Total
29527 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2003-1258 | 1 Versatilebulletinboard | 1 Versatilebulletinboard | 2008-09-05 | 7.5 HIGH | N/A |
| activate.php in versatileBulletinBoard (vBB) 0.9.5 and 0.9.6 allows remote attackers to gain unauthorized administrative access via a URL request with the uid parameter set to the webmaster uid. | |||||
| CVE-2003-1283 | 1 Kazaa | 1 Kazaa Media Desktop | 2008-09-05 | 7.5 HIGH | N/A |
| KaZaA Media Desktop (KMD) 2.0 launches advertisements in the Internet Explorer (IE) local security zone, which could allow remote attackers to view local files and possibly execute arbitrary code. | |||||
| CVE-2003-1238 | 1 Nuked-klan | 1 Nuked-klan | 2008-09-05 | 5.8 MEDIUM | N/A |
| Cross-site scripting vulnerability (XSS) in Nuked-Klan 1.3 beta and earlier allows remote attackers to steal authentication information via cookies by injecting arbitrary HTML or script into op of the (1) Team, (2) News, and (3) Liens modules. | |||||
| CVE-2003-1125 | 1 Sun | 1 One Directory Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in ns-ldapd for Sun ONE Directory Server 4.16, 5.0, and 5.1 allows LDAP clients to cause a denial of service (service halt). | |||||
| CVE-2003-1260 | 1 Globalscape | 1 Cuteftp | 2008-09-05 | 7.6 HIGH | N/A |
| Buffer overflow in CuteFTP 5.0 allows remote attackers to execute arbitrary code via a long response to a LIST command. | |||||
| CVE-2003-1268 | 1 Urlogy | 1 A.shop.kart | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in (1) addcustomer.asp, (2) addprod.asp, and (3) process.asp in a.shopKart 2.0.3 allow remote attackers to execute arbitrary SQL and obtain sensitive information via the zip, state, country, phone, and fax parameters. | |||||
| CVE-2003-1135 | 1 Yahoo | 1 Messenger | 2008-09-05 | 2.6 LOW | N/A |
| Buffer overflow in Yahoo! Messenger 5.6 allows remote attackers to cause a denial of service (crash) via a file send request (sendfile) with a large number of "%" (percent) characters after the Yahoo ID. | |||||
| CVE-2003-1257 | 1 E-theni | 1 E-theni | 2008-09-05 | 5.0 MEDIUM | N/A |
| find_theni_home.php in E-theni allows remote attackers to obtain sensitive system information via a URL request which executes phpinfo. | |||||
| CVE-2003-1311 | 1 Netegrity | 1 Siteminder | 2008-09-05 | 6.8 MEDIUM | N/A |
| siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder does not ensure that the TARGET parameter names a valid redirection resource, which allows remote attackers to construct a URL that might trick users into visiting an arbitrary web site referenced by this parameter. | |||||
| CVE-2003-1241 | 1 Levcgi.com | 1 Myguestbook | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting vulnerability (XSS) in (1) admin_index.php, (2) admin_pass.php, (3) admin_modif.php, and (4) admin_suppr.php in MyGuestbook 3.0 allows remote attackers to execute arbitrary PHP code by modifying the location parameter to reference a URL on a remote web server that contains file.php via script injected into the pseudo, email, and message parameters. | |||||
| CVE-2003-1282 | 1 Ibm | 1 Net.data | 2008-09-05 | 5.0 MEDIUM | N/A |
| IBM Net.Data allows remote attackers to obtain sensitive information such as path names, server names and possibly user names and passwords by causing the (1) $(DTW_CURRENT_FILENAME), (2) $(DATABASE), (3) $(LOGIN), (4) $(PASSWORD), and possibly other predefined variables that can be echoed back to the user via a web form. | |||||
| CVE-2003-1293 | 1 Nukedweb | 1 Guestbookhost | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in NukedWeb GuestBookHost allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) Email and (3) Message fields when signing the guestbook. | |||||
| CVE-2003-1312 | 1 Netegrity | 1 Siteminder | 2008-09-05 | 4.3 MEDIUM | N/A |
| siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder places a session ID string in the value of the SMSESSION parameter in a URL, which might allow remote attackers to obtain the ID by sniffing, reading Referer logs, or other methods. | |||||
| CVE-2003-1251 | 1 Nx | 1 N X Web Content Management System 2002 | 2008-09-05 | 7.5 HIGH | N/A |
| The (1) menu.inc.php, (2) datasets.php and (3) mass_operations.inc.php (mistakenly referred to as mass_opeations.inc.php) scripts in N/X 2002 allow remote attackers to execute arbitrary PHP code via a c_path that references a URL on a remote web server that contains the code. | |||||
| CVE-2003-1280 | 1 Eekim | 1 Cgihtml | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in cgihtml 1.69 allows remote attackers to overwrite and create arbitrary files via a .. (dot dot) in multipart/form-data uploads. | |||||
| CVE-2003-1267 | 1 Steve Poulsen | 1 Guildftpd | 2008-09-05 | 5.0 MEDIUM | N/A |
| GuildFTPd 0.999 allows remote attackers to cause a denial of service (crash) via a GET request for MS-DOS device names such as lpt1. | |||||
| CVE-2003-1277 | 1 Yabb | 1 Yabb | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerabilities in Yet Another Bulletin Board (YaBB) 1.5.0 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via cookies by injecting arbitrary HTML or script into (1) news_icon of news_template.php, and (2) threadid and subject of index.html | |||||
| CVE-2003-1146 | 1 John Beatty | 1 Easy Php Photo Album | 2008-09-05 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in John Beatty Easy PHP Photo Album 1.0 allows remote attackers to inject arbitrary web script or HTML via the dir parameter. | |||||
| CVE-2003-1161 | 1 Linux | 1 Linux Kernel | 2008-09-05 | 7.2 HIGH | N/A |
| exit.c in Linux kernel 2.6-test9-CVS, as stored on kernel.bkbits.net, was modified to contain a backdoor, which could allow local users to elevate their privileges by passing __WCLONE|__WALL to the sys_wait4 function. | |||||
| CVE-2003-1266 | 1 Etype | 1 Eserv | 2008-09-05 | 5.0 MEDIUM | N/A |
| The (1) FTP, (2) POP3, (3) SMTP, and (4) NNTP servers in EServer 2.92 through 2.97, and possibly 2.98, allow remote attackers to cause a denial of service (crash) via a large amount of data. | |||||