Input Validation に分類される脆弱性に紐づく CVE を、公開年で絞り込みます。一覧は新しい公開が上に来る並びで、CVSS / EPSS のリスク指標でもさらに絞り込めます。
直近の脆弱性公開や傾向を押さえ、セキュリティチームが高リスクな事象や悪用の可能性を素早く把握するためのビューです。
2003 年に公開され、Input Validation に分類される CVE を表示しています。 CVE の一覧へ
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2003-1538 | susehelp in SuSE Linux 8.1, Enterprise Server 8, Office Server, and Openexchange Server 4 does not properly filter shell metacharacters, which allows remote attackers to execute arbitrary commands via CGI queries. | 6.4 | 0.45% | 2003-12-31 | 2026-04-16 |
| CVE-2003-1490 | SonicWall Pro running firmware 6.4.0.1 allows remote attackers to cause a denial of service (device reset) via a long HTTP POST to the internal interface, possibly due to a buffer overflow. | 7.8 | 0.50% | 2003-12-31 | 2026-04-16 |
| CVE-2003-1488 | The (1) verif_admin.php and (2) check_admin.php scripts in Truegalerie 1.0 allow remote attackers to gain administrator access via a request to admin.php without the connect parameter and with the loggedin parameter set to any value, such as 1. | 6.4 | 5.87% | 2003-12-31 | 2026-04-16 |
| CVE-2003-1487 | Multiple "command injection" vulnerabilities in Phorum 3.4 through 3.4.2 allow remote attackers to execute arbitrary commands and modify the Phorum configuration files via the (1) UserAdmin program, (2) Edit user profile, or (3) stats program. | 10.0 | 7.93% | 2003-12-31 | 2026-04-16 |
| CVE-2003-1485 | Clearswift MAILsweeper 4.0 through 4.3.7 allows remote attackers to bypass filtering via a file attachment that contains "multiple extensions combined with large blocks of white space." | 5.0 | 0.16% | 2003-12-31 | 2026-04-16 |
| CVE-2003-1471 | MDaemon POP server 6.0.7 and earlier allows remote authenticated users to cause a denial of service (crash) via a (1) DELE or (2) UIDL with a negative number. | 6.3 | 0.64% | 2003-12-31 | 2026-04-16 |
| CVE-2003-1463 | Absolute path traversal vulnerability in Alt-N Technologies WebAdmin 2.0.0 through 2.0.2 allows remote attackers with administrator privileges to (1) determine the installation path by reading the contents of the Name parameter in a link, and (2) read arbitrary files via an absolute path in the Name parameter. | 3.5 | 5.48% | 2003-12-31 | 2026-04-16 |
| CVE-2003-1456 | Album.pl 6.1 allows remote attackers to execute arbitrary commands, when an alternative configuration file is used, via unknown attack vectors. | 5.0 | 4.12% | 2003-12-31 | 2026-04-16 |
| CVE-2003-1450 | BitchX 75p3 and 1.0c16 through 1.0c20cvs allows remote attackers to cause a denial of service (segmentation fault) via a malformed RPL_NAMREPLY numeric 353 message. | 5.0 | 8.92% | 2003-12-31 | 2026-04-16 |
| CVE-2003-1444 | Kaspersky Antivirus (KAV) 4.0.9.0 allows local users to cause a denial of service (CPU consumption or crash) and prevent malicious code from being detected via a file with a long pathname. | 4.4 | 0.05% | 2003-12-31 | 2026-04-16 |
| CVE-2003-1443 | Kaspersky Antivirus (KAV) 4.0.9.0 does not detect viruses in files with MS-DOS device names in their filenames, which allows local users to bypass virus protection, as demonstrated using aux.vbs and aux.com. | 4.4 | 0.05% | 2003-12-31 | 2026-04-16 |
| CVE-2003-1441 | Posadis 0.50.4 through 0.50.8 allows remote attackers to cause a denial of service (crash) via a DNS message without a question section, which triggers null dereference. | 4.3 | 0.82% | 2003-12-31 | 2026-04-16 |
| CVE-2003-1440 | SpamProbe 0.8a allows remote attackers to cause a denial of service (crash) via HTML e-mail with newline characters within an href tag, which is not properly handled by certain regular expressions. | 4.3 | 0.82% | 2003-12-31 | 2026-04-16 |
| CVE-2003-1425 | guestbook.cgi in cPanel 5.0 allows remote attackers to execute arbitrary commands via the template parameter. | 10.0 | 4.17% | 2003-12-31 | 2026-04-16 |
| CVE-2003-1419 | Netscape 7.0 allows remote attackers to cause a denial of service (crash) via a web page with an invalid regular expression argument to the JavaScript reformatDate function. | 4.3 | 5.16% | 2003-12-31 | 2026-04-16 |
| CVE-2003-1416 | BisonFTP Server 4 release 2 allows remote attackers to cause a denial of service (CPU consumption) via a long (1) ls or (2) cwd command. | 4.3 | 0.68% | 2003-12-31 | 2026-04-16 |
| CVE-2003-1405 | DotBr 0.1 allows remote attackers to execute arbitrary shell commands via the cmd parameter to (1) exec.php3 or (2) system.php3. | 7.5 | 10.48% | 2003-12-31 | 2026-04-16 |
| CVE-2003-1403 | foo.php3 in DotBr 0.1 allows remote attackers to obtain sensitive information via a direct request, which calls the phpinfo function. | 7.5 | 0.73% | 2003-12-31 | 2026-04-16 |
| CVE-2003-1402 | PHP remote file inclusion vulnerability in hit.php for Kietu 2.0 and 2.3 allows remote attackers to execute arbitrary PHP code via the url_hit parameter, a different vulnerability than CVE-2006-5015. | 7.5 | 0.88% | 2003-12-31 | 2026-04-16 |
| CVE-2003-1365 | The escape_dangerous_chars function in CGI::Lite 2.0 and earlier does not correctly remove special characters including (1) "\" (backslash), (2) "?", (3) "~" (tilde), (4) "^" (carat), (5) newline, or (6) carriage return, which could allow remote attackers to read or write arbitrary files, or execute arbitrary commands, in shell scripts that rely on CGI::Lite to filter such dangerous inputs. | 5.0 | 0.49% | 2003-12-31 | 2026-04-16 |