CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In December 2003

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
151 CVE-2003-1414 22 Dir. Trav. 2003-12-31 2017-07-29
4.3
None Remote Medium Not required Partial None None
Directory traversal vulnerability in parse_xml.cg Apple Darwin Streaming Server 4.1.2 and Apple Quicktime Streaming Server 4.1.1 allows remote attackers to read arbitrary files via a ... (triple dot) in the filename parameter.
152 CVE-2003-1413 22 Dir. Trav. 2003-12-31 2017-07-29
4.3
None Remote Medium Not required None None Partial
parse_xml.cgi in Apple Darwin Streaming Server 4.1.1 allows remote attackers to determine the existence of arbitrary files by using ".." sequences in the filename parameter and comparing the resulting error messages.
153 CVE-2003-1412 94 Exec Code File Inclusion 2003-12-31 2018-10-19
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in index.php for GONiCUS System Administrator (GOsa) 1.0 allows remote attackers to execute arbitrary PHP code via the plugin parameter to (1) 3fax/1blocklists/index.php; (2) 6departamentadmin/index.php, (3) 5terminals/index.php, (4) 4mailinglists/index.php, (5) 3departaments/index.php, and (6) 2groupd/index.php in 2administration/; or (7) the base parameter to include/help.php.
154 CVE-2003-1411 94 Exec Code File Inclusion 2003-12-31 2017-07-29
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in emailreader_execute_on_each_page.inc.php in Cedric Email Reader 0.4 allows remote attackers to execute arbitrary PHP code via the emailreader_ini parameter.
155 CVE-2003-1410 94 Exec Code File Inclusion 2003-12-31 2017-07-29
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in email.php (aka email.php3) in Cedric Email Reader 0.2 and 0.3 allows remote attackers to execute arbitrary PHP code via the cer_skin parameter.
156 CVE-2003-1409 200 +Info 2003-12-31 2017-07-29
5.0
None Remote Low Not required Partial None None
TOPo 1.43 allows remote attackers to obtain sensitive information by sending an HTTP request with an invalid parameter to (1) in.php or (2) out.php, which reveals the path to the TOPo directory in the error message.
157 CVE-2003-1408 200 +Info 2003-12-31 2017-07-29
5.0
None Remote Low Not required Partial None None
Lotus Domino Server 5.0 and 6.0 allows remote attackers to read the source code for files via an HTTP request with a filename with a trailing dot.
158 CVE-2003-1407 119 Exec Code Overflow 2003-12-31 2017-07-29
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in cmd.exe in Windows NT 4.0 may allow local users to execute arbitrary code via a long pathname argument to the cd command.
159 CVE-2003-1406 94 Exec Code File Inclusion 2003-12-31 2017-07-29
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in D-Forum 1.00 through 1.11 allows remote attackers to execute arbitrary PHP code via a URL in the (1) my_header parameter to header.php3 or (2) my_footer parameter to footer.php3.
160 CVE-2003-1405 20 Exec Code 2003-12-31 2017-07-29
7.5
None Remote Low Not required Partial Partial Partial
DotBr 0.1 allows remote attackers to execute arbitrary shell commands via the cmd parameter to (1) exec.php3 or (2) system.php3.
161 CVE-2003-1404 200 +Info 2003-12-31 2017-07-29
7.5
None Remote Low Not required Partial Partial Partial
DotBr 0.1 stores config.inc with insufficient access control under the web document root, which allows remote attackers to obtain sensitive information such as SQL usernames and passwords.
162 CVE-2003-1403 20 +Info 2003-12-31 2017-07-29
7.5
None Remote Low Not required Partial Partial Partial
foo.php3 in DotBr 0.1 allows remote attackers to obtain sensitive information via a direct request, which calls the phpinfo function.
163 CVE-2003-1402 20 Exec Code File Inclusion 2003-12-31 2017-07-29
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in hit.php for Kietu 2.0 and 2.3 allows remote attackers to execute arbitrary PHP code via the url_hit parameter, a different vulnerability than CVE-2006-5015.
164 CVE-2003-1401 255 +Info 2003-12-31 2017-07-29
5.8
None Remote Medium Not required Partial Partial None
login.php in php-Board 1.0 stores plaintext passwords in $username.txt with insufficient access control under the web document root, which allows remote attackers to obtain sensitive information via a direct request.
165 CVE-2003-1400 79 XSS 2003-12-31 2017-07-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Your_Account module for PHP-Nuke 5.0 through 6.0 allows remote attackers to inject arbitrary web script or HTML via the user_avatar parameter.
166 CVE-2003-1399 +Info 2003-12-31 2017-07-29
1.9
None Local Medium Not required Partial None None
eject 2.0.10, when installed setuid on systems such as SuSE Linux 7.3, generates different error messages depending on whether a specified file exists or not, which allows local users to obtain sensitive information.
167 CVE-2003-1398 200 DoS +Info 2003-12-31 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
Cisco IOS 12.0 through 12.2, when IP routing is disabled, accepts false ICMP redirect messages, which allows remote attackers to cause a denial of service (network routing modification).
168 CVE-2003-1397 119 DoS Overflow 2003-12-31 2022-03-01
4.3
None Remote Medium Not required None None Partial
The PluginContext object of Opera 6.05 and 7.0 allows remote attackers to cause a denial of service (crash) via an HTTP request containing a long string that gets passed to the ShowDocument method.
169 CVE-2003-1396 787 DoS Exec Code Overflow 2003-12-31 2022-03-01
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in Opera 6.05 through 7.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a filename with a long extension.
170 CVE-2003-1395 119 DoS Exec Code Overflow 2003-12-31 2017-07-29
9.0
None Remote Low Not required Partial Partial Complete
Buffer overflow in KaZaA Media Desktop 2.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a response to the ad server.
171 CVE-2003-1394 255 +Info 2003-12-31 2017-07-29
5.0
None Remote Low Not required Partial None None
CoffeeCup Software Password Wizard 4.0 stores sensitive information such as usernames and passwords in a .apw file under the web document root with insufficient access control, which allows remote attackers to obtain that information via a direct request for the file.
172 CVE-2003-1393 119 DoS Exec Code Overflow 2003-12-31 2017-07-29
8.5
None Remote Medium ??? Complete Complete Complete
Buffer overflow in Gupta SQLBase 8.1.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long EXECUTE command.
173 CVE-2003-1392 310 2003-12-31 2017-07-29
6.6
None Local Low Not required Complete Complete None
CryptoBuddy 1.0 and 1.2 does not use the user-supplied passphrase to encrypt data, which could allow local users to use their own passphrase to decrypt the data.
174 CVE-2003-1391 310 2003-12-31 2017-07-29
7.5
None Remote Low Not required Partial Partial Partial
RTS CryptoBuddy 1.0 and 1.2 uses a weak encryption algorithm for the passphrase and generates predictable keys, which makes it easier for attackers to guess the passphrase.
175 CVE-2003-1390 310 2003-12-31 2017-07-29
7.5
None Remote Low Not required Partial Partial Partial
RTS CryptoBuddy 1.2 and earlier stores bytes 53 through 55 of a 55-byte passphrase in plaintext, which makes it easier for local users to guess the passphrase.
176 CVE-2003-1389 310 2003-12-31 2017-07-29
7.5
None Remote Low Not required Partial Partial Partial
RTS CryptoBuddy 1.2 and earlier truncates long passphrases without warning the user, which may make it easier to conduct certain brute force guessing attacks.
177 CVE-2003-1388 120 Overflow 2003-12-31 2022-03-01
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Opera 7.02 Build 2668 allows remote attackers to crash Opera via a long HTTP request ending in a .ZIP extension.
178 CVE-2003-1387 120 Exec Code Overflow 2003-12-31 2022-03-01
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Opera 6.05 and 6.06, and possibly other versions, allows remote attackers to execute arbitrary code via a URL with a long username.
179 CVE-2003-1386 264 +Info 2003-12-31 2017-07-29
6.4
None Remote Low Not required Partial None Partial
AXIS 2400 Video Server 2.00 through 2.33 allows remote attackers to obtain sensitive information via an HTTP request to /support/messages, which displays the server's /var/log/messages file.
180 CVE-2003-1385 94 Exec Code 2003-12-31 2017-07-29
6.8
None Remote Medium Not required Partial Partial Partial
ipchat.php in Invision Power Board 1.1.1 allows remote attackers to execute arbitrary PHP code, if register_globals is enabled, by modifying the root_path parameter to reference a URL on a remote web server that contains the code.
181 CVE-2003-1384 79 XSS 2003-12-31 2017-07-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in PY-Livredor 1.0 allows remote attackers to insert arbitrary web script or HTML via the (1) titre, (2) Votre pseudo, (3) Votre e-mail, or (4) Votre message fields.
182 CVE-2003-1383 264 +Info 2003-12-31 2017-07-29
7.5
None Remote Low Not required Partial Partial Partial
WEB-ERP 0.1.4 and earlier allows remote attackers to obtain sensitive information via an HTTP request for the logicworks.ini file, which contains the MySQL database username and password.
183 CVE-2003-1382 119 Exec Code Overflow 2003-12-31 2017-07-29
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in ISMail 1.4.3 and earlier allow remote attackers to execute arbitrary code via long domain names in (1) MAIL FROM or (2) RCPT TO fields.
184 CVE-2003-1381 134 Exec Code 2003-12-31 2017-07-29
6.8
None Remote Medium Not required Partial Partial Partial
Format string vulnerability in AMX 0.9.2 and earlier, a plugin for Valve Software's Half-Life Server, allows remote attackers to execute arbitrary commands via format string specifiers in the amx_say command.
185 CVE-2003-1380 22 Dir. Trav. 2003-12-31 2017-07-29
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in BisonFTP Server 4 release 2 allows remote attackers to (1) list directories above the root via an 'ls @../' command, or (2) list files above the root via a "mget @../FILE" command.
186 CVE-2003-1379 200 +Info 2003-12-31 2017-07-29
5.0
None Remote Low Not required Partial None None
clarkconnectd in ClarkConnect Linux 1.2 allows remote attackers to obtain sensitive information about the server via the characters (1) A, which reveals the date and time, (2) F, (3) M, which reveals 'ifconfig' information, (4) P, which lists the processes, (5) Y, which reveals the snort log files, or (6) b, which reveals /var/log/messages.
187 CVE-2003-1378 264 Exec Code 2003-12-31 2017-07-29
8.8
None Remote Medium Not required Complete Complete None
Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077.
188 CVE-2003-1377 119 Exec Code Overflow 2003-12-31 2017-07-29
8.3
None Remote Medium Not required Partial Partial Complete
Buffer overflow in the reverse DNS lookup of Smart IRC Daemon (SIRCD) 0.4.0 and 0.4.4 allows remote attackers to execute arbitrary code via a client with a long hostname.
189 CVE-2003-1376 255 2003-12-31 2017-07-29
4.6
None Local Low Not required Partial Partial Partial
WinZip 8.0 uses weak random number generation for password protected ZIP files, which allows local users to brute force the encryption keys and extract the data from the zip file by guessing the state of the stream coder.
190 CVE-2003-1375 119 Exec Code Overflow 2003-12-31 2017-10-11
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in wall for HP-UX 10.20 through 11.11 may allow local users to execute arbitrary code by calling wall with a large file as an argument.
191 CVE-2003-1374 119 Exec Code Overflow 2003-12-31 2017-07-29
4.6
None Local Low Not required Partial Partial Partial
Buffer overflow in disable of HP-UX 11.0 may allow local users to execute arbitrary code via a long argument to the (1) -r or (2)-c options.
192 CVE-2003-1373 22 Dir. Trav. 2003-12-31 2017-07-29
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in auth.php for PhpBB 1.4.0 through 1.4.4 allows remote attackers to read and include arbitrary files via .. (dot dot) sequences followed by NULL (%00) characters in CGI parameters, as demonstrated using the lang parameter in prefs.php.
193 CVE-2003-1372 79 XSS 2003-12-31 2017-07-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in links.php script in myPHPNuke 1.8.8, and possibly earlier versions, allows remote attackers to inject arbitrary HTML and web script via the (1) ratenum or (2) query parameters.
194 CVE-2003-1371 79 XSS +Info 2003-12-31 2017-07-29
4.3
None Remote Medium Not required None Partial None
Nuked-Klan 1.3b, and possibly earlier versions, allows remote attackers to obtain sensitive server information via an op parameter set to phpinfo for the (1) Team, (2) News, or (3) Liens modules.
195 CVE-2003-1370 79 XSS 2003-12-31 2017-07-29
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Nuked-Klan 1.2b allow remote attackers to inject arbitrary HTML or web script via (1) the Author field in the Guestbook module, (2) the Titre or Pseudo fields in the Forum module, or (3) "La Tribune Libre" in the Shoutbox module.
196 CVE-2003-1369 119 DoS Exec Code Overflow 2003-12-31 2017-07-29
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in ByteCatcher FTP client 1.04b allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long FTP server banner.
197 CVE-2003-1368 119 DoS Exec Code Overflow 2003-12-31 2017-07-29
6.4
None Remote Low Not required None Partial Partial
Buffer overflow in the 32bit FTP client 9.49.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long FTP server banner.
198 CVE-2003-1367 16 2003-12-31 2017-07-29
7.8
None Remote Low Not required Complete None None
The which_access variable for Majordomo 2.0 through 1.94.4, and possibly earlier versions, is set to "open" by default, which allows remote attackers to identify the email addresses of members of mailing lists via a "which" command.
199 CVE-2003-1366 200 +Info 2003-12-31 2017-07-29
3.3
None Local Medium Not required Partial Partial None
chpass in OpenBSD 2.0 through 3.2 allows local users to read portions of arbitrary files via a hard link attack on a temporary file used to store user database information.
200 CVE-2003-1365 20 Exec Code 2003-12-31 2017-07-29
5.0
None Remote Low Not required None Partial None
The escape_dangerous_chars function in CGI::Lite 2.0 and earlier does not correctly remove special characters including (1) "\" (backslash), (2) "?", (3) "~" (tilde), (4) "^" (carat), (5) newline, or (6) carriage return, which could allow remote attackers to read or write arbitrary files, or execute arbitrary commands, in shell scripts that rely on CGI::Lite to filter such dangerous inputs.
Total number of vulnerabilities : 507   Page : 1 2 3 4 (This Page)5 6 7 8 9 10 11
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.