| ID: CVE-2003-1490 |
Title: SonicWall Pro running firmware 6.4.0.1 allows remote attackers to cause a denial of service (device reset) via a long HTTP POST to the internal interface, possibly due to a buffer overflow. |
Type: Hardware |
Bulletins:
CVE-2003-1490 SFBID7435 |
Severity: High |
| Description: SonicWall Pro running firmware 6.4.0.1 allows remote attackers to cause a denial of service (device reset) via a long HTTP POST to the internal interface, possibly due to a buffer overflow. | ||||
| Applies to: SonicWall Firewall Pro 100 SonicWall Firewall Pro 200 SonicWall Firewall Pro 300 |
Created: 2003-12-31 |
Updated: 2018-05-18 |
||
| ID: CVE-2003-1497 |
Title: Buffer overflow in the system log viewer of Linksys BEFSX41 1.44.3 allows remote attackers to cause a denial of service via an HTTP request with a long Log_Page_Num variable. |
Type: Hardware |
Bulletins:
CVE-2003-1497 SFBID8834 |
Severity: Medium |
| Description: Buffer overflow in the system log viewer of Linksys BEFSX41 1.44.3 allows remote attackers to cause a denial of service via an HTTP request with a long Log_Page_Num variable. | ||||
| Applies to: BEFSX41 |
Created: 2003-12-31 |
Updated: 2018-05-18 |
||
| ID: CVE-2003-1264 |
Title: TFTP server in Longshine Wireless Access Point (WAP) LCS-883R-AC-B, and in D-Link DI-614+ 2.0 which is based on it, allows remote attackers to obtain the WEP secret and gain administrator privileges by downloading the configuration file (config.img)... |
Type: Hardware |
Bulletins:
CVE-2003-1264 SFBID6533 |
Severity: Medium |
| Description: TFTP server in Longshine Wireless Access Point (WAP) LCS-883R-AC-B, and in D-Link DI-614+ 2.0 which is based on it, allows remote attackers to obtain the WEP secret and gain administrator privileges by downloading the configuration file (config.img) and other files without authentication. | ||||
| Applies to: DI-614+B |
Created: 2003-12-31 |
Updated: 2018-05-18 |
||
| ID: CVE-2003-1346 |
Title: D-Link wireless access point DWL-900AP+ 2.2, 2.3 and possibly 2.5 allows remote attackers to set factory default settings by upgrading the firmware using AirPlus Access Point Manager. |
Type: Hardware |
Bulletins:
CVE-2003-1346 SFBID6609 |
Severity: High |
| Description: D-Link wireless access point DWL-900AP+ 2.2, 2.3 and possibly 2.5 allows remote attackers to set factory default settings by upgrading the firmware using AirPlus Access Point Manager. | ||||
| Applies to: DWL-900AP+B |
Created: 2003-12-31 |
Updated: 2018-05-18 |
||
| ID: CVE-2003-1109 |
Title: The Session Initiation Protocol (SIP) implementation in multiple Cisco products including IP Phone models 7940 and 7960, IOS versions in the 12.2 train, and Secure PIX 5.2.9 to 6.2.2 allows remote attackers to cause a denial of service and possibly... |
Type: Hardware |
Bulletins:
CVE-2003-1109 SFBID6904 |
Severity: High |
| Description: The Session Initiation Protocol (SIP) implementation in multiple Cisco products including IP Phone models 7940 and 7960, IOS versions in the 12.2 train, and Secure PIX 5.2.9 to 6.2.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite. | ||||
| Applies to: |
Created: 2003-12-31 |
Updated: 2018-05-18 |
||
| ID: CVE-2003-1132 |
Title: The DNS server for Cisco Content Service Switch (CSS) 11000 and 11500, when prompted for a nonexistent AAAA record, responds with response code 3 (NXDOMAIN or "Name Error") instead of response code 0 ("No Error"), which allows remote attackers to... |
Type: Hardware |
Bulletins:
CVE-2003-1132 |
Severity: Medium |
| Description: The DNS server for Cisco Content Service Switch (CSS) 11000 and 11500, when prompted for a nonexistent AAAA record, responds with response code 3 (NXDOMAIN or "Name Error") instead of response code 0 ("No Error"), which allows remote attackers to cause a denial of service (inaccessible domain) by forcing other DNS servers to send and cache a request for a AAAA record to the vulnerable server. | ||||
| Applies to: Cisco CSS 11100 Content Services Switch Series Content Services Switch 11500 |
Created: 2003-12-31 |
Updated: 2018-05-18 |
||
| ID: CVE-2003-1398 |
Title: Cisco IOS 12.0 through 12.2, when IP routing is disabled, accepts false ICMP redirect messages, which allows remote attackers to cause a denial of service (network routing modification). |
Type: Hardware |
Bulletins:
CVE-2003-1398 SFBID6823 |
Severity: High |
| Description: Cisco IOS 12.0 through 12.2, when IP routing is disabled, accepts false ICMP redirect messages, which allows remote attackers to cause a denial of service (network routing modification). | ||||
| Applies to: |
Created: 2003-12-31 |
Updated: 2018-05-18 |
||
| ID: CVE-2003-0851 |
Title: OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences. |
Type: Hardware |
Bulletins:
CVE-2003-0851 SFBID8970 |
Severity: Medium |
| Description: OpenSSL 0.9.6k allows remote attackers to cause a denial of service (crash via large recursion) via malformed ASN.1 sequences. | ||||
| Applies to: |
Created: 2003-12-01 |
Updated: 2018-05-18 |
||
| ID: MITRE:675 |
Title: oval:org.mitre.oval:def:675: MS Excel 97 Malicious Macro Security Bypass Vulnerability |
Type: Software |
Bulletins:
MITRE:675 CVE-2003-0821 |
Severity: Low |
| Description: Microsoft Excel 97, 2000, and 2002 allows remote attackers to execute arbitrary code via a spreadsheet with a malicious XLM (Excel 4) macro that bypasses the macro security model. | ||||
| Applies to: Microsoft Excel 97 |
Created: 2003-11-19 |
Updated: 2016-02-19 |
||
| ID: MITRE:585 |
Title: oval:org.mitre.oval:def:585: MS Word 97 Macro Names Buffer Overflow |
Type: Software |
Bulletins:
MITRE:585 CVE-2003-0820 |
Severity: Low |
| Description: Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites 2001 through 2004, do not properly check the length of the "Macro names" data value, which could allow remote attackers to execute arbitrary code via a buffer overflow attack. | ||||
| Applies to: Microsoft Word 97 |
Created: 2003-11-19 |
Updated: 2016-02-19 |
||
| ID: MITRE:586 |
Title: oval:org.mitre.oval:def:586: MS Word 98 Macro Names Buffer Overflow |
Type: Software |
Bulletins:
MITRE:586 CVE-2003-0820 |
Severity: Low |
| Description: Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites 2001 through 2004, do not properly check the length of the "Macro names" data value, which could allow remote attackers to execute arbitrary code via a buffer overflow attack. | ||||
| Applies to: Microsoft Word 98 |
Created: 2003-11-19 |
Updated: 2016-02-19 |
||
| ID: CVE-2003-0795 |
Title: zebra/Quagga versions older than 0.96.4 |
Type: Services |
Bulletins:
CVE-2003-0795 SFBID9029 |
Severity: Medium |
| Description: zebra/Quagga versions older than 0.96.4 are vulnerable to a denial of service. | ||||
| Applies to: |
Created: 2003-11-12 |
Updated: 2010-08-21 |
||
| ID: CVE-2003-0511 |
Title: The web server for Cisco Aironet AP1x00 Series Wireless devices running certain versions of IOS 12.2 allow remote attackers to cause a denial of service (reload) via a malformed URL. |
Type: Hardware |
Bulletins:
CVE-2003-0511 |
Severity: Medium |
| Description: The web server for Cisco Aironet AP1x00 Series Wireless devices running certain versions of IOS 12.2 allow remote attackers to cause a denial of service (reload) via a malformed URL. | ||||
| Applies to: |
Created: 2003-08-27 |
Updated: 2018-05-18 |
||
| ID: CVE-2003-0512 |
Title: Cisco IOS 12.2 and earlier generates a "% Login invalid" message instead of prompting for a password when an invalid username is provided, which allows remote attackers to identify valid usernames on the system and conduct brute force password... |
Type: Hardware |
Bulletins:
CVE-2003-0512 |
Severity: Medium |
| Description: Cisco IOS 12.2 and earlier generates a "% Login invalid" message instead of prompting for a password when an invalid username is provided, which allows remote attackers to identify valid usernames on the system and conduct brute force password guessing, as reported for the Aironet Bridge. | ||||
| Applies to: |
Created: 2003-08-27 |
Updated: 2018-05-18 |
||
| ID: CVE-2003-0647 |
Title: Buffer overflow in the HTTP server for Cisco IOS 12.2 and earlier allows remote attackers to execute arbitrary code via an extremely long (2GB) HTTP GET request. |
Type: Hardware |
Bulletins:
CVE-2003-0647 |
Severity: High |
| Description: Buffer overflow in the HTTP server for Cisco IOS 12.2 and earlier allows remote attackers to execute arbitrary code via an extremely long (2GB) HTTP GET request. | ||||
| Applies to: |
Created: 2003-08-27 |
Updated: 2018-05-18 |
||
| ID: CVE-2003-0567 |
Title: Cisco IOS 11.x and 12.0 through 12.2 allows remote attackers to cause a denial of service (traffic block) by sending a particular sequence of IPv4 packets to an interface on the device, causing the input queue on that interface to be marked as full. |
Type: Hardware |
Bulletins:
CVE-2003-0567 |
Severity: High |
| Description: Cisco IOS 11.x and 12.0 through 12.2 allows remote attackers to cause a denial of service (traffic block) by sending a particular sequence of IPv4 packets to an interface on the device, causing the input queue on that interface to be marked as full. | ||||
| Applies to: Cisco ONS 15454 Multiservice Transport Platform |
Created: 2003-08-18 |
Updated: 2018-05-18 |
||
| ID: MITRE:141 |
Title: oval:org.mitre.oval:def:141: Microsoft Internet Explorer MIME Hack |
Type: Web |
Bulletins:
MITRE:141 CVE-2001-0154 |
Severity: Low |
| Description: HTML e-mail feature in Internet Explorer 5.5 and earlier allows attackers to execute attachments by setting an unusual MIME type for the attachment, which Internet Explorer does not process correctly. | ||||
| Applies to: Microsoft Internet Explorer |
Created: 2003-07-18 |
Updated: 2016-02-19 |
||
| ID: SFBID8062 |
Title: Abyss Web server Bufferoverflow |
Type: Miscellaneous |
Bulletins:
SFBID8062 |
Severity: High |
| Description: A security vulnerability exists in Abyss Web Server. A heap overrun takes place due to insufficient bounds checking of data supplied via client HTTP GET requests. In such case random code can be executed with the privileges of the web server. This vulnerability affects Abyss Web Server version 1.1.2. Later versions may also be affected. Abyss Web Server version 1.1.6 does is not prone to such a vulnerability thus users are advised to upgrade to such a version. | ||||
| Applies to: Abyss Web Server |
Created: 2003-06-30 |
Updated: 2010-08-21 |
||
| ID: CVE-2003-0305 |
Title: The Service Assurance Agent (SAA) in Cisco IOS 12.0 through 12.2, aka Response Time Reporter (RTR), allows remote attackers to cause a denial of service (crash) via malformed RTR packets to port 1967. |
Type: Hardware |
Bulletins:
CVE-2003-0305 |
Severity: Medium |
| Description: The Service Assurance Agent (SAA) in Cisco IOS 12.0 through 12.2, aka Response Time Reporter (RTR), allows remote attackers to cause a denial of service (crash) via malformed RTR packets to port 1967. | ||||
| Applies to: |
Created: 2003-06-09 |
Updated: 2018-05-18 |
||
| ID: CVE-2003-0258 |
Title: Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 3.5.x through 4.0.REL, when enabling IPSec over TCP for a port on the concentrator, allow remote attackers to reach the private network without authentication. |
Type: Hardware |
Bulletins:
CVE-2003-0258 |
Severity: High |
| Description: Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 3.5.x through 4.0.REL, when enabling IPSec over TCP for a port on the concentrator, allow remote attackers to reach the private network without authentication. | ||||
| Applies to: Cisco VPN 3015 Concentrator Cisco VPN 3030 Concentrator Cisco VPN 3060 Concentrator Cisco VPN 3080 Concentrator Cisco Vpn 3005 Concentrator |
Created: 2003-05-27 |
Updated: 2018-05-18 |
||
| ID: CVE-2003-0259 |
Title: Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 2.x.x through 3.6.7 allows remote attackers to cause a denial of service (reload) via a malformed SSH initialization packet. |
Type: Hardware |
Bulletins:
CVE-2003-0259 |
Severity: Medium |
| Description: Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 2.x.x through 3.6.7 allows remote attackers to cause a denial of service (reload) via a malformed SSH initialization packet. | ||||
| Applies to: Cisco VPN 3015 Concentrator Cisco VPN 3030 Concentrator Cisco VPN 3060 Concentrator Cisco VPN 3080 Concentrator Cisco Vpn 3005 Concentrator |
Created: 2003-05-27 |
Updated: 2018-05-18 |
||
| ID: CVE-2003-0260 |
Title: Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 2.x.x through 3.6.7A allow remote attackers to cause a denial of service (slowdown and possibly reload) via a flood of malformed ICMP packets. |
Type: Hardware |
Bulletins:
CVE-2003-0260 |
Severity: Medium |
| Description: Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client 2.x.x through 3.6.7A allow remote attackers to cause a denial of service (slowdown and possibly reload) via a flood of malformed ICMP packets. | ||||
| Applies to: Cisco VPN 3015 Concentrator Cisco VPN 3030 Concentrator Cisco VPN 3060 Concentrator Cisco VPN 3080 Concentrator Cisco Vpn 3005 Concentrator |
Created: 2003-05-27 |
Updated: 2018-05-18 |
||
| ID: CVE-2003-0216 |
Title: Unknown vulnerability in Cisco Catalyst 7.5(1) allows local users to bypass authentication and gain access to the enable mode without a password. |
Type: Hardware |
Bulletins:
CVE-2003-0216 |
Severity: High |
| Description: Unknown vulnerability in Cisco Catalyst 7.5(1) allows local users to bypass authentication and gain access to the enable mode without a password. | ||||
| Applies to: |
Created: 2003-05-12 |
Updated: 2018-05-18 |
||
| ID: CVE-2002-1426 |
Title: HP ProCurve Switch 4000M C.07.23 allows remote attackers to cause a denial of service (crash) via an SNMP write request containing 85 characters, possibly triggering a buffer overflow. |
Type: Hardware |
Bulletins:
CVE-2002-1426 SFBID5336 |
Severity: High |
| Description: HP ProCurve Switch 4000M C.07.23 allows remote attackers to cause a denial of service (crash) via an SNMP write request containing 85 characters, possibly triggering a buffer overflow. | ||||
| Applies to: Procurve Switch 4000m |
Created: 2003-04-11 |
Updated: 2018-05-18 |
||
| ID: CVE-2002-1547 |
Title: Netscreen running ScreenOS 4.0.0r6 and earlier allows remote attackers to cause a denial of service via a malformed SSH packet to the Secure Command Shell (SCS) management interface, as demonstrated via certain CRC32 exploits, a different... |
Type: Hardware |
Bulletins:
CVE-2002-1547 |
Severity: Medium |
| Description: Netscreen running ScreenOS 4.0.0r6 and earlier allows remote attackers to cause a denial of service via a malformed SSH packet to the Secure Command Shell (SCS) management interface, as demonstrated via certain CRC32 exploits, a different vulnerability than CVE-2001-0144. | ||||
| Applies to: |
Created: 2003-03-31 |
Updated: 2018-05-18 |
||
| ID: CVE-2002-1553 |
Title: Cisco ONS15454 and ONS15327 running ONS before 3.4 allows remote attackers to modify the system configuration and delete files by establishing an FTP connection to the TCC, TCC+ or XTC using a username and password that does not exist. |
Type: Hardware |
Bulletins:
CVE-2002-1553 SFBID6076 |
Severity: High |
| Description: Cisco ONS15454 and ONS15327 running ONS before 3.4 allows remote attackers to modify the system configuration and delete files by establishing an FTP connection to the TCC, TCC+ or XTC using a username and password that does not exist. | ||||
| Applies to: Cisco ONS 15327 SONET Multiservice Platform Cisco ONS 15454 Multiservice Transport Platform |
Created: 2003-03-31 |
Updated: 2018-05-18 |
||
| ID: CVE-2002-1554 |
Title: Cisco ONS15454 and ONS15327 running ONS before 3.4 stores usernames and passwords in cleartext in the image database for the TCC, TCC+ or XTC, which could allow attackers to gain privileges by obtaining the passwords from the image database or a backup. |
Type: Hardware |
Bulletins:
CVE-2002-1554 SFBID6078 |
Severity: Medium |
| Description: Cisco ONS15454 and ONS15327 running ONS before 3.4 stores usernames and passwords in cleartext in the image database for the TCC, TCC+ or XTC, which could allow attackers to gain privileges by obtaining the passwords from the image database or a backup. | ||||
| Applies to: Cisco ONS 15327 SONET Multiservice Platform Cisco ONS 15454 Multiservice Transport Platform |
Created: 2003-03-31 |
Updated: 2018-05-18 |
||
| ID: CVE-2002-1555 |
Title: Cisco ONS15454 and ONS15327 running ONS before 3.4 uses a "public" SNMP community string that cannot be changed, which allows remote attackers to obtain sensitive information. |
Type: Hardware |
Bulletins:
CVE-2002-1555 SFBID6081 |
Severity: Medium |
| Description: Cisco ONS15454 and ONS15327 running ONS before 3.4 uses a "public" SNMP community string that cannot be changed, which allows remote attackers to obtain sensitive information. | ||||
| Applies to: Cisco ONS 15327 SONET Multiservice Platform Cisco ONS 15454 Multiservice Transport Platform |
Created: 2003-03-31 |
Updated: 2018-05-18 |
||
| ID: CVE-2002-1556 |
Title: Cisco ONS15454 and ONS15327 running ONS before 3.4 allows attackers to cause a denial of service (reset) via an HTTP request to the TCC, TCC+ or XTC, in which the request contains an invalid CORBA Interoperable Object Reference (IOR). |
Type: Hardware |
Bulletins:
CVE-2002-1556 SFBID6084 |
Severity: Medium |
| Description: Cisco ONS15454 and ONS15327 running ONS before 3.4 allows attackers to cause a denial of service (reset) via an HTTP request to the TCC, TCC+ or XTC, in which the request contains an invalid CORBA Interoperable Object Reference (IOR). | ||||
| Applies to: Cisco ONS 15327 SONET Multiservice Platform Cisco ONS 15454 Multiservice Transport Platform |
Created: 2003-03-31 |
Updated: 2018-05-18 |
||
| ID: CVE-2002-1557 |
Title: Cisco ONS15454 and ONS15327 running ONS before 3.4 allows attackers to cause a denial of service (reset to TCC, TCC+, TCCi or XTC) via a malformed HTTP request that does not contain a leading / (slash) character. |
Type: Hardware |
Bulletins:
CVE-2002-1557 SFBID6082 |
Severity: Medium |
| Description: Cisco ONS15454 and ONS15327 running ONS before 3.4 allows attackers to cause a denial of service (reset to TCC, TCC+, TCCi or XTC) via a malformed HTTP request that does not contain a leading / (slash) character. | ||||
| Applies to: Cisco ONS 15327 SONET Multiservice Platform Cisco ONS 15454 Multiservice Transport Platform |
Created: 2003-03-31 |
Updated: 2018-05-18 |
||
| ID: CVE-2002-1558 |
Title: Cisco ONS15454 and ONS15327 running ONS before 3.4 have an account for the VxWorks Operating System in the TCC, TCC+ and XTC that cannot be changed or disabled, which allows remote attackers to gain privileges by connecting to the account via Telnet. |
Type: Hardware |
Bulletins:
CVE-2002-1558 SFBID6083 |
Severity: High |
| Description: Cisco ONS15454 and ONS15327 running ONS before 3.4 have an account for the VxWorks Operating System in the TCC, TCC+ and XTC that cannot be changed or disabled, which allows remote attackers to gain privileges by connecting to the account via Telnet. | ||||
| Applies to: Cisco ONS 15327 SONET Multiservice Platform Cisco ONS 15454 Multiservice Transport Platform |
Created: 2003-03-31 |
Updated: 2018-05-18 |
||
| ID: CVE-2003-0161 |
Title: Sendmail is older than 8.12.9 |
Type: |
Bulletins:
CVE-2003-0161 |
Severity: High |
| Description: Sendmail is a Mail Transport Agent included in all the Red Hat Linux distributions. A security flaw was discovered in the handling of DNS maps in Sendmail 8.12 versions before 8.12.9. A remote attacker will be able to crash the instance of Sendmail dealing with the request.In case version 8.12.9 is not available, a patch should be installed. The patch and PGP signature can be downloaded from a link given in: http://www.sendmail.org/patchps.html. Check the PGP signature using either: gpg -verify prescan.tar.gz.uu.asc prescan.tar.gz.uuorpgp prescan.tar.gz.uu.asc prescan.tar.gz.uuThen unpack the patches using the following command:uudecode -p < prescan.tar.gz.uu | gunzip -c | tar -xf -Then apply the appropriate patch to your version of the Sendmail source code:cd sendmail-8.12.8/sendmailpatch < prescan.VERSION.patchIf version older than 8.12.8 was installed, make sure you install the previous patches. Recompile sendmail and install the new binary. | ||||
| Applies to: Sendmail |
Created: 2003-03-29 |
Updated: 2010-08-21 |
||
| ID: CVE-2003-0100 |
Title: Buffer overflow in Cisco IOS 11.2.x to 12.0.x allows remote attackers to cause a denial of service and possibly execute commands via a large number of OSPF neighbor announcements. |
Type: Hardware |
Bulletins:
CVE-2003-0100 SFBID6895 |
Severity: High |
| Description: Buffer overflow in Cisco IOS 11.2.x to 12.0.x allows remote attackers to cause a denial of service and possibly execute commands via a large number of OSPF neighbor announcements. | ||||
| Applies to: |
Created: 2003-03-03 |
Updated: 2018-05-18 |
||
| ID: CVE-2002-1337 |
Title: Remote Buffer Overflow in Sendmail |
Type: |
Bulletins:
CVE-2002-1337 SFBID6991 |
Severity: High |
| Description: Sendmail version 5.79 to 8.12.7 are vulnerable to a buffer overflow, allowing attackers to execute their own code on the target via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function, which is found in headers.c. A newer version of Sendmail 8.12.8 exists, which contains a fix for this critical security problem. | ||||
| Applies to: Sendmail |
Created: 2003-03-02 |
Updated: 2010-08-21 |
||
