Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.0

    MEDIUM
    CVE-2003-0748

    Directory traversal vulnerability in wgate.dll for SAP Internet Transaction Server (ITS) 4620.2.0.323011 allows remote attackers to read arbitrary files via ..\ (dot-dot backslash) sequences in the ~theme parameter and a ~template parameter with a filenam... Read more

    Affected Products : internet_transaction_server
    • Published: Oct. 20, 2003
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2003-0630

    Multiple buffer overflows in the atari800.svgalib setuid program of the Atari 800 emulator (atari800) before 1.2.2 allow local users to gain privileges via long command line arguments, as demonstrated with the -osa_rom argument.... Read more

    Affected Products : atari800
    • Published: Oct. 20, 2003
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2003-0734

    Unknown vulnerability in the pam_filter mechanism in pam_ldap before version 162, when LDAP based authentication is being used, allows users to bypass host-based access restrictions and log onto the system.... Read more

    Affected Products : pam_ldap
    • Published: Oct. 20, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-0737

    The calendar module in phpWebSite 0.9.x and earlier allows remote attackers to obtain the full pathname of phpWebSite via an invalid year, which generates an error from localtime() in TimeZone.php of the Pear library.... Read more

    Affected Products : phpwebsite
    • Published: Oct. 20, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0664

    Microsoft Word 2002, 2000, 97, and 98(J) does not properly check certain properties of a document, which allows attackers to bypass the macro security model and automatically execute arbitrary macros via a malicious document.... Read more

    Affected Products : word works
    • Published: Oct. 20, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0708

    Format string vulnerability in LinuxNode (node) before 0.3.2 may allow attackers to cause a denial of service or execute arbitrary code.... Read more

    Affected Products : linuxnode
    • Published: Oct. 20, 2003
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2003-0733

    Multiple cross-site scripting (XSS) vulnerabilities in WebLogic Integration 7.0 and 2.0, Liquid Data 1.1, and WebLogic Server and Express 5.1 through 7.0, allow remote attackers to execute arbitrary web script and steal authentication credentials via (1) ... Read more

    • Published: Oct. 20, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0754

    nphpd.php in newsPHP 216 and earlier allows remote attackers to bypass authentication via an HTTP request with a modified nphp_users array, which is used for authentication.... Read more

    Affected Products : newsphp
    • Published: Oct. 20, 2003
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2003-0731

    CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows the guest user to gain administrative privileges via a certain POST request to com.cisco.nm.cmf.servlet.CsAuthServlet, possibly involving the "cmd" parameter with a modifyUser value and ... Read more

    • Published: Oct. 20, 2003
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2003-1062

    Unknown vulnerability in the sysinfo system call for Solaris for SPARC 2.6 through 9, and Solaris for x86 2.6, 7, and 8, allows local users to read kernel memory.... Read more

    Affected Products : solaris sunos
    • Published: Oct. 15, 2003
    • Modified: Apr. 03, 2025

  • 1.2

    LOW
    CVE-2003-1061

    Race condition in Solaris 2.6 through 9 allows local users to cause a denial of service (kernel panic), as demonstrated via the namefs function, pipe, and certain STREAMS routines.... Read more

    Affected Products : solaris sunos
    • Published: Oct. 14, 2003
    • Modified: Apr. 03, 2025

  • 9.8

    CRITICAL
    CVE-2003-0791

    The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and earlier allows attackers to execute native methods by modifying the string used as input to the script.thaw JavaScript function, which is then deserialized and executed.... Read more

    Affected Products : mozilla openserver
    • Published: Oct. 07, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0785

    ipmasq before 3.5.12, in certain configurations, may forward packets to the external interface even if the packets are not associated with an established connection, which could allow remote attackers to bypass intended filtering.... Read more

    Affected Products : ipmasq
    • Published: Oct. 06, 2003
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2003-0783

    Multiple buffer overflows in hztty 2.0 allow local users to gain root privileges.... Read more

    Affected Products : hztty
    • Published: Oct. 06, 2003
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2003-0697

    Format string vulnerability in lpd in the bos.rte.printers fileset for AIX 4.3 through 5.2, with debug enabled, allows local users to cause a denial of service (crash) or gain root privileges.... Read more

    Affected Products : aix
    • Published: Oct. 06, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0680

    Unknown vulnerability in NFS for SGI IRIX 6.5.21 and earlier may allow an NFS client to bypass read-only restrictions.... Read more

    Affected Products : irix
    • Published: Oct. 06, 2003
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2003-0742

    SCO Internet Manager (mana) allows local users to execute arbitrary programs by setting the REMOTE_ADDR environment variable to cause menu.mana to run as if it were called from ncsa_httpd, then modifying the PATH environment variable to point to a malicio... Read more

    Affected Products : openserver
    • Published: Oct. 06, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-0827

    The DB2 Discovery Service for IBM DB2 before FixPak 10a allows remote attackers to cause a denial of service (crash) via a long packet to UDP port 523.... Read more

    Affected Products : db2_universal_database
    • Published: Oct. 06, 2003
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2003-0784

    Format string vulnerability in tsm for the bos.rte.security fileset on AIX 5.2 allows remote attackers to gain root privileges via login, and local users to gain privileges via login, su, or passwd, with a username that contains format string specifiers.... Read more

    Affected Products : aix
    • Published: Oct. 06, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0692

    KDM in KDE 3.1.3 and earlier uses a weak session cookie generation algorithm that does not provide 128 bits of entropy, which allows attackers to guess session cookies via brute force methods and gain access to the user session.... Read more

    Affected Products : kde
    • Published: Oct. 06, 2003
    • Modified: Apr. 03, 2025
Showing 20 of 293633 Results