CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In December 2003

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
351 CVE-2003-1204 XSS 2003-12-31 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site Server 4.0.12 BETA and earlier allow remote attackers to execute script on other clients via (1) the link parameter in sectionswindow.php, the directory parameter in (2) gallery.php, (3) navigation.php, or (4) uploadimage.php, the path parameter in (5) view.php, (6) the choice parameter in upload.php, (7) the sitename parameter in mambosimple.php, (8) the type parameter in upload.php, or the id parameter in (9) emailarticle.php, (10) emailfaq.php, or (11) emailnews.php.
352 CVE-2003-1200 Exec Code Overflow 2003-12-29 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in FORM2RAW.exe in Alt-N MDaemon 6.5.2 through 6.8.5 allows remote attackers to execute arbitrary code via a long From parameter to Form2Raw.cgi.
353 CVE-2003-1198 DoS 2003-12-26 2017-07-11
5.0
None Remote Low Not required None None Partial
connection.c in Cherokee web server before 0.4.6 allows remote attackers to cause a denial of service via an HTTP POST request without a Content-Length header field.
354 CVE-2003-1180 Dir. Trav. 2003-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in Advanced Poll 2.0.2 allows remote attackers to read arbitrary files or inject arbitrary local PHP files via .. sequences in the base_path or pollvars[lang] parameters to the admin files (1) index.php, (2) admin_tpl_new.php, (3) admin_tpl_misc_new.php, (4) admin_templates_misc.php, (5) admin_templates.php, (6) admin_stats.php, (7) admin_settings.php, (8) admin_preview.php, (9) admin_password.php, (10) admin_logout.php, (11) admin_license.php, (12) admin_help.php, (13) admin_embed.php, (14) admin_edit.php, or (15) admin_comment.php.
355 CVE-2003-1179 Exec Code File Inclusion 2003-12-31 2018-10-19
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in Advanced Poll 2.0.2 allow remote attackers to execute arbitrary PHP code via the include_path parameter in (1) booth.php, (2) png.php, (3) poll_ssi.php, or (4) popup.php, the (5) base_path parameter to common.inc.php.
356 CVE-2003-1178 Exec Code 2003-12-31 2018-10-19
7.5
None Remote Low Not required Partial Partial Partial
Eval injection vulnerability in comments.php in Advanced Poll 2.0.2 allows remote attackers to execute arbitrary PHP code via the (1) id, (2) template_set, or (3) action parameter.
357 CVE-2003-1177 DoS Exec Code Overflow 2003-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the base64 decoder in MERCUR Mailserver 4.2 before SP3a allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long (1) AUTH command to the POP3 server or (2) AUTHENTICATE command to the IMAP server.
358 CVE-2003-1176 2003-12-31 2017-07-11
6.4
None Remote Low Not required Partial Partial None
post_message_form.asp in Web Wiz Forums 6.34 through 7.5, when quote mode is used, allows remote attackers to read or write to private forums by modifying the FID (forum ID) parameter.
359 CVE-2003-1175 XSS 2003-12-31 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in index.php in Sympoll 1.5 allows remote attackers to inject arbitrary web script or HTML via the vo parameter.
360 CVE-2003-1174 DoS Overflow 2003-12-31 2017-07-11
2.1
None Local Low Not required None None Partial
Buffer overflow in NullSoft Shoutcast Server 1.9.2 allows local users to cause a denial of service via (1) icy-name followed by a long server name or (2) icy-url followed by a long URL.
361 CVE-2003-1173 2003-12-31 2017-07-11
5.0
None Remote Low Not required Partial None None
Centrinity FirstClass 7.1 allows remote attackers to access sensitive information by appending search to the end of the URL and checking all of the search option checkboxes and leaving the text field blank, which will return all files in the searched directory.
362 CVE-2003-1172 Dir. Trav. 2003-12-31 2017-07-11
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the view-source sample file in Apache Software Foundation Cocoon 2.1 and 2.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the filename parameter.
363 CVE-2003-1171 Exec Code Overflow 2003-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 through 1.7.1 in Apache 2 allows remote attackers to execute arbitrary code via a server side script that sends a large amount of data.
364 CVE-2003-1170 DoS Exec Code 2003-12-31 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
Format string vulnerability in main.cpp in kpopup 0.9.1 and 0.9.5pre2 allows local users to cause a denial of service (segmentation fault) and possibly execute arbitrary code via format string specifiers in command line arguments.
365 CVE-2003-1169 Bypass 2003-12-31 2017-07-11
4.6
None Local Low Not required Partial Partial Partial
DATEV Nutzungskontrolle 2.1 and 2.2 has insecure write permissions for critical registry keys, which allows local users to bypass access restrictions by importing NukoInfo values in certain DATEV keys, which disables Nutzungskontrolle.
366 CVE-2003-1168 +Info 2003-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
HTTP Commander 4.0 allows remote attackers to obtain sensitive information via an HTTP request that contains a . (dot) in the file parameter, which reveals the installation path in an error message.
367 CVE-2003-1167 2003-12-31 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
misc.cpp in KPopup 0.9.1 trusts the PATH variable when executing killall, which allows local users to elevate their privileges by modifying the PATH variable to reference a malicious killall program.
368 CVE-2003-1166 Dir. Trav. 2003-12-31 2017-07-11
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in (1) Openfile.aspx and (2) Html.aspx in HTTP Commander 4.0 allows remote attackers to view arbitrary files via a .. (dot dot) in the file parameter.
369 CVE-2003-1165 DoS Exec Code Overflow 2003-12-31 2017-07-11
5.0
None Remote Low Not required None None Partial
Buffer overflow in BRS WebWeaver 1.06 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP request with a long User-Agent header.
370 CVE-2003-1164 XSS 2003-12-31 2017-07-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Mldonkey 2.5-4 allows remote attackers to inject arbitrary web script or HTML via the URI, which is injected into the HTML error page.
371 CVE-2003-1163 DoS 2003-12-31 2017-07-11
5.0
None Remote Low Not required None None Partial
hash.c in Ganglia gmond 2.5.3 allows remote attackers to cause a denial of service (segmentation fault) via a UDP packet that contains a single-byte name string, which is used as an out-of-bounds array index.
372 CVE-2003-1162 2003-12-31 2017-07-11
5.0
None Remote Low Not required Partial None None
index.php in Tritanium Bulletin Board 1.2.3 allows remote attackers to read and reply to arbitrary messages by modifying the thread_id, forum_id, and sid parameters.
373 CVE-2003-1161 Bypass 2003-12-31 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
exit.c in Linux kernel 2.6-test9-CVS, as stored on kernel.bkbits.net, was modified to contain a backdoor, which could allow local users to elevate their privileges by passing __WCLONE|__WALL to the sys_wait4 function.
374 CVE-2003-1158 DoS Overflow 2003-12-31 2017-07-11
5.0
None Remote Low Not required None None Partial
Multiple buffer overflows in the FTP service in Plug and Play Web Server 1.0002c allow remote attackers to cause a denial of service (crash) via long (1) dir, (2) ls, (3) delete, (4) mkdir, (5) DELE, (6) RMD, or (7) MKD commands.
375 CVE-2003-1157 XSS 2003-12-31 2017-07-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in login.asp in Citrix MetaFrame XP Server 1.0 allows remote attackers to inject arbitrary web script or HTML via the NFuse_Message parameter.
376 CVE-2003-1156 2003-12-31 2017-07-11
4.6
None Local Low Not required Partial Partial Partial
Java Runtime Environment (JRE) and Software Development Kit (SDK) 1.4.2 through 1.4.2_02 allows local users to overwrite arbitrary files via a symlink attack on (1) unpack.log, as created by the unpack program, or (2) .mailcap1 and .mime.types1, as created by the RPM program.
377 CVE-2003-1155 2003-12-31 2017-07-11
4.6
None Local Low Not required Partial Partial Partial
X-CD-Roast 0.98 alpha10 through alpha14 allows local users to overwrite arbitrary files via a symlink attack on an unknown file.
378 CVE-2003-1154 Bypass 2003-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
MAILsweeper for SMTP 4.3 allows remote attackers to bypass virus protection via a mail message with a malformed zip attachment, as exploited by certain MIMAIL virus variants.
379 CVE-2003-1153 2003-12-31 2017-07-11
5.0
None Remote Low Not required Partial None None
byteHoard 0.7 and 0.71 allows remote attackers to list arbitrary files and directories via a direct request to files.inc.php.
380 CVE-2003-1152 2003-12-31 2017-07-11
5.0
None Remote Low Not required Partial None None
WebTide 7.04 allows remote attackers to list arbitrary directories via an HTTP request for %3f.jsp (encoded "?").
381 CVE-2003-1135 DoS Overflow 2003-12-31 2008-09-05
2.6
None Remote High Not required None None Partial
Buffer overflow in Yahoo! Messenger 5.6 allows remote attackers to cause a denial of service (crash) via a file send request (sendfile) with a large number of "%" (percent) characters after the Yahoo ID.
382 CVE-2003-1134 DoS 2003-12-31 2008-09-05
2.1
None Local Low Not required None None Partial
Sun Java 1.3.1, 1.4.1, and 1.4.2 allows local users to cause a denial of service (JVM crash), possibly by calling the ClassDepth function with a null parameter, which causes a crash instead of generating a null pointer exception.
383 CVE-2003-1133 2003-12-31 2017-07-11
2.1
None Local Low Not required Partial None None
Rit Research Labs The Bat! 1.0.11 through 2.0 creates new accounts with insecure ACLs, which allows local users to read other users' email messages.
384 CVE-2003-1132 DoS 2003-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
The DNS server for Cisco Content Service Switch (CSS) 11000 and 11500, when prompted for a nonexistent AAAA record, responds with response code 3 (NXDOMAIN or "Name Error") instead of response code 0 ("No Error"), which allows remote attackers to cause a denial of service (inaccessible domain) by forcing other DNS servers to send and cache a request for a AAAA record to the vulnerable server.
385 CVE-2003-1131 Exec Code File Inclusion 2003-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in index.php in KnowledgeBuilder, referred to as KnowledgeBase, allows remote attackers to execute arbitrary PHP code by modifying the page parameter to reference a URL on a remote web server that contains the code.
386 CVE-2003-1129 DoS Exec Code Overflow 2003-12-31 2017-07-11
2.6
None Remote High Not required None None Partial
Buffer overflow in the Yahoo! Audio Conferencing (aka Voice Chat) ActiveX control before 1,0,0,45 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a URL with a long hostname to Yahoo! Messenger or Yahoo! Chat.
387 CVE-2003-1128 Exec Code 2003-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
XMMS.pm in X2 XMMS Remote, as obtained from the vendor server between 4 AM 11 AM PST on May 7, 2003, allows remote attackers to execute arbitrary commands via shell metacharacters in a request to TCP port 8086.
388 CVE-2003-1127 Bypass 2003-12-31 2017-07-11
5.0
None Remote Low Not required Partial None None
Whale Communications e-Gap 2.5 on Windows 2000 allows remote attackers to obtain the source code for the login page via the HTTP TRACE method, which bypasses the preprocessor.
389 CVE-2003-1126 DoS 2003-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Unknown vulnerability in SunOne/iPlanet Web Server SP3 through SP5 on Windows platforms allows remote attackers to cause a denial of service.
390 CVE-2003-1125 DoS 2003-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Unknown vulnerability in ns-ldapd for Sun ONE Directory Server 4.16, 5.0, and 5.1 allows LDAP clients to cause a denial of service (service halt).
391 CVE-2003-1124 2003-12-31 2017-07-11
4.6
None Local Low Not required Partial Partial Partial
Unknown vulnerability in Sun Management Center (SunMC) 2.1.1, 3.0, and 3.0 Revenue Release (RR), when installed and run by root, allows local users to create or modify arbitrary files.
392 CVE-2003-1123 Bypass 2003-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Sun Java Runtime Environment (JRE) and SDK 1.4.0_01 and earlier allows untrusted applets to access certain information within trusted applets, which allows attackers to bypass the restrictions of the Java security model.
393 CVE-2003-1122 Exec Code 2003-12-31 2017-07-11
2.1
None Local Low Not required None Partial None
ScriptLogic 4.01, and possibly other versions before 4.14, uses insecure permissions for the LOGS$ share, which allows users to modify log records and possibly execute arbitrary code.
394 CVE-2003-1121 2003-12-31 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Services in ScriptLogic 4.01, and possibly other versions before 4.14, process client requests at raised privileges, which allows remote attackers to (1) modify arbitrary registry entries via the ScriptLogic RPC service (SLRPC) or (2) modify arbitrary configuration via the RunAdmin services (SLRAserver.exe and SLRAclient.exe).
395 CVE-2003-1120 2003-12-31 2017-07-11
3.7
None Local High Not required Partial Partial Partial
Race condition in SSH Tectia Server 4.0.3 and 4.0.4 for Unix, when the password change plugin (ssh-passwd-plugin) is enabled, allows local users to obtain the server's private key.
396 CVE-2003-1119 DoS 2003-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
SSH Secure Shell before 3.2.9 allows remote attackers to cause a denial of service via malformed BER/DER packets.
397 CVE-2003-1118 DoS Exec Code Overflow 2003-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the SETI@home client 3.03 and other versions allows remote attackers to cause a denial of service (client crash) and execute arbitrary code via a spoofed server response containing a long string followed by a \n (newline) character.
398 CVE-2003-1117 DoS Exec Code Overflow 2003-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in RealSystem Server 6.x, 7.x and 8.x, and RealSystem Proxy 8.x, related to URL error handling, allows remote attackers to cause a denial of service and possibly execute arbitrary code.
399 CVE-2003-1116 Bypass +Info 2003-12-31 2017-07-11
5.0
None Remote Low Not required Partial None None
The communications protocol for the Report Review Agent (RRA), aka FND File Server (FNDFS) program, in Oracle E-Business Suite 10.7, 11.0, and 11.5.1 to 11.5.8 allows remote attackers to bypass authentication and obtain sensitive information from the Oracle Applications Concurrent Manager by spoofing requests to the TNS Listener.
400 CVE-2003-1115 DoS Exec Code 2003-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
The Session Initiation Protocol (SIP) implementation in Nortel Networks Succession Communication Server 2000, when using SIP-T, allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite.
Total number of vulnerabilities : 507   Page : 1 2 3 4 5 6 7 8 (This Page)9 10 11
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.