Vulnerabilities (CVE)

Filtered by NVD-CWE-Other
Total 29928 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2003-1046 1 Mozilla 1 Bugzilla 2026-06-16 7.5 HIGH N/A
describecomponents.cgi in Bugzilla 2.17.3 and 2.17.4 does not properly verify group membership when bug entry groups are used, which allows remote attackers to list component descriptions for otherwise restricted products.
CVE-2003-1045 1 Mozilla 1 Bugzilla 2026-06-16 5.0 MEDIUM N/A
votes.cgi in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, allows remote attackers to read a user's voting page when that user has voted on a restricted bug, which allows remote attackers to read potentially sensitive voting information by modifying the who parameter.
CVE-2003-1044 1 Mozilla 1 Bugzilla 2026-06-16 7.5 HIGH N/A
editproducts.cgi in Bugzilla 2.16.3 and earlier, when usebuggroups is enabled, does not properly remove group add privileges from a group that is being deleted, which allows users with those privileges to perform unauthorized additions to the next group that is assigned with the original group ID.
CVE-2003-1043 1 Mozilla 1 Bugzilla 2026-06-16 10.0 HIGH N/A
SQL injection vulnerability in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, allows remote authenticated users with editkeywords privileges to execute arbitrary SQL via the id parameter to editkeywords.cgi.
CVE-2003-1042 1 Mozilla 1 Bugzilla 2026-06-16 10.0 HIGH N/A
SQL injection vulnerability in collectstats.pl for Bugzilla 2.16.3 and earlier allows remote authenticated users with editproducts privileges to execute arbitrary SQL via the product name.
CVE-2003-1041 1 Microsoft 2 Ie, Internet Explorer 2026-06-16 7.5 HIGH N/A
Internet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing ".." (dot dot) sequences and a filename that ends in "::" which is treated as a .chm file even if it does not have a .chm extension. NOTE: this bug may overlap CVE-2004-0475.
CVE-2003-1040 1 Linux 1 Linux Kernel 2026-06-16 2.1 LOW N/A
kmod in the Linux kernel does not set its uid, suid, gid, or sgid to 0, which allows local users to cause a denial of service (crash) by sending certain signals to kmod.
CVE-2003-1039 1 Sap 1 Mysap Business Suite 2026-06-16 7.5 HIGH N/A
Multiple buffer overflows in the mySAP.com architecture for SAP allow remote attackers to execute arbitrary code via a long HTTP Host header to (1) Message Server, (2) Web Dispatcher, or (3) Application Server.
CVE-2003-1038 1 Sap 1 Internet Transaction Server 2026-06-16 5.0 MEDIUM N/A
The AGate component for SAP Internet Transaction Server (ITS) allows remote attackers to obtain sensitive information via a ~command parameter with an AgateInstallCheck value, which provides a list of installed DLLs and full pathnames.
CVE-2003-1037 1 Sap 1 Internet Transaction Server 2026-06-16 7.5 HIGH N/A
Format string vulnerability in the WGate component for SAP Internet Transaction Server (ITS) allows remote attackers to execute arbitrary code via a high "trace level."
CVE-2003-1036 1 Sap 1 Internet Transaction Server 2026-06-16 7.5 HIGH N/A
Multiple buffer overflows in the AGate component for SAP Internet Transaction Server (ITS) allow remote attackers to execute arbitrary code via long (1) ~command, (2) ~runtimemode, or (3) ~session parameters, or (4) a long HTTP Content-Type header.
CVE-2003-1035 1 Sap 2 Sap R 3, Sapgui 2026-06-16 7.5 HIGH N/A
The default installation of SAP R/3 46C/D allows remote attackers to bypass account locking by using the RFC API instead of the SAPGUI to conduct a brute force password guessing attack, which does not lock out the account like the SAPGUI does.
CVE-2003-1034 1 Sap 1 Sap Db 2026-06-16 4.6 MEDIUM N/A
The RPM installation of SAP DB 7.x creates the (1) dbmsrv or (2) lserver programs with world-writable permissions, which allows local users to gain privileges by modifying those programs.
CVE-2003-1033 1 Sap 1 Sap Db 2026-06-16 7.2 HIGH N/A
The (1) instdbmsrv and (2) instlserver programs in SAP DB Development Tools 7.x trust the user-provided INSTROOT environment variable as a path when assigning setuid permissions to the lserver program, which allows local users to gain root privileges via a modified INSTROOT that points to a malicious dbmsrv or lserver program.
CVE-2003-1032 1 Pi3 1 Pi3web 2026-06-16 5.0 MEDIUM N/A
Pi3Web web server 2.0.2 Beta 1, when the Directory Index is configured to use the "Name" column and sort using the column title as a hyperlink, allows remote attackers to cause a denial of service (crash) via a malformed URL to the web server, possibly involving a buffer overflow.
CVE-2003-1031 1 Jelsoft 1 Vbulletin 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in register.php for vBulletin 3.0 Beta 2 allows remote attackers to inject arbitrary HTML or web script via optional fields such as (1) "Interests-Hobbies", (2) "Biography", or (3) "Occupation."
CVE-2003-1030 1 Dameware Development 1 Mini Remote Control Server 2026-06-16 7.5 HIGH N/A
Buffer overflow in DameWare Mini Remote Control before 3.73 allows remote attackers to execute arbitrary code via a long pre-authentication request to TCP port 6129.
CVE-2003-1029 1 Lbl 1 Tcpdump 2026-06-16 5.0 MEDIUM N/A
The L2TP protocol parser in tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (infinite loop and memory consumption) via a packet with invalid data to UDP port 1701, which causes l2tp_avp_print to use a bad length value when calling print_octets.
CVE-2003-1028 1 Microsoft 2 Ie, Internet Explorer 2026-06-16 5.0 MEDIUM N/A
The download function of Internet Explorer 6 SP1 allows remote attackers to obtain the cache directory name via an HTTP response with an invalid ContentType and a .htm file, which could allow remote attackers to bypass security mechanisms that rely on random names, as demonstrated by threadid10008.
CVE-2003-1027 1 Microsoft 2 Ie, Internet Explorer 2026-06-16 10.0 HIGH N/A
Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability."