CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2003-1099
https://notcve.org/view.php?id=CVE-2003-1099
31 Dec 2003 — shar on HP-UX B.11.00, B.11.04, and B.11.11 creates temporary files with predictable names in /tmp, which allows local users to cause a denial of service and possibly execute arbitrary code via a symlink attack. • http://secunia.com/advisories/10339 •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2003-1356
https://notcve.org/view.php?id=CVE-2003-1356
31 Dec 2003 — The "file handling" in sort in HP-UX 10.01 through 10.20, and 11.00 through 11.11 is "incorrect," which allows attackers to gain access or cause a denial of service via unknown vectors. • http://archives.neohapsis.com/archives/hp/2003-q1/0009.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 2CVE-2003-1358 – HP-UX 10.x - rs.F3000 Unauthorized Access
https://notcve.org/view.php?id=CVE-2003-1358
31 Dec 2003 — rs.F300 for HP-UX 10.0 through 11.22 uses the PATH environment variable to find and execute programs such as rm while operating at raised privileges, which allows local users to gain privileges by modifying the path to point to a malicious rm program. • https://www.exploit-db.com/exploits/22248 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 3CVE-2003-1359 – HP-UX 10.x - stmkfont Alternate Typeface Library Buffer Overflow
https://notcve.org/view.php?id=CVE-2003-1359
31 Dec 2003 — Buffer overflow in stmkfont utility of HP-UX 10.0 through 11.22 allows local users to gain privileges via a long command line argument. • https://www.exploit-db.com/exploits/22246 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2003-1362
https://notcve.org/view.php?id=CVE-2003-1362
31 Dec 2003 — Bastille B.02.00.00 of HP-UX 11.00 and 11.11 does not properly configure the (1) NOVRFY and (2) NOEXPN options in the sendmail.cf file, which could allow remote attackers to verify the existence of system users and expand defined sendmail aliases. • http://archives.neohapsis.com/archives/hp/2003-q1/0033.html • CWE-16: Configuration •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 2CVE-2003-1375 – HPUX 10.20/11 Wall Message - Local Buffer Overflow
https://notcve.org/view.php?id=CVE-2003-1375
31 Dec 2003 — Buffer overflow in wall for HP-UX 10.20 through 11.11 may allow local users to execute arbitrary code by calling wall with a large file as an argument. • https://www.exploit-db.com/exploits/22231 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.1EPSS: 0%CPEs: 34EXPL: 0CVE-2003-1437
https://notcve.org/view.php?id=CVE-2003-1437
31 Dec 2003 — BEA WebLogic Express and WebLogic Server 7.0 and 7.0.0.1, stores passwords in plaintext when a keystore is used to store a private key or trust certificate authorities, which allows local users to gain access. • http://dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-25.jsp •
CVSS: 8.2EPSS: 15%CPEs: 58EXPL: 0CVE-2003-0914
https://notcve.org/view.php?id=CVE-2003-0914
02 Dec 2003 — ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote attackers to poison the cache via a malicious name server that returns negative responses with a large TTL (time-to-live) value. ISC BIND 8.3.x antes de 8.3.7, y 8.4.x antes de 8.4.3 permite a atacantes remotos envenenar la cache mediante un servidor de nombres malicioso que devuelve respuestas negativas con un valor TTL (time to live) largo. • ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-003.0/CSSA-2004-003.0.txt •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2003-0089 – HP-UX 11 - Software Distributor Lang Environment Variable Local Buffer Overrun
https://notcve.org/view.php?id=CVE-2003-0089
18 Nov 2003 — Buffer overflow in the Software Distributor utilities for HP-UX B.11.00 and B.11.11 allows local users to execute arbitrary code via a long LANG environment variable to setuid programs such as (1) swinstall and (2) swmodify. Desbordamiento de búfer en los útiles Software Distributor de HP-UX B.11.00 y B.11.11 permite a usuarios locales ejecutar código arbitrario mediante una variable de entorno LANG larga en programas setuid como swinstall y swmodify. • https://www.exploit-db.com/exploits/23343 •
CVSS: 9.8EPSS: 13%CPEs: 105EXPL: 1CVE-2003-0681 – Sendmail 8.12.9 - 'Prescan()' Variant Remote Buffer Overrun
https://notcve.org/view.php?id=CVE-2003-0681
18 Sep 2003 — A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences. Un "desbordamiento de búfer potencial en el análisis de reglas" (ruleset parsing) en Sendmail 8.12.9 cuando se usan los conjuntos de reglas no estándar: (1) receptor, (2) final, o (3) receptores de envoltorio específicos del enviador de correo, tienen consecuencias desconocidas. • https://www.exploit-db.com/exploits/23154 •