Cross-site scripting (XSS) vulnerability in index.php for Ledscripts.com LedForums Beta 1 allows remote attackers to inject arbitrary web script or HTML via the (1) top_message parameter or (2) topic field of a new thread.
Max CVSS
6.8
EPSS Score
2.27%
Published
2003-10-30
Updated
2017-07-11
Cross-site scripting (XSS) vulnerability in Booby .1 through 0.2.3 allows remote attackers to inject arbitrary web script or HTML via the error message.
Max CVSS
6.8
EPSS Score
1.05%
Published
2003-10-30
Updated
2017-07-11
chatbox.php in e107 0.554 and 0.603 allows remote attackers to cause a denial of service (pages fail to load) via HTML in the Name field, which prevents the main.php form from being loaded.
Max CVSS
5.0
EPSS Score
6.24%
Published
2003-10-29
Updated
2017-07-11
Unknown vulnerability in Nokia IPSO 3.7, configured as IP Clusters, allows remote attackers to cause a denial of service via unknown attack vectors.
Max CVSS
5.0
EPSS Score
1.69%
Published
2003-10-29
Updated
2017-07-11
Buffer overflow in TelCondex SimpleWebServer 2.12.30210 Build3285 allows remote attackers to execute arbitrary code via a long HTTP Referer header.
Max CVSS
7.5
EPSS Score
2.37%
Published
2003-10-29
Updated
2017-07-11
The WebCache component in Oracle Files 9.0.3.1.0, 9.0.3.2.0, and 9.0.3.3.0 of Oracle Collaboration Suite Release 1 caches files despite the cacheability rules imposed by Oracle Files, which allows local users to gain access.
Max CVSS
4.6
EPSS Score
0.06%
Published
2003-10-28
Updated
2017-07-11
Advanced Poll 2.0.2 allows remote attackers to obtain sensitive information via an HTTP request to info.php, which invokes the phpinfo() function.
Max CVSS
5.0
EPSS Score
2.07%
Published
2003-10-25
Updated
2017-07-11
FlexWATCH Network video server 132 allows remote attackers to bypass authentication and gain administrative privileges via an HTTP request to aindex.htm that contains double leading slashes (//).
Max CVSS
10.0
EPSS Score
3.02%
Published
2003-10-30
Updated
2017-07-11
Plug and Play Web Server Proxy 1.0002c allows remote attackers to cause a denial of service (server crash) via an invalid URI in an HTTP GET request to TCP port 8080.
Max CVSS
5.0
EPSS Score
2.11%
Published
2003-10-31
Updated
2017-07-11
Cross-site scripting (XSS) vulnerability in Fastream NETFile Server 6.0.3.588 allows remote attackers to inject arbitrary web script or HTML via the URL, which is displayed on a "404 Not Found" error page.
Max CVSS
4.3
EPSS Score
0.54%
Published
2003-10-28
Updated
2017-07-11
Buffer overflow in the portmapper service (PMAP.NLM) in Novell NetWare 6 SP3 and ZenWorks for Desktops 3.2 SP2 through 4.0.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via unknown attack vectors.
Max CVSS
7.5
EPSS Score
12.61%
Published
2003-10-27
Updated
2017-07-11
Cross-site scripting (XSS) vulnerability in Symantec Norton Internet Security 2003 6.0.4.34 allows remote attackers to inject arbitrary web script or HTML via a URL to a blocked site, which is displayed on the blocked sites error page.
Max CVSS
4.3
EPSS Score
0.36%
Published
2003-10-27
Updated
2017-07-11
Multiple PHP remote file inclusion vulnerabilities in J-Pierre DEZELUS Les Visiteurs 2.0.1, as used in phpMyConferences (phpMyConference) 8.0.2 and possibly other products, allow remote attackers to execute arbitrary PHP code via a URL in the lvc_include_dir parameter to (1) config.inc.php or (2) new-visitor.inc.php in common/visiteurs/include/.
Max CVSS
7.5
EPSS Score
5.52%
Published
2003-10-25
Updated
2017-07-11
Croteam Serious Sam demo test 2 2.1a, Serious Sam: the First Encounter 1.05, and Serious Sam: the Second Encounter 1.05 allow remote attackers to cause a denial of service (crash or freeze) via a TCP packet with an invalid first parameter.
Max CVSS
7.5
EPSS Score
4.61%
Published
2003-10-30
Updated
2017-07-11
Buffer overflow in Musicqueue 1.2.0 allows local users to execute arbitrary code via a long language variable in the configuration file.
Max CVSS
10.0
EPSS Score
0.28%
Published
2003-10-27
Updated
2017-07-11
Musicqueue 1.2.0 allows local users to overwrite arbitrary files by triggering a segmentation fault and using a symlink attack on the resulting musicqueue.crash file.
Max CVSS
5.0
EPSS Score
0.38%
Published
2003-10-27
Updated
2017-07-11
The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash (//).
Max CVSS
5.0
EPSS Score
2.84%
Published
2003-10-27
Updated
2008-09-05
Charles Steinkuehler sh-httpd 0.3 and 0.4 allows remote attackers to read files or execute arbitrary CGI scripts via a GET request that contains an asterisk (*) wildcard character.
Max CVSS
5.0
EPSS Score
2.18%
Published
2003-10-27
Updated
2017-07-11
Cross-site scripting (XSS) vulnerability in Chi Kien Uong Guestbook 1.51 allows remote attackers to inject arbitrary web script or HTML via (1) HTML in a posted message or (2) Javascript in an onmouseover attribute in an e-mail address or URL.
Max CVSS
4.3
EPSS Score
0.72%
Published
2003-10-23
Updated
2017-07-11
Unknown vulnerability in the sysinfo system call for Solaris for SPARC 2.6 through 9, and Solaris for x86 2.6, 7, and 8, allows local users to read kernel memory.
Max CVSS
4.6
EPSS Score
0.04%
Published
2003-10-15
Updated
2018-10-30
Race condition in Solaris 2.6 through 9 allows local users to cause a denial of service (kernel panic), as demonstrated via the namefs function, pipe, and certain STREAMS routines.
Max CVSS
1.2
EPSS Score
0.04%
Published
2003-10-14
Updated
2018-10-30
The NFS Server for Solaris 7, 8, and 9 allows remote attackers to cause a denial of service (UFS panic) via certain invalid UFS requests, which triggers a null dereference.
Max CVSS
5.0
EPSS Score
6.87%
Published
2003-10-27
Updated
2018-10-30
Multiple buffer overflows in XShisen allow attackers to execute arbitrary code via a long (1) -KCONV command line option or (2) XSHISENLIB environment variable.
Max CVSS
4.6
EPSS Score
0.09%
Published
2003-10-03
Updated
2017-07-11
The DB2 Discovery Service for IBM DB2 before FixPak 10a allows remote attackers to cause a denial of service (crash) via a long packet to UDP port 523.
Max CVSS
5.0
EPSS Score
0.39%
Published
2003-10-06
Updated
2016-10-18
lsh daemon (lshd) does not properly return from certain functions in (1) read_line.c, (2) channel_commands.c, or (3) client_keyexchange.c when long input is provided, which could allow remote attackers to execute arbitrary code via a heap-based buffer overflow attack.
Max CVSS
7.5
EPSS Score
6.33%
Published
2003-10-06
Updated
2016-10-18
92 vulnerabilities found
1 2 3 4
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!