Shodan
Vulnerabilities
Vulnerable Software
Microsoft:  >> Windows 2003 Server  >> r2  Security Vulnerabilities
CVE-2003-0717
The Messenger Service for Windows NT through Server 2003 does not properly verify the length of the message, which allows remote attackers to execute arbitrary code via a buffer overflow attack.
CVSS Score
7.5
EPSS Score
0.813
Published
2003-11-17
CVE-2003-0839
Directory traversal vulnerability in the "Shell Folders" capability in Microsoft Windows Server 2003 allows remote attackers to read arbitrary files via .. (dot dot) sequences in a "shell:" link.
CVSS Score
5.0
EPSS Score
0.313
Published
2003-11-17
CVE-2003-0661
The NetBT Name Service (NBNS) for NetBIOS in Windows NT 4.0, 2000, XP, and Server 2003 may include random memory in a response to a NBNS query, which could allow remote attackers to obtain sensitive information.
CVSS Score
5.0
EPSS Score
0.336
Published
2003-10-20
CVE-2003-0528
Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed RPC request with a long filename parameter, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0715.
CVSS Score
10.0
EPSS Score
0.621
Published
2003-09-17
CVE-2003-0715
Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed DCERPC DCOM object activation request packet with modified length fields, a different vulnerability than CVE-2003-0352 (Blaster/Nachi) and CVE-2003-0528.
CVSS Score
10.0
EPSS Score
0.621
Published
2003-09-17
CVE-2003-0352
Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message, as exploited by the Blaster/MSblast/LovSAN and Nachi/Welchia worms.
CVSS Score
7.5
EPSS Score
0.906
Published
2003-08-18
CVE-2003-0469
Buffer overflow in the HTML Converter (HTML32.cnv) on various Windows operating systems allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via cut-and-paste operation, as demonstrated in Internet Explorer 5.0 using a long "align" argument in an HR tag.
CVSS Score
7.5
EPSS Score
0.716
Published
2003-08-07
CVE-2002-2189
Cross-site scripting (XSS) vulnerability in ActiveXperts Software ActiveWebserver allows remote attackers to execute arbitrary web script via a link.
CVSS Score
5.1
EPSS Score
0.121
Published
2002-12-31


Products
Pricing
Contact Us

Shodan ® - All rights reserved