Latest CVE Feed
-
4.6
MEDIUMCVE-2003-1169
DATEV Nutzungskontrolle 2.1 and 2.2 has insecure write permissions for critical registry keys, which allows local users to bypass access restrictions by importing NukoInfo values in certain DATEV keys, which disables Nutzungskontrolle.... Read more
Affected Products : nutzungskontrolle- EPSS Score: %0.30
- Published: Dec. 31, 2003
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2003-1526
PHP-Nuke 7.0 allows remote attackers to obtain the installation path via certain characters such as (1) ", (2) ', or (3) > in the search field, which reveals the path in an error message.... Read more
Affected Products : php-nuke- EPSS Score: %0.01
- Published: Dec. 31, 2003
- Modified: Apr. 03, 2025
-
4.3
MEDIUMCVE-2003-1511
Cross-site scripting (XSS) vulnerability in Bajie Java HTTP Server 0.95 through 0.95zxv4 allows remote attackers to inject arbitrary web script or HTML via (1) the query string to test.txt, (2) the guestName parameter to the custMsg servlet, or (3) the co... Read more
Affected Products : java_http_server- EPSS Score: %0.39
- Published: Dec. 31, 2003
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2003-1509
Real Networks RealOne Enterprise Desktop 6.0.11.774, RealOne Player 2.0, and RealOne Player 6.0.11.818 through RealOne Player 6.0.11.853 allows remote attackers to execute arbitrary script in the local security zone by embedding script in a temp file befo... Read more
- EPSS Score: %0.72
- Published: Dec. 31, 2003
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2003-1503
Buffer overflow in AOL Instant Messenger (AIM) 5.2.3292 allows remote attackers to execute arbitrary code via an aim:getfile URL with a long screen name.... Read more
Affected Products : instant_messenger- EPSS Score: %6.26
- Published: Dec. 31, 2003
- Modified: Apr. 03, 2025
-
4.6
MEDIUMCVE-2003-1502
mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.... Read more
Affected Products : mod_throttle- EPSS Score: %0.05
- Published: Dec. 31, 2003
- Modified: Apr. 03, 2025
-
6.8
MEDIUMCVE-2003-1500
PHP remote file inclusion vulnerability in _functions.php in cpCommerce 0.5f allows remote attackers to execute arbitrary code via the prefix parameter.... Read more
Affected Products : cpcommerce- EPSS Score: %3.22
- Published: Dec. 31, 2003
- Modified: Apr. 03, 2025
-
7.8
HIGHCVE-2003-1490
SonicWall Pro running firmware 6.4.0.1 allows remote attackers to cause a denial of service (device reset) via a long HTTP POST to the internal interface, possibly due to a buffer overflow.... Read more
- EPSS Score: %0.41
- Published: Dec. 31, 2003
- Modified: Apr. 03, 2025
-
4.3
MEDIUMCVE-2003-1467
Multiple cross-site scripting (XSS) vulnerabilities in (1) login.php, (2) register.php, (3) post.php, and (4) common.php in Phorum before 3.4.3 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors.... Read more
- EPSS Score: %0.65
- Published: Dec. 31, 2003
- Modified: Apr. 03, 2025
-
2.1
LOWCVE-2003-1437
BEA WebLogic Express and WebLogic Server 7.0 and 7.0.0.1, stores passwords in plaintext when a keystore is used to store a private key or trust certificate authorities, which allows local users to gain access.... Read more
- EPSS Score: %0.03
- Published: Dec. 31, 2003
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2003-1247
Multiple buffer overflows in H-Sphere WebShell 2.3 allow remote attackers to execute arbitrary code via (1) a long URL content type in CGI::readFile, (2) a long path in diskusage, and (3) a long fname in flist.... Read more
Affected Products : h-sphere- EPSS Score: %52.93
- Published: Dec. 31, 2003
- Modified: Apr. 03, 2025
-
9.8
CRITICALCVE-2003-1233
Pedestal Software Integrity Protection Driver (IPD) 1.3 and earlier allows privileged attackers, such as rootkits, to bypass file access restrictions to the Windows kernel by using the NtCreateSymbolicLinkObject function to create a symbolic link to (1) \... Read more
Affected Products : integrity_protection_driver- EPSS Score: %0.15
- Published: Dec. 31, 2003
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2003-1101
Hummingbird CyberDOCS 3.5.1, 3.9, and 4.0 allows remote attackers to obtain the full path of the DM Web Server via invalid login credentials, which reveals the path in an error message.... Read more
Affected Products : cyberdocs- EPSS Score: %1.59
- Published: Dec. 31, 2003
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2003-1361
Unknown vulnerability in VERITAS Bare Metal Restore (BMR) of Tivoli Storage Manager (TSM) 3.1.0 through 3.2.1 allows remote attackers to gain root privileges on the BMR Main Server.... Read more
- EPSS Score: %0.92
- Published: Dec. 31, 2003
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2003-1493
Memory leak in HP OpenView Network Node Manager (NNM) 6.2 and 6.4 allows remote attackers to cause a denial of service (memory exhaustion) via crafted TCP packets.... Read more
Affected Products : openview_network_node_manager- EPSS Score: %0.46
- Published: Dec. 31, 2003
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2003-1115
The Session Initiation Protocol (SIP) implementation in Nortel Networks Succession Communication Server 2000, when using SIP-T, allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demons... Read more
Affected Products : succession_communication_server_2000- EPSS Score: %11.56
- Published: Dec. 31, 2003
- Modified: Apr. 03, 2025
-
7.2
HIGHCVE-2003-1082
Buffer overflow in utmp_update for Solaris 2.6 through 9 allows local users to gain root privileges, as identified by Sun BugID 4705891, a different vulnerability than CVE-2003-1068.... Read more
- EPSS Score: %0.14
- Published: Dec. 31, 2003
- Modified: Apr. 03, 2025
-
7.2
HIGHCVE-2003-1461
Buffer overflow in rwrite for HP-UX 11.0 could allow local users to execute arbitrary code via a long argument. NOTE: the vendor was unable to reproduce the problem on a system that had been patched for an lp vulnerability (CVE-2002-1473).... Read more
Affected Products : hp-ux- EPSS Score: %0.25
- Published: Dec. 31, 2003
- Modified: Apr. 03, 2025
-
6.8
MEDIUMCVE-2003-1311
siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder does not ensure that the TARGET parameter names a valid redirection resource, which allows remote attackers to construct a URL that might trick users into visiting an arbitrary web site referenced b... Read more
Affected Products : siteminder- EPSS Score: %0.76
- Published: Dec. 31, 2003
- Modified: Apr. 03, 2025
-
5.1
MEDIUMCVE-2003-1107
The DHTML capability in Microsoft Windows Media Player (WMP) 6.4, 7.0, 7.1, and 9 may run certain URL commands from a security zone that is less trusted than the current zone, which allows attackers to bypass intended access restrictions.... Read more
Affected Products : windows_media_player- EPSS Score: %8.43
- Published: Dec. 31, 2003
- Modified: Apr. 03, 2025