The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date | Fixed Release |
---|---|---|---|---|
CVE-2003-0869 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none | -- | Nov 7, 2023 | n/a |
CVE-2003-0873 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none | -- | Nov 7, 2023 | n/a |
CVE-2003-0917 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none | -- | Nov 7, 2023 | n/a |
CVE-2003-0918 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none | -- | Nov 7, 2023 | n/a |
CVE-2003-0919 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none | -- | Nov 7, 2023 | n/a |
CVE-2003-0920 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none | -- | Nov 7, 2023 | n/a |
CVE-2003-0921 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none | -- | Nov 7, 2023 | n/a |
CVE-2003-0922 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none | -- | Nov 7, 2023 | n/a |
CVE-2003-0923 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none | -- | Nov 7, 2023 | n/a |
CVE-2003-0952 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none | -- | Nov 7, 2023 | n/a |
CVE-2003-0953 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none | -- | Nov 7, 2023 | n/a |
CVE-2003-1217 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none | -- | Nov 7, 2023 | n/a |
CVE-2003-1218 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none | -- | Nov 7, 2023 | n/a |
CVE-2003-1307 | The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server\'s process group and use the server\'s file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server\'s TCP port. NOTE: the PHP developer has disputed this vulnerability, saying \"The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP. | -- | Nov 6, 2023 | n/a |
CVE-2003-1566 | Microsoft Internet Information Services (IIS) 5.0 does not log requests that use the TRACK method, which allows remote attackers to obtain sensitive information without detection. | Medium | Jan 16, 2009 | n/a |
CVE-2003-1567 | The undocumented TRACK method in Microsoft Internet Information Services (IIS) 5.0 returns the content of the original request in the body of the response, which makes it easier for remote attackers to steal cookies and authentication credentials, or bypass the HttpOnly protection mechanism, by using TRACK to read the contents of the HTTP headers that are returned in the response, a technique that is similar to cross-site tracing (XST) using HTTP TRACE. | Medium | Jan 16, 2009 | n/a |
CVE-2003-1568 | GoAhead WebServer before 2.1.6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an invalid URL, related to the websSafeUrl function. | Medium | Feb 9, 2009 | n/a |
CVE-2003-1569 | GoAhead WebServer before 2.1.5 on Windows 95, 98, and ME allows remote attackers to cause a denial of service (daemon crash) via an HTTP request with a (1) con, (2) nul, (3) clock$, or (4) config$ device name in a path component, different vectors than CVE-2001-0385. | Medium | Feb 9, 2009 | n/a |
CVE-2003-1570 | The server in IBM Tivoli Storage Manager (TSM) 5.1.x, 5.2.x before 5.2.1.2, and 6.x before 6.1 does not require credentials to observe the server console in some circumstances, which allows remote authenticated administrators to monitor server operations by establishing a console mode session, related to session exposure. | Low | Apr 8, 2009 | n/a |
CVE-2003-1571 | Web Wiz Guestbook 6.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database and obtain sensitive information via a direct request for database/WWGguestbook.mdb. NOTE: it was later reported that 8.21 is also affected. | Medium | Apr 2, 2009 | n/a |
CVE-2003-1572 | Sun Java Media Framework (JMF) 2.1.1 through 2.1.1c allows unsigned applets to cause a denial of service (JVM crash) and read or write unauthorized memory locations via the ReadEnv class, as demonstrated by reading environment variables using modified .data and .size fields. | High | Jun 2, 2009 | n/a |
CVE-2003-1573 | The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to inadequate security settings and library bugs in sun.* and org.apache.* packages. | High | Jun 2, 2009 | n/a |
CVE-2003-1574 | TikiWiki 1.6.1 allows remote attackers to bypass authentication by entering a valid username with an arbitrary password, possibly related to the Internet Explorer Remember Me feature. NOTE: some of these details are obtained from third party information. | High | Aug 26, 2009 | n/a |
CVE-2003-1575 | VERITAS File System (VxFS) 3.3.3, 3.4, and 3.5 before MP1 Rolling Patch 02 for Sun Solaris 2.5.1 through 9 does not properly implement inheritance of default ACLs in certain circumstances related to the characteristics of a directory inode, which allows local users to bypass intended file permissions by accessing a file on a VxFS filesystem. | Medium | Jan 31, 2010 | n/a |
CVE-2003-1576 | Buffer overflow in pamverifier in Change Manager (CM) 1.0 for Sun Management Center (SunMC) 3.0 on Solaris 8 and 9 on the sparc platform allows remote attackers to execute arbitrary code via unspecified vectors. | High | Jan 31, 2010 | n/a |
CVE-2003-1577 | Sun ONE (aka iPlanet) Web Server 4.1 through SP12 and 6.0 through SP5, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files, and conduct cross-site scripting (XSS) attacks involving the iPlanet Log Analyzer, via an HTTP request in conjunction with a crafted DNS response, related to an Inverse Lookup Log Corruption (ILLC) issue, a different vulnerability than CVE-2002-1315 and CVE-2002-1316. | Low | Feb 8, 2010 | n/a |
CVE-2003-1578 | Sun ONE (aka iPlanet) Web Server 4.1 through SP12 and 6.0 through SP5, when DNS resolution is enabled for client IP addresses, allows remote attackers to hide HTTP requests from the log-preview functionality by accompanying the requests with crafted DNS responses specifying a domain name beginning with a format= substring, related to an Inverse Lookup Log Corruption (ILLC) issue. | Medium | Feb 8, 2010 | n/a |
CVE-2003-1579 | Sun ONE (aka iPlanet) Web Server 6 on Windows, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an Inverse Lookup Log Corruption (ILLC) issue. | Medium | Feb 8, 2010 | n/a |
CVE-2003-1580 | The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, uses a logging format that does not identify whether a dotted quad represents an unresolved IP address, which allows remote attackers to spoof IP addresses via crafted DNS responses containing numerical top-level domains, as demonstrated by a forged 123.123.123.123 domain name, related to an Inverse Lookup Log Corruption (ILLC) issue. | Medium | Feb 8, 2010 | n/a |
CVE-2003-1581 | The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an Inverse Lookup Log Corruption (ILLC) issue. | Low | Feb 8, 2010 | n/a |
CVE-2003-1582 | Microsoft Internet Information Services (IIS) 6.0, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files via an HTTP request in conjunction with a crafted DNS response, as demonstrated by injecting XSS sequences, related to an Inverse Lookup Log Corruption (ILLC) issue. | Low | Feb 8, 2010 | n/a |
CVE-2003-1583 | Cross-site scripting (XSS) vulnerability in WebTrends allows remote attackers to inject arbitrary web script or HTML via a crafted client domain name, related to an Inverse Lookup Log Corruption (ILLC) issue. | Medium | Feb 8, 2010 | n/a |
CVE-2003-1584 | Cross-site scripting (XSS) vulnerability in SurfStats allows remote attackers to inject arbitrary web script or HTML via a crafted client domain name, related to an Inverse Lookup Log Corruption (ILLC) issue. | Medium | Feb 8, 2010 | n/a |
CVE-2003-1585 | Cross-site scripting (XSS) vulnerability in WebLogExpert allows remote attackers to inject arbitrary web script or HTML via a crafted client domain name, related to an Inverse Lookup Log Corruption (ILLC) issue. | Medium | Feb 8, 2010 | n/a |
CVE-2003-1586 | Cross-site scripting (XSS) vulnerability in WebExpert allows remote attackers to inject arbitrary web script or HTML via a crafted User-Agent HTTP header. | Medium | Feb 8, 2010 | n/a |
CVE-2003-1587 | Cross-site scripting (XSS) vulnerability in LoganPro allows remote attackers to inject arbitrary web script or HTML via a crafted User-Agent HTTP header. | Medium | Feb 8, 2010 | n/a |
CVE-2003-1588 | Sun Cluster 2.2, when HA-Oracle or HA-Sybase DBMS services are used, stores database credentials in cleartext in a cluster configuration file, which allows local users to obtain sensitive information by reading this file. | Low | Feb 9, 2010 | n/a |
CVE-2003-1589 | Unspecified vulnerability in Sun ONE (aka iPlanet) Web Server 4.1 before SP13 and 6.0 before SP6 on Windows allows attackers to cause a denial of service (daemon crash) via unknown vectors. | Medium | Feb 26, 2010 | n/a |
CVE-2003-1590 | Unspecified vulnerability in Sun ONE (aka iPlanet) Web Server 6.0 SP3 through SP5 on Windows allows remote attackers to cause a denial of service (daemon crash) via unknown vectors. | Medium | Feb 26, 2010 | n/a |
CVE-2003-1591 | NWFTPD.nlm in the FTP server in Novell NetWare 6.0 before SP4 and 6.5 before SP1 allows user-assisted remote attackers to cause a denial of service (console hang) via a large number of FTP sessions, which are not properly handled during an NLM unload. | Medium | Apr 5, 2010 | n/a |
CVE-2003-1592 | Multiple buffer overflows in NWFTPD.nlm in the FTP server in Novell NetWare 6.0 before SP4 and 6.5 before SP1 allow remote attackers to cause a denial of service (abend) via a long (1) username or (2) password. | Medium | Apr 6, 2010 | n/a |
CVE-2003-1593 | NWFTPD.nlm in the FTP server in Novell NetWare 6.0 before SP4 and 6.5 before SP1 does not enforce domain-name login restrictions, which allows remote attackers to bypass intended access control via an FTP connection. | High | Apr 6, 2010 | n/a |
CVE-2003-1594 | NWFTPD.nlm before 5.04.05 in the FTP server in Novell NetWare 6.5 does not properly enforce FTPREST.TXT settings, which allows remote attackers to bypass intended access restrictions via an FTP session. | High | Apr 6, 2010 | n/a |
CVE-2003-1595 | NWFTPD.nlm before 5.04.05 in the FTP server in Novell NetWare 6.5 does not properly perform intruder detection, which has unspecified impact and attack vectors. | High | Apr 6, 2010 | n/a |
CVE-2003-1596 | NWFTPD.nlm before 5.03.12 in the FTP server in Novell NetWare does not properly restrict filesystem use by anonymous users with NFS Gateway home directories, which allows remote attackers to bypass intended access restrictions via an FTP session. | High | Apr 6, 2010 | n/a |
CVE-2003-1598 | SQL injection vulnerability in log.header.php in WordPress 0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the posts variable. | High | Oct 2, 2014 | n/a |
CVE-2003-1599 | PHP remote file inclusion vulnerability in wp-links/links.all.php in WordPress 0.70 allows remote attackers to execute arbitrary PHP code via a URL in the $abspath variable. | High | Oct 28, 2014 | n/a |
CVE-2003-1600 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none | -- | Nov 7, 2023 | n/a |
CVE-2003-1601 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none | -- | Nov 7, 2023 | n/a |
CVE-2003-1602 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none | -- | Nov 7, 2023 | n/a |