CVE-2003-0615
https://notcve.org/view.php?id=CVE-2003-0615
Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm allows remote attackers to insert web script via a URL that is fed into the form's action parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados en start_form() de CGI.pm permite a atacantes remotos insertar script web mediante una URL que es introducida en parámetro "action" del formulario. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000713 http://marc.info/?l=bugtraq&m=105880349328877&w=2 http://marc.info/?l=bugtraq&m=106018783704468&w=2 http://marc.info/?l=full-disclosure&m=105875211018698&w=2 http://secunia.com/advisories/13638 http://securitytracker.com/id? •
CVE-2003-0190 – OpenSSH/PAM 3.6.1p1 - 'gossh.sh' Remote Users Ident
https://notcve.org/view.php?id=CVE-2003-0190
OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack. OpenSSH-portable (OpenSSH) 3.6.1p1 y anteriores con soporte PAM activado envía inmediatamente un mensaje de error cuando un usuario no existe, lo que permite a atacantes remotos determinar nombres de usuario válidos mediante un ataque de temporización. • https://www.exploit-db.com/exploits/26 https://www.exploit-db.com/exploits/25 https://www.exploit-db.com/exploits/3303 http://lab.mediaservice.net/advisory/2003-01-openssh.txt http://lists.grok.org.uk/pipermail/full-disclosure/2003-April/004815.html http://marc.info/?l=bugtraq&m=105172058404810&w=2 http://marc.info/?l=bugtraq&m=106018677302607&w=2 http://www.redhat.com/support/errata/RHSA-2003-222.html http://www.redhat.com/support/errata/RHSA-2003-224.html • CWE-203: Observable Discrepancy •
CVE-2003-0147
https://notcve.org/view.php?id=CVE-2003-0147
OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal). • ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-014.0.txt ftp://patches.sgi.com/support/free/security/advisories/20030501-01-I http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0130.html http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000625 http://marc.info/?l=bugtraq&m=104766550528628&w=2 http://marc.info/?l=bugtraq&m=104792570615648&w=2 http://marc.info/?l=bugtraq&m=104819602408063&w=2 •
CVE-2002-0985
https://notcve.org/view.php?id=CVE-2002-0985
Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA (e.g. sendmail) in the 5th argument to mail(), altering MTA behavior and possibly executing commands. • ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-008.0.txt http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000545 http://marc.info/?l=bugtraq&m=103011916928204&w=2 http://marc.info/?l=bugtraq&m=105760591228031&w=2 http://www.debian.org/security/2002/dsa-168 http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:082 http://www.novell.com/linux/security/advisories/2002_036_modphp4.html http://www.osvdb.org/2111 http://www.redhat.com/support • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVE-2002-0083 – OpenSSH 2.x/3.0.1/3.0.2 - Channel Code Off-by-One
https://notcve.org/view.php?id=CVE-2002-0083
Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges. Error 'off-by-one' en el código de canal de OpenSSH 2.0 a 3.0.2 permite a usuarios locales o a servidores remotos ganar privilegios. • https://www.exploit-db.com/exploits/21314 ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:13.openssh.asc ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-004.txt.asc ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.10/CSSA-2002-SCO.10.txt ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.11/CSSA-2002-SCO.11.txt http://archives.neohapsis.com/archives/bugtraq/2002-03/0108.html http://archives.neohapsis.com/archives/vulnw • CWE-193: Off-by-one Error •