characteristics of a directory inode, which allows local users to bypass intended file permissions by accessing a file on a VxFS filesystem."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "AND",
"children" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:symantec:vxfs:3.3.3:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:8.0:*:sparc:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:2.5.1:*:sparc:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:2.6:*:sparc:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:7.0:*:sparc:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ],
"cpe_match" : [ ]
}, {
"operator" : "AND",
"children" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:symantec:vxfs:3.4:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:symantec:vxfs:3.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:8.0:*:sparc:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:7.0:*:sparc:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ],
"cpe_match" : [ ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "LOCAL",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.6
},
"severity" : "MEDIUM",
"exploitabilityScore" : 3.9,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2010-01-28T20:30Z",
"lastModifiedDate" : "2010-01-31T05:00Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1576",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-119"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201231-1",
"name" : "201231",
"refsource" : "SUNALERT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-113105-01-1",
"name" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-113105-01-1",
"refsource" : "CONFIRM",
"tags" : [ "Patch" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Buffer overflow in pamverifier in Change Manager (CM) 1.0 for Sun Management Center (SunMC) 3.0 on Solaris 8 and 9 on the sparc platform allows remote attackers to execute arbitrary code via unspecified vectors."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "AND",
"children" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:change_manager:1.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:a:sun:management_center:3.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:8.0:*:sparc:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ],
"cpe_match" : [ ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"acInsufInfo" : true,
"obtainAllPrivilege" : true,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2010-01-28T20:30Z",
"lastModifiedDate" : "2010-01-31T05:00Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1577",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-79"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201453-1",
"name" : "201453",
"refsource" : "SUNALERT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/archive/1/313867",
"name" : "20030304 Log corruption on multiple webservers, log analyzers,...",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56632",
"name" : "sunone-iplanetlog-xss(56632)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Sun ONE (aka iPlanet) Web Server 4.1 through SP12 and 6.0 through SP5, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files, and conduct cross-site scripting (XSS) attacks involving the iPlanet Log Analyzer, via an HTTP request in conjunction with a crafted DNS response, related to an \"Inverse Lookup Log Corruption (ILLC)\" issue, a different vulnerability than CVE-2002-1315 and CVE-2002-1316."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:one_web_server:4.1:sp5:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:one_web_server:4.1:sp6:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:one_web_server:4.1:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:one_web_server:4.1:sp4:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:one_web_server:4.1:sp11:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:one_web_server:*:sp12:*:*:*:*:*:*",
"versionEndIncluding" : "4.1",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:one_web_server:4.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:one_web_server:4.1:sp7:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:one_web_server:4.1:sp8:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:one_web_server:4.1:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:one_web_server:4.1:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:one_web_server:4.1:sp9:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:one_web_server:4.1:sp10:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:one_web_server:6.0:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:one_web_server:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:one_web_server:6.0:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:one_web_server:6.0:sp4:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:one_web_server:*:sp5:*:*:*:*:*:*",
"versionEndIncluding" : "6.0",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:one_web_server:6.0:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "HIGH",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 2.6
},
"severity" : "LOW",
"exploitabilityScore" : 4.9,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : true
}
},
"publishedDate" : "2010-02-05T22:30Z",
"lastModifiedDate" : "2017-08-17T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1578",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201453-1",
"name" : "201453",
"refsource" : "SUNALERT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/7012",
"name" : "7012",
"refsource" : "BID",
"tags" : [ "Patch" ]
}, {
"url" : "http://www.securityfocus.com/archive/1/313867",
"name" : "20030304 Log corruption on multiple webservers, log analyzers,...",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56633",
"name" : "iplanet-logpreview-security-bypass(56633)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Sun ONE (aka iPlanet) Web Server 4.1 through SP12 and 6.0 through SP5, when DNS resolution is enabled for client IP addresses, allows remote attackers to hide HTTP requests from the log-preview functionality by accompanying the requests with crafted DNS responses specifying a domain name beginning with a \"format=\" substring, related to an \"Inverse Lookup Log Corruption (ILLC)\" issue."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:one_web_server:4.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:one_web_server:4.1:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:one_web_server:4.1:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:one_web_server:4.1:sp9:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:one_web_server:4.1:sp10:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:one_web_server:4.1:sp7:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:one_web_server:4.1:sp8:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:one_web_server:4.1:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:one_web_server:4.1:sp4:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:one_web_server:4.1:sp11:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:one_web_server:*:sp12:*:*:*:*:*:*",
"versionEndIncluding" : "4.1",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:one_web_server:4.1:sp6:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:one_web_server:4.1:sp5:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:one_web_server:*:sp5:*:*:*:*:*:*",
"versionEndIncluding" : "6.0",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:one_web_server:6.0:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:one_web_server:6.0:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:one_web_server:6.0:sp4:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:one_web_server:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:one_web_server:6.0:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2010-02-05T22:30Z",
"lastModifiedDate" : "2017-08-17T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1579",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-189"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/313867",
"name" : "20030304 Log corruption on multiple webservers, log analyzers,...",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Sun ONE (aka iPlanet) Web Server 6 on Windows, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an \"Inverse Lookup Log Corruption (ILLC)\" issue."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "AND",
"children" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:one_web_server:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ],
"cpe_match" : [ ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2010-02-05T22:30Z",
"lastModifiedDate" : "2010-02-08T14:55Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1580",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-189"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/313867",
"name" : "20030304 Log corruption on multiple webservers, log analyzers,...",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an \"Inverse Lookup Log Corruption (ILLC)\" issue."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.44:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2010-02-05T22:30Z",
"lastModifiedDate" : "2010-02-08T05:00Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1581",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-79"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/313867",
"name" : "20030304 Log corruption on multiple webservers, log analyzers,...",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an \"Inverse Lookup Log Corruption (ILLC)\" issue."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:apache:http_server:2.0.44:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "HIGH",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 2.6
},
"severity" : "LOW",
"exploitabilityScore" : 4.9,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : true
}
},
"publishedDate" : "2010-02-05T22:30Z",
"lastModifiedDate" : "2010-02-08T05:00Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1582",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-79"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/313867",
"name" : "20030304 Log corruption on multiple webservers, log analyzers,...",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Microsoft Internet Information Services (IIS) 6.0, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an \"Inverse Lookup Log Corruption (ILLC)\" issue."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:microsoft:internet_information_server:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "HIGH",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 2.6
},
"severity" : "LOW",
"exploitabilityScore" : 4.9,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : true
}
},
"publishedDate" : "2010-02-05T22:30Z",
"lastModifiedDate" : "2019-07-03T17:25Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1583",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-79"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/313867",
"name" : "20030304 Log corruption on multiple webservers, log analyzers,...",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56650",
"name" : "webtrends-domain-name-xss(56650)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in WebTrends allows remote attackers to inject arbitrary web script or HTML via a crafted client domain name, related to an \"Inverse Lookup Log Corruption (ILLC)\" issue."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:webtrends:webtrends_log_analyzer:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : true
}
},
"publishedDate" : "2010-02-05T22:30Z",
"lastModifiedDate" : "2017-08-17T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1584",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-79"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/313867",
"name" : "20030304 Log corruption on multiple webservers, log analyzers,...",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56649",
"name" : "surfstats-domain-name-xss(56649)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in SurfStats allows remote attackers to inject arbitrary web script or HTML via a crafted client domain name, related to an \"Inverse Lookup Log Corruption (ILLC)\" issue."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:surfstats:surfstats:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : true
}
},
"publishedDate" : "2010-02-05T22:30Z",
"lastModifiedDate" : "2017-08-17T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1585",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-79"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/313867",
"name" : "20030304 Log corruption on multiple webservers, log analyzers,...",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56647",
"name" : "weblogexpert-domain-name-xss(56647)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in WebLogExpert allows remote attackers to inject arbitrary web script or HTML via a crafted client domain name, related to an \"Inverse Lookup Log Corruption (ILLC)\" issue."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:alentum:weblog_expert:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : true
}
},
"publishedDate" : "2010-02-05T22:30Z",
"lastModifiedDate" : "2017-08-17T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1586",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-79"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/313867",
"name" : "20030304 Log corruption on multiple webservers, log analyzers,...",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56646",
"name" : "webexpert-useragent-xss(56646)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in WebExpert allows remote attackers to inject arbitrary web script or HTML via a crafted User-Agent HTTP header."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:iplanet:webexpert:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : true
}
},
"publishedDate" : "2010-02-05T22:30Z",
"lastModifiedDate" : "2017-08-17T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1587",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-79"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/archive/1/313867",
"name" : "20030304 Log corruption on multiple webservers, log analyzers,...",
"refsource" : "BUGTRAQ",
"tags" : [ "Exploit" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56645",
"name" : "loganpro-useragent-xss(56645)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Cross-site scripting (XSS) vulnerability in LoganPro allows remote attackers to inject arbitrary web script or HTML via a crafted User-Agent HTTP header."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:iplanet:loganpro:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : true
}
},
"publishedDate" : "2010-02-05T22:30Z",
"lastModifiedDate" : "2017-08-17T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1588",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-255"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201460-1",
"name" : "201460",
"refsource" : "SUNALERT",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56617",
"name" : "suncluster-haoracle-information-disclosure(56617)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Sun Cluster 2.2, when HA-Oracle or HA-Sybase DBMS services are used, stores database credentials in cleartext in a cluster configuration file, which allows local users to obtain sensitive information by reading this file."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:cluster:2.2:*:sparc:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"accessVector" : "LOCAL",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 1.9
},
"severity" : "LOW",
"exploitabilityScore" : 3.4,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2010-02-08T20:30Z",
"lastModifiedDate" : "2017-08-17T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1589",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-noinfo"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201454-1",
"name" : "201454",
"refsource" : "SUNALERT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56616",
"name" : "iplanet-unspecified-dos(56616)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unspecified vulnerability in Sun ONE (aka iPlanet) Web Server 4.1 before SP13 and 6.0 before SP6 on Windows allows attackers to cause a denial of service (daemon crash) via unknown vectors."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "AND",
"children" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:one_web_server:6.0:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:one_web_server:6.0:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:one_web_server:4.1:sp6:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:one_web_server:4.1:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:one_web_server:4.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:one_web_server:4.1:sp10:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:one_web_server:6.0:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:one_web_server:6.0:sp4:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:one_web_server:4.1:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:one_web_server:4.1:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:one_web_server:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:one_web_server:4.1:sp11:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:one_web_server:6.0:sp5:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:one_web_server:4.1:sp5:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:one_web_server:4.1:sp9:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:one_web_server:4.1:sp8:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:one_web_server:4.1:sp7:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:one_web_server:4.1:sp12:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:one_web_server:4.1:sp4:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ],
"cpe_match" : [ ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"acInsufInfo" : true,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2010-02-25T19:30Z",
"lastModifiedDate" : "2017-08-17T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1590",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-noinfo"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-201451-1",
"name" : "201451",
"refsource" : "SUNALERT",
"tags" : [ "Patch", "Vendor Advisory" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56615",
"name" : "sunone-unspecified-dos(56615)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Unspecified vulnerability in Sun ONE (aka iPlanet) Web Server 6.0 SP3 through SP5 on Windows allows remote attackers to cause a denial of service (daemon crash) via unknown vectors."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "AND",
"children" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:one_web_server:6.0:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:one_web_server:6.0:sp4:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:sun:one_web_server:6.0:sp5:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : false,
"cpe23Uri" : "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ],
"cpe_match" : [ ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"acInsufInfo" : true,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2010-02-25T19:30Z",
"lastModifiedDate" : "2017-08-17T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1591",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-noinfo"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1",
"name" : "http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1",
"refsource" : "CONFIRM",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "NWFTPD.nlm in the FTP server in Novell NetWare 6.0 before SP4 and 6.5 before SP1 allows user-assisted remote attackers to cause a denial of service (console hang) via a large number of FTP sessions, which are not properly handled during an NLM unload."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:novell:netware:6.0:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:novell:netware:6.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:novell:netware:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:novell:netware:6.0:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:novell:netware:6.0:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "MEDIUM",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 4.3
},
"severity" : "MEDIUM",
"exploitabilityScore" : 8.6,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : true
}
},
"publishedDate" : "2010-04-05T15:30Z",
"lastModifiedDate" : "2010-06-08T04:00Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1592",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-119"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1",
"name" : "http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1",
"refsource" : "CONFIRM",
"tags" : [ "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "Multiple buffer overflows in NWFTPD.nlm in the FTP server in Novell NetWare 6.0 before SP4 and 6.5 before SP1 allow remote attackers to cause a denial of service (abend) via a long (1) username or (2) password."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "AND",
"children" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:novell:netware_ftp_server:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:novell:netware:6.0:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:novell:netware:6.0:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:novell:netware:6.0:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:novell:netware:6.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:novell:netware:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ],
"cpe_match" : [ ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "PARTIAL",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2010-04-05T15:30Z",
"lastModifiedDate" : "2010-04-06T04:00Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1593",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-264"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1",
"name" : "http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1",
"refsource" : "CONFIRM",
"tags" : [ "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "NWFTPD.nlm in the FTP server in Novell NetWare 6.0 before SP4 and 6.5 before SP1 does not enforce domain-name login restrictions, which allows remote attackers to bypass intended access control via an FTP connection."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "AND",
"children" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:novell:netware_ftp_server:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:novell:netware:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:novell:netware:6.0:sp1:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:novell:netware:6.0:sp2:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:novell:netware:6.0:sp3:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:novell:netware:6.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ],
"cpe_match" : [ ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2010-04-05T15:30Z",
"lastModifiedDate" : "2010-04-06T04:00Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1594",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-264"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1",
"name" : "http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1",
"refsource" : "CONFIRM",
"tags" : [ "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "NWFTPD.nlm before 5.04.05 in the FTP server in Novell NetWare 6.5 does not properly enforce FTPREST.TXT settings, which allows remote attackers to bypass intended access restrictions via an FTP session."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "AND",
"children" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:novell:netware_ftp_server:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:novell:netware:6.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ],
"cpe_match" : [ ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2010-04-05T15:30Z",
"lastModifiedDate" : "2010-04-06T04:00Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1595",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-264"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1",
"name" : "http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1",
"refsource" : "CONFIRM",
"tags" : [ "Vendor Advisory" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "NWFTPD.nlm before 5.04.05 in the FTP server in Novell NetWare 6.5 does not properly perform \"intruder detection,\" which has unspecified impact and attack vectors."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "AND",
"children" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:novell:netware_ftp_server:*:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:novell:netware:6.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ],
"cpe_match" : [ ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"acInsufInfo" : true,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2010-04-05T15:30Z",
"lastModifiedDate" : "2010-04-06T04:00Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1596",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-264"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1",
"name" : "http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1",
"refsource" : "CONFIRM",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "NWFTPD.nlm before 5.03.12 in the FTP server in Novell NetWare does not properly restrict filesystem use by anonymous users with NFS Gateway home directories, which allows remote attackers to bypass intended access restrictions via an FTP session."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "AND",
"children" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:novell:netware_ftp_server:5.01i:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:novell:netware_ftp_server:5.01w:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:novell:netware_ftp_server:5.02y:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:novell:netware_ftp_server:5.01y:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:novell:netware_ftp_server:5.02b:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:novell:netware_ftp_server:5.02i:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:novell:netware_ftp_server:5.02r:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:novell:netware_ftp_server:5.01o:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:novell:netware_ftp_server:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "5.03b",
"cpe_name" : [ ]
} ]
}, {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:novell:netware:6.0:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:novell:netware:5.1:*:*:*:*:*:*:*",
"cpe_name" : [ ]
}, {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:novell:netware:6.5:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ],
"cpe_match" : [ ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2010-04-05T15:30Z",
"lastModifiedDate" : "2010-06-08T04:00Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1598",
"ASSIGNER" : "secalert@redhat.com"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-89"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.kernelpanik.org/docs/kernelpanik/wordpressadv.txt",
"name" : "http://www.kernelpanik.org/docs/kernelpanik/wordpressadv.txt",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://seclists.org/oss-sec/2012/q1/77",
"name" : "[oss-sec] 20120106 Re: CVE-request: WordPress SQL injection and arbitrary code injection (2003)",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "http://secunia.com/advisories/8954/",
"name" : "8954",
"refsource" : "SECUNIA",
"tags" : [ ]
}, {
"url" : "http://www.securityfocus.com/bid/7784",
"name" : "7784",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://osvdb.org/show/osvdb/4610",
"name" : "4610",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12204",
"name" : "wordpress-blogheader-sql-injection(12204)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "SQL injection vulnerability in log.header.php in WordPress 0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the posts variable."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "0.7",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2014-10-01T14:55Z",
"lastModifiedDate" : "2017-08-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1599",
"ASSIGNER" : "secalert@redhat.com"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-94"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.securityfocus.com/bid/7785",
"name" : "7785",
"refsource" : "BID",
"tags" : [ ]
}, {
"url" : "http://www.kernelpanik.org/docs/kernelpanik/wordpressadv.txt",
"name" : "http://www.kernelpanik.org/docs/kernelpanik/wordpressadv.txt",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.osvdb.org/4611",
"name" : "4611",
"refsource" : "OSVDB",
"tags" : [ ]
}, {
"url" : "http://www.openwall.com/lists/oss-security/2012/01/06/3",
"name" : "[oss-security] 20120106 Re: CVE-request: WordPress SQL injection and arbitrary code injection (2003)",
"refsource" : "MLIST",
"tags" : [ "Exploit" ]
}, {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12205",
"name" : "wordpress-linksall-file-include(12205)",
"refsource" : "XF",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "PHP remote file inclusion vulnerability in wp-links/links.all.php in WordPress 0.70 allows remote attackers to execute arbitrary PHP code via a URL in the $abspath variable."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:wordpress:wordpress:0.70:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "PARTIAL",
"availabilityImpact" : "PARTIAL",
"baseScore" : 7.5
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.4,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2014-10-27T20:55Z",
"lastModifiedDate" : "2017-08-29T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1600",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ ]
} ]
},
"references" : {
"reference_data" : [ ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ ]
},
"impact" : { },
"publishedDate" : "2020-11-05T20:15Z",
"lastModifiedDate" : "2020-11-05T20:15Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1601",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ ]
} ]
},
"references" : {
"reference_data" : [ ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ ]
},
"impact" : { },
"publishedDate" : "2020-11-05T20:15Z",
"lastModifiedDate" : "2020-11-05T20:15Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1602",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ ]
} ]
},
"references" : {
"reference_data" : [ ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ ]
},
"impact" : { },
"publishedDate" : "2020-11-05T20:15Z",
"lastModifiedDate" : "2020-11-05T20:15Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1603",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-255"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "https://twitter.com/digitalbond/status/619250429751222277",
"name" : "https://twitter.com/digitalbond/status/619250429751222277",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/",
"name" : "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/",
"refsource" : "MISC",
"tags" : [ ]
}, {
"url" : "http://apps.gehealthcare.com/servlet/ClientServlet/2337093-100.pdf?REQ=RAA&DIRECTION=2337093-100&FILENAME=2337093-100.pdf&FILEREV=1&DOCREV_ORG=1",
"name" : "http://apps.gehealthcare.com/servlet/ClientServlet/2337093-100.pdf?REQ=RAA&DIRECTION=2337093-100&FILENAME=2337093-100.pdf&FILEREV=1&DOCREV_ORG=1",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02",
"name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02",
"refsource" : "MISC",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "GE Healthcare Discovery VH has a default password of (1) interfile for the ftpclient user of the Interfile server or (2) \"2\" for the LOCAL user of the FTP server for the Codonics printer, which has unspecified impact and attack vectors."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:gehealthcare:discovery_vh:-:*:*:*:*:*:*:*",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "COMPLETE",
"integrityImpact" : "COMPLETE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 10.0
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 10.0,
"acInsufInfo" : true,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2015-08-04T14:59Z",
"lastModifiedDate" : "2018-03-28T01:29Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1604",
"ASSIGNER" : "security@debian.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "NVD-CWE-Other"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "http://www.openwall.com/lists/oss-security/2016/01/27/9",
"name" : "[oss-security] 20160127 Re: CVE Request: Linux: NULL pointer dereference netfilter/nf_nat_redirect.c in nf_nat_redirect_ipv4 function",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "http://marc.info/?l=netfilter-devel&m=106668497403047&w=2",
"name" : "[netfilter-devel] 20031020 [PATCH] Fix possible oops in ipt_REDIRECT",
"refsource" : "MLIST",
"tags" : [ ]
}, {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1303072",
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1303072",
"refsource" : "CONFIRM",
"tags" : [ ]
}, {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.html",
"name" : "openSUSE-SU-2016:1008",
"refsource" : "SUSE",
"tags" : [ ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "The redirect_target function in net/ipv4/netfilter/ipt_REDIRECT.c in the Linux kernel before 2.6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by sending packets to an interface that has a 0.0.0.0 IP address, a related issue to CVE-2015-8787."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndIncluding" : "2.5.75",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV3" : {
"cvssV3" : {
"version" : "3.0",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector" : "NETWORK",
"attackComplexity" : "LOW",
"privilegesRequired" : "NONE",
"userInteraction" : "NONE",
"scope" : "UNCHANGED",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "HIGH",
"baseScore" : 7.5,
"baseSeverity" : "HIGH"
},
"exploitabilityScore" : 3.9,
"impactScore" : 3.6
},
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"availabilityImpact" : "COMPLETE",
"baseScore" : 7.8
},
"severity" : "HIGH",
"exploitabilityScore" : 10.0,
"impactScore" : 6.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2016-05-02T10:59Z",
"lastModifiedDate" : "2016-12-01T02:59Z"
}, {
"cve" : {
"data_type" : "CVE",
"data_format" : "MITRE",
"data_version" : "4.0",
"CVE_data_meta" : {
"ID" : "CVE-2003-1605",
"ASSIGNER" : "cve@mitre.org"
},
"problemtype" : {
"problemtype_data" : [ {
"description" : [ {
"lang" : "en",
"value" : "CWE-255"
} ]
} ]
},
"references" : {
"reference_data" : [ {
"url" : "https://curl.haxx.se/docs/CVE-2003-1605.html",
"name" : "https://curl.haxx.se/docs/CVE-2003-1605.html",
"refsource" : "MISC",
"tags" : [ "Vendor Advisory" ]
}, {
"url" : "http://www.securityfocus.com/bid/8432",
"name" : "8432",
"refsource" : "BID",
"tags" : [ "Third Party Advisory", "VDB Entry" ]
} ]
},
"description" : {
"description_data" : [ {
"lang" : "en",
"value" : "curl 7.x before 7.10.7 sends CONNECT proxy credentials to the remote server."
} ]
}
},
"configurations" : {
"CVE_data_version" : "4.0",
"nodes" : [ {
"operator" : "OR",
"children" : [ ],
"cpe_match" : [ {
"vulnerable" : true,
"cpe23Uri" : "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*",
"versionStartIncluding" : "7.1.0",
"versionEndExcluding" : "7.10.7",
"cpe_name" : [ ]
} ]
} ]
},
"impact" : {
"baseMetricV3" : {
"cvssV3" : {
"version" : "3.0",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector" : "NETWORK",
"attackComplexity" : "LOW",
"privilegesRequired" : "NONE",
"userInteraction" : "NONE",
"scope" : "UNCHANGED",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 7.5,
"baseSeverity" : "HIGH"
},
"exploitabilityScore" : 3.9,
"impactScore" : 3.6
},
"baseMetricV2" : {
"cvssV2" : {
"version" : "2.0",
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector" : "NETWORK",
"accessComplexity" : "LOW",
"authentication" : "NONE",
"confidentialityImpact" : "PARTIAL",
"integrityImpact" : "NONE",
"availabilityImpact" : "NONE",
"baseScore" : 5.0
},
"severity" : "MEDIUM",
"exploitabilityScore" : 10.0,
"impactScore" : 2.9,
"obtainAllPrivilege" : false,
"obtainUserPrivilege" : false,
"obtainOtherPrivilege" : false,
"userInteractionRequired" : false
}
},
"publishedDate" : "2018-08-23T19:29Z",
"lastModifiedDate" : "2018-10-15T18:20Z"
} ]
}
Reference in New Issue View Git Blame Copy Permalink