Latest CVE Feed
-
10.0
HIGHCVE-2003-1245
index2.php in Mambo 4.0.12 allows remote attackers to gain administrator access via a URL request where session_id is set to the MD5 hash of a session cookie.... Read more
Affected Products : mambo_site_server- Published: Dec. 31, 2003
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2003-1247
Multiple buffer overflows in H-Sphere WebShell 2.3 allow remote attackers to execute arbitrary code via (1) a long URL content type in CGI::readFile, (2) a long path in diskusage, and (3) a long fname in flist.... Read more
Affected Products : h-sphere- Published: Dec. 31, 2003
- Modified: Apr. 03, 2025
-
6.8
MEDIUMCVE-2003-1211
Cross-site scripting (XSS) vulnerability in search.asp for MaxWebPortal 1.30 and possibly earlier versions allows remote attackers to inject arbitrary web script or HTML via the Search parameter.... Read more
Affected Products : maxwebportal- Published: Dec. 31, 2003
- Modified: Apr. 03, 2025
-
8.8
HIGHCVE-2003-1378
Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077.... Read more
- Published: Dec. 31, 2003
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2003-1091
Integer overflow in MP3Broadcaster for Apple QuickTime/Darwin Streaming Server 4.1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via malformed ID3 tags in MP3 files.... Read more
Affected Products : quicktime_broadcaster- Published: Dec. 31, 2003
- Modified: Apr. 03, 2025
-
2.1
LOWCVE-2003-1265
Netscape 7.0 and Mozilla 5.0 do not immediately delete messages in the trash folder when users select the 'Empty Trash' option, which could allow local users to access deleted messages.... Read more
- Published: Dec. 31, 2003
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2003-1123
Sun Java Runtime Environment (JRE) and SDK 1.4.0_01 and earlier allows untrusted applets to access certain information within trusted applets, which allows attackers to bypass the restrictions of the Java security model.... Read more
- Published: Dec. 31, 2003
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2003-1389
RTS CryptoBuddy 1.2 and earlier truncates long passphrases without warning the user, which may make it easier to conduct certain brute force guessing attacks.... Read more
Affected Products : cryptobuddy- Published: Dec. 31, 2003
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2003-1114
The Session Initiation Protocol (SIP) implementation in Mediatrix Telecom VoIP Access Devices and Gateways running SIPv2.4 and SIPv4.3 firmware allows remote attackers to cause a denial of service or execute arbitrary code via crafted INVITE messages, as ... Read more
Affected Products : voip_access_devices_and_gateways- Published: Dec. 31, 2003
- Modified: Apr. 03, 2025
-
5.1
MEDIUMCVE-2003-1232
Emacs 21.2.1 does not prompt or warn the user before executing Lisp code in the local variables section of a text file, which allows user-assisted attackers to execute arbitrary commands, as demonstrated using the mode-name variable.... Read more
Affected Products : emacs- Published: Dec. 31, 2003
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2003-1258
activate.php in versatileBulletinBoard (vBB) 0.9.5 and 0.9.6 allows remote attackers to gain unauthorized administrative access via a URL request with the uid parameter set to the webmaster uid.... Read more
Affected Products : versatilebulletinboard- Published: Dec. 31, 2003
- Modified: Apr. 03, 2025
-
6.4
MEDIUMCVE-2003-1230
The implementation of SYN cookies (syncookies) in FreeBSD 4.5 through 5.0-RELEASE-p3 uses only 32-bit internal keys when generating syncookies, which makes it easier for remote attackers to conduct brute force ISN guessing attacks and spoof legitimate tra... Read more
Affected Products : freebsd- Published: Dec. 31, 2003
- Modified: Apr. 03, 2025
-
4.3
MEDIUMCVE-2003-1513
Multiple cross-site scripting (XSS) vulnerabilities in example scripts in Caucho Technology Resin 2.0 through 2.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) env.jsp, (2) form.jsp, (3) session.jsp, (4) the move parameter to tic... Read more
Affected Products : resin- Published: Dec. 31, 2003
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2003-1274
Winamp 3.0 allows remote attackers to cause a denial of service (crash) via .b4s file with a file: argument to the Playstring parameter that contains MS-DOS device names such as aux.... Read more
Affected Products : winamp- Published: Dec. 31, 2003
- Modified: Apr. 03, 2025
-
3.6
LOWCVE-2003-1460
Worker Filemanager 1.0 through 2.7 sets the permissions on the destination directory to world-readable and executable while copying data, which could allow local users to obtain sensitive information.... Read more
Affected Products : worker_filemanager- Published: Dec. 31, 2003
- Modified: Apr. 03, 2025
-
4.3
MEDIUMCVE-2003-1100
Multiple cross-site scripting (XSS) vulnerabilities in Hummingbird CyberDOCS 3.5.1, 3.9, and 4.0 allow remote attackers to inject arbitrary web script or HTML via certain vectors.... Read more
Affected Products : cyberdocs- Published: Dec. 31, 2003
- Modified: Apr. 03, 2025
-
6.8
MEDIUMCVE-2003-1411
PHP remote file inclusion vulnerability in emailreader_execute_on_each_page.inc.php in Cedric Email Reader 0.4 allows remote attackers to execute arbitrary PHP code via the emailreader_ini parameter.... Read more
Affected Products : cedric_email_reader- Published: Dec. 31, 2003
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2003-1533
SQL injection vulnerability in accesscontrol.php in PhpPass 2 allows remote attackers to execute arbitrary SQL commands via the (1) uid and (2) pwd parameters.... Read more
Affected Products : phppass- Published: Dec. 31, 2003
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2003-1550
XOOPS 2.0, and possibly earlier versions, allows remote attackers to obtain sensitive information via an invalid xoopsOption parameter, which reveals the installation path in an error message.... Read more
Affected Products : xoops- Published: Dec. 31, 2003
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2003-1313
Multiple PHP remote file inclusion vulnerabilities in EternalMart Mailing List Manager (EMLM) 1.32 allow remote attackers to execute arbitrary PHP code via a URL in (1) the emml_admin_path parameter to admin/auth.php or (2) the emml_path parameter to emml... Read more
Affected Products : mailing_list_manager- Published: Dec. 31, 2003
- Modified: Apr. 03, 2025