ID: CVE-2003-1132 |
Title: The DNS server for Cisco Content Service Switch (CSS) 11000 and 11500, when prompted for a nonexistent AAAA record, responds with response code 3 (NXDOMAIN or "Name Error") instead of response code 0 ("No Error"), which allows remote attackers to... |
Type: Hardware |
Bulletins:
CVE-2003-1132 |
Severity: Medium |
Description: The DNS server for Cisco Content Service Switch (CSS) 11000 and 11500, when prompted for a nonexistent AAAA record, responds with response code 3 (NXDOMAIN or "Name Error") instead of response code 0 ("No Error"), which allows remote attackers to cause a denial of service (inaccessible domain) by forcing other DNS servers to send and cache a request for a AAAA record to the vulnerable server. | ||||
Applies to: Cisco CSS 11100 Content Services Switch Series Content Services Switch 11500 |
Created: 2003-12-31 |
Updated: 2020-08-14 |
ID: CVE-2003-1398 |
Title: Cisco IOS 12.0 through 12.2, when IP routing is disabled, accepts false ICMP redirect messages, which allows remote attackers to cause a denial of service (network routing modification). |
Type: Hardware |
Bulletins:
CVE-2003-1398 SFBID6823 |
Severity: High |
Description: Cisco IOS 12.0 through 12.2, when IP routing is disabled, accepts false ICMP redirect messages, which allows remote attackers to cause a denial of service (network routing modification). | ||||
Applies to: |
Created: 2003-12-31 |
Updated: 2020-08-14 |
ID: CVE-2003-1490 |
Title: SonicWall Pro running firmware 6.4.0.1 allows remote attackers to cause a denial of service (device reset) via a long HTTP POST to the internal interface, possibly due to a buffer overflow. |
Type: Hardware |
Bulletins:
CVE-2003-1490 SFBID7435 |
Severity: High |
Description: SonicWall Pro running firmware 6.4.0.1 allows remote attackers to cause a denial of service (device reset) via a long HTTP POST to the internal interface, possibly due to a buffer overflow. | ||||
Applies to: SonicWall Firewall Pro 100 SonicWall Firewall Pro 200 SonicWall Firewall Pro 300 |
Created: 2003-12-31 |
Updated: 2020-08-14 |
ID: CVE-2003-1497 |
Title: Buffer overflow in the system log viewer of Linksys BEFSX41 1.44.3 allows remote attackers to cause a denial of service via an HTTP request with a long Log_Page_Num variable. |
Type: Hardware |
Bulletins:
CVE-2003-1497 SFBID8834 |
Severity: Medium |
Description: Buffer overflow in the system log viewer of Linksys BEFSX41 1.44.3 allows remote attackers to cause a denial of service via an HTTP request with a long Log_Page_Num variable. | ||||
Applies to: BEFSX41 |
Created: 2003-12-31 |
Updated: 2020-08-14 |
ID: CVE-2003-1264 |
Title: TFTP server in Longshine Wireless Access Point (WAP) LCS-883R-AC-B, and in D-Link DI-614+ 2.0 which is based on it, allows remote attackers to obtain the WEP secret and gain administrator privileges by downloading the configuration file (config.img)... |
Type: Hardware |
Bulletins:
CVE-2003-1264 SFBID6533 |
Severity: Medium |
Description: TFTP server in Longshine Wireless Access Point (WAP) LCS-883R-AC-B, and in D-Link DI-614+ 2.0 which is based on it, allows remote attackers to obtain the WEP secret and gain administrator privileges by downloading the configuration file (config.img) and other files without authentication. | ||||
Applies to: DI-614+B |
Created: 2003-12-31 |
Updated: 2020-08-14 |
ID: CVE-2003-1346 |
Title: D-Link wireless access point DWL-900AP+ 2.2, 2.3 and possibly 2.5 allows remote attackers to set factory default settings by upgrading the firmware using AirPlus Access Point Manager. |
Type: Hardware |
Bulletins:
CVE-2003-1346 SFBID6609 |
Severity: High |
Description: D-Link wireless access point DWL-900AP+ 2.2, 2.3 and possibly 2.5 allows remote attackers to set factory default settings by upgrading the firmware using AirPlus Access Point Manager. | ||||
Applies to: DWL-900AP+B |
Created: 2003-12-31 |
Updated: 2020-08-14 |
ID: CVE-2003-0795 |
Title: zebra/Quagga versions older than 0.96.4 |
Type: Services |
Bulletins:
CVE-2003-0795 SFBID9029 |
Severity: Medium |
Description: zebra/Quagga versions older than 0.96.4 are vulnerable to a denial of service. | ||||
Applies to: |
Created: 2003-11-12 |
Updated: 2010-08-21 |
ID: CVE-2003-0511 |
Title: The web server for Cisco Aironet AP1x00 Series Wireless devices running certain versions of IOS 12.2 allow remote attackers to cause a denial of service (reload) via a malformed URL. |
Type: Hardware |
Bulletins:
CVE-2003-0511 |
Severity: Medium |
Description: The web server for Cisco Aironet AP1x00 Series Wireless devices running certain versions of IOS 12.2 allow remote attackers to cause a denial of service (reload) via a malformed URL. | ||||
Applies to: |
Created: 2003-08-27 |
Updated: 2020-08-14 |
ID: CVE-2003-0512 |
Title: Cisco IOS 12.2 and earlier generates a "% Login invalid" message instead of prompting for a password when an invalid username is provided, which allows remote attackers to identify valid usernames on the system and conduct brute force password... |
Type: Hardware |
Bulletins:
CVE-2003-0512 |
Severity: Medium |
Description: Cisco IOS 12.2 and earlier generates a "% Login invalid" message instead of prompting for a password when an invalid username is provided, which allows remote attackers to identify valid usernames on the system and conduct brute force password guessing, as reported for the Aironet Bridge. | ||||
Applies to: |
Created: 2003-08-27 |
Updated: 2020-08-14 |
ID: CVE-2003-0647 |
Title: Buffer overflow in the HTTP server for Cisco IOS 12.2 and earlier allows remote attackers to execute arbitrary code via an extremely long (2GB) HTTP GET request. |
Type: Hardware |
Bulletins:
CVE-2003-0647 |
Severity: High |
Description: Buffer overflow in the HTTP server for Cisco IOS 12.2 and earlier allows remote attackers to execute arbitrary code via an extremely long (2GB) HTTP GET request. | ||||
Applies to: |
Created: 2003-08-27 |
Updated: 2020-08-14 |
ID: SFBID8062 |
Title: Abyss Web server Bufferoverflow |
Type: Miscellaneous |
Bulletins:
SFBID8062 |
Severity: High |
Description: A security vulnerability exists in Abyss Web Server. A heap overrun takes place due to insufficient bounds checking of data supplied via client HTTP GET requests. In such case random code can be executed with the privileges of the web server. This vulnerability affects Abyss Web Server version 1.1.2. Later versions may also be affected. Abyss Web Server version 1.1.6 does is not prone to such a vulnerability thus users are advised to upgrade to such a version. | ||||
Applies to: Abyss Web Server |
Created: 2003-06-30 |
Updated: 2010-08-21 |
ID: CVE-2003-0305 |
Title: The Service Assurance Agent (SAA) in Cisco IOS 12.0 through 12.2, aka Response Time Reporter (RTR), allows remote attackers to cause a denial of service (crash) via malformed RTR packets to port 1967. |
Type: Hardware |
Bulletins:
CVE-2003-0305 |
Severity: Medium |
Description: The Service Assurance Agent (SAA) in Cisco IOS 12.0 through 12.2, aka Response Time Reporter (RTR), allows remote attackers to cause a denial of service (crash) via malformed RTR packets to port 1967. | ||||
Applies to: |
Created: 2003-06-09 |
Updated: 2020-08-14 |
ID: CVE-2003-0216 |
Title: Unknown vulnerability in Cisco Catalyst 7.5(1) allows local users to bypass authentication and gain access to the enable mode without a password. |
Type: Hardware |
Bulletins:
CVE-2003-0216 |
Severity: High |
Description: Unknown vulnerability in Cisco Catalyst 7.5(1) allows local users to bypass authentication and gain access to the enable mode without a password. | ||||
Applies to: |
Created: 2003-05-12 |
Updated: 2020-08-14 |
ID: CVE-2002-1426 |
Title: HP ProCurve Switch 4000M C.07.23 allows remote attackers to cause a denial of service (crash) via an SNMP write request containing 85 characters, possibly triggering a buffer overflow. |
Type: Hardware |
Bulletins:
CVE-2002-1426 SFBID5336 |
Severity: High |
Description: HP ProCurve Switch 4000M C.07.23 allows remote attackers to cause a denial of service (crash) via an SNMP write request containing 85 characters, possibly triggering a buffer overflow. | ||||
Applies to: Procurve Switch 4000m |
Created: 2003-04-11 |
Updated: 2020-08-14 |
ID: CVE-2002-1547 |
Title: Netscreen running ScreenOS 4.0.0r6 and earlier allows remote attackers to cause a denial of service via a malformed SSH packet to the Secure Command Shell (SCS) management interface, as demonstrated via certain CRC32 exploits, a different... |
Type: Hardware |
Bulletins:
CVE-2002-1547 |
Severity: Medium |
Description: Netscreen running ScreenOS 4.0.0r6 and earlier allows remote attackers to cause a denial of service via a malformed SSH packet to the Secure Command Shell (SCS) management interface, as demonstrated via certain CRC32 exploits, a different vulnerability than CVE-2001-0144. | ||||
Applies to: |
Created: 2003-03-31 |
Updated: 2020-08-14 |
ID: CVE-2003-0161 |
Title: Sendmail is older than 8.12.9 |
Type: |
Bulletins:
CVE-2003-0161 |
Severity: Low |
Description: Sendmail is a Mail Transport Agent included in all the Red Hat Linux distributions. A security flaw was discovered in the handling of DNS maps in Sendmail 8.12 versions before 8.12.9. A remote attacker will be able to crash the instance of Sendmail dealing with the request.In case version 8.12.9 is not available, a patch should be installed. The patch and PGP signature can be downloaded from a link given in: http://www.sendmail.org/patchps.html. Check the PGP signature using either: gpg -verify prescan.tar.gz.uu.asc prescan.tar.gz.uuorpgp prescan.tar.gz.uu.asc prescan.tar.gz.uuThen unpack the patches using the following command:uudecode -p < prescan.tar.gz.uu | gunzip -c | tar -xf -Then apply the appropriate patch to your version of the Sendmail source code:cd sendmail-8.12.8/sendmailpatch < prescan.VERSION.patchIf version older than 8.12.8 was installed, make sure you install the previous patches. Recompile sendmail and install the new binary. | ||||
Applies to: Sendmail |
Created: 2003-03-29 |
Updated: 2010-08-21 |
ID: CVE-2003-0100 |
Title: Buffer overflow in Cisco IOS 11.2.x to 12.0.x allows remote attackers to cause a denial of service and possibly execute commands via a large number of OSPF neighbor announcements. |
Type: Hardware |
Bulletins:
CVE-2003-0100 SFBID6895 |
Severity: High |
Description: Buffer overflow in Cisco IOS 11.2.x to 12.0.x allows remote attackers to cause a denial of service and possibly execute commands via a large number of OSPF neighbor announcements. | ||||
Applies to: |
Created: 2003-03-03 |
Updated: 2020-08-14 |
ID: CVE-2002-1337 |
Title: Remote Buffer Overflow in Sendmail |
Type: |
Bulletins:
CVE-2002-1337 SFBID6991 |
Severity: Low |
Description: Sendmail version 5.79 to 8.12.7 are vulnerable to a buffer overflow, allowing attackers to execute their own code on the target via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function, which is found in headers.c. A newer version of Sendmail 8.12.8 exists, which contains a fix for this critical security problem. | ||||
Applies to: Sendmail |
Created: 2003-03-02 |
Updated: 2010-08-21 |