CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
15551 CVE-2003-1497 119 DoS Overflow 2003-12-31 2017-07-28
6.3
None Remote Medium Single system None None Complete
Buffer overflow in the system log viewer of Linksys BEFSX41 1.44.3 allows remote attackers to cause a denial of service via an HTTP request with a long Log_Page_Num variable.
15552 CVE-2003-1488 20 2003-12-31 2017-07-28
6.4
None Remote Low Not required Partial Partial None
The (1) verif_admin.php and (2) check_admin.php scripts in Truegalerie 1.0 allow remote attackers to gain administrator access via a request to admin.php without the connect parameter and with the loggedin parameter set to any value, such as 1.
15553 CVE-2003-1483 255 2003-12-31 2017-07-28
6.4
None Remote Low Not required Partial Partial None
FlashFXP 1.4 uses a weak encryption algorithm for user passwords, which allows attackers to decrypt the passwords and gain access.
15554 CVE-2003-1475 287 2003-12-31 2017-07-28
6.8
User Remote Medium Not required Partial Partial Partial
Netbus 1.5 through 1.7 allows more than one client to be connected at the same time, but only prompts the first connection for authentication, which allows remote attackers to gain access.
15555 CVE-2003-1471 20 DoS 2003-12-31 2017-07-28
6.3
None Remote Medium Single system None None Complete
MDaemon POP server 6.0.7 and earlier allows remote authenticated users to cause a denial of service (crash) via a (1) DELE or (2) UIDL with a negative number.
15556 CVE-2003-1459 94 Exec Code File Inclusion 2003-12-31 2017-07-28
6.8
None Remote Medium Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in ttCMS 2.2 and ttForum allow remote attackers to execute arbitrary PHP code via the (1) template parameter in News.php or (2) installdir parameter in install.php.
15557 CVE-2003-1451 119 Exec Code Overflow 2003-12-31 2017-07-28
6.4
None Remote Low Not required Partial Partial None
Buffer overflow in Symantec Norton AntiVirus 2002 allows remote attackers to execute arbitrary code via an e-mail attachment with a compressed ZIP file that contains a file with a long filename.
15558 CVE-2003-1436 94 Exec Code File Inclusion 2003-12-31 2017-07-28
6.8
User Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in nukebrowser.php in Nukebrowser 2.1 to 2.5 allows remote attackers to execute arbitrary PHP code via the filhead parameter.
15559 CVE-2003-1434 287 2003-12-31 2017-07-28
6.8
User Remote Medium Not required Partial Partial Partial
login_ldap 3.1 and 3.2 allows remote attackers to initiate unauthenticated bind requests if (1) bind_anon_dn is on, which allows a bind with no password provided, (2) bind_anon_cred is on, which allows a bind with no DN, or (3) bind_anon is on, which allows a bind with no DN or password.
15560 CVE-2003-1427 22 Dir. Trav. 2003-12-31 2017-07-28
6.4
None Remote Low Not required Partial None Partial
Directory traversal vulnerability in the web configuration interface in Netgear FM114P 1.4 allows remote attackers to read arbitrary files, such as the netgear.cfg configuration file, via a hex-encoded (%2e%2e%2f) ../ (dot dot slash) in the port parameter.
15561 CVE-2003-1424 255 2003-12-31 2017-07-28
6.8
User Remote Medium Not required Partial Partial Partial
message.php in Petitforum does not properly authenticate users, which allows remote attackers to impersonate forum users via a modified connect cookie.
15562 CVE-2003-1415 119 Overflow +Info 2003-12-31 2017-07-28
6.8
None Remote Medium Not required Partial Partial Partial
NetCharts XBRL Server 4.0.0 allows remote attackers to obtain sensitive information via an HTTP request with an invalid chunked transfer encoding specification.
15563 CVE-2003-1412 94 Exec Code File Inclusion 2003-12-31 2018-10-19
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in index.php for GONiCUS System Administrator (GOsa) 1.0 allows remote attackers to execute arbitrary PHP code via the plugin parameter to (1) 3fax/1blocklists/index.php; (2) 6departamentadmin/index.php, (3) 5terminals/index.php, (4) 4mailinglists/index.php, (5) 3departaments/index.php, and (6) 2groupd/index.php in 2administration/; or (7) the base parameter to include/help.php.
15564 CVE-2003-1411 94 Exec Code File Inclusion 2003-12-31 2017-07-28
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in emailreader_execute_on_each_page.inc.php in Cedric Email Reader 0.4 allows remote attackers to execute arbitrary PHP code via the emailreader_ini parameter.
15565 CVE-2003-1410 94 Exec Code File Inclusion 2003-12-31 2017-07-28
6.8
None Remote Medium Not required Partial Partial Partial
PHP remote file inclusion vulnerability in email.php (aka email.php3) in Cedric Email Reader 0.2 and 0.3 allows remote attackers to execute arbitrary PHP code via the cer_skin parameter.
15566 CVE-2003-1392 310 2003-12-31 2017-07-28
6.6
None Local Low Not required Complete Complete None
CryptoBuddy 1.0 and 1.2 does not use the user-supplied passphrase to encrypt data, which could allow local users to use their own passphrase to decrypt the data.
15567 CVE-2003-1386 264 +Info 2003-12-31 2017-07-28
6.4
None Remote Low Not required Partial None Partial
AXIS 2400 Video Server 2.00 through 2.33 allows remote attackers to obtain sensitive information via an HTTP request to /support/messages, which displays the server's /var/log/messages file.
15568 CVE-2003-1385 94 Exec Code 2003-12-31 2017-07-28
6.8
User Remote Medium Not required Partial Partial Partial
ipchat.php in Invision Power Board 1.1.1 allows remote attackers to execute arbitrary PHP code, if register_globals is enabled, by modifying the root_path parameter to reference a URL on a remote web server that contains the code.
15569 CVE-2003-1381 134 Exec Code 2003-12-31 2017-07-28
6.8
None Remote Medium Not required Partial Partial Partial
Format string vulnerability in AMX 0.9.2 and earlier, a plugin for Valve Software's Half-Life Server, allows remote attackers to execute arbitrary commands via format string specifiers in the amx_say command.
15570 CVE-2003-1373 22 Dir. Trav. 2003-12-31 2017-07-28
6.8
None Remote Medium Not required Partial Partial Partial
Directory traversal vulnerability in auth.php for PhpBB 1.4.0 through 1.4.4 allows remote attackers to read and include arbitrary files via .. (dot dot) sequences followed by NULL (%00) characters in CGI parameters, as demonstrated using the lang parameter in prefs.php.
15571 CVE-2003-1369 119 DoS Exec Code Overflow 2003-12-31 2017-07-28
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in ByteCatcher FTP client 1.04b allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long FTP server banner.
15572 CVE-2003-1368 119 DoS Exec Code Overflow 2003-12-31 2017-07-28
6.4
None Remote Low Not required None Partial Partial
Buffer overflow in the 32bit FTP client 9.49.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long FTP server banner.
15573 CVE-2003-1363 2003-12-31 2008-09-05
6.4
None Remote Low Not required Partial Partial None
The remote web management interface of Aprelium Technologies Abyss Web Server 1.1.2 and earlier does not log connection attempts to the web management port (9999), which allows remote attackers to mount brute force attacks on the administration console without detection.
15574 CVE-2003-1340 89 Exec Code Sql 2003-12-31 2018-10-19
6.5
None Remote Low Single system Partial Partial Partial
Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 5.6 and 6.5 allow remote authenticated users to execute arbitrary SQL commands via (1) a uid (user) cookie to modules.php; and allow remote attackers to execute arbitrary SQL commands via an aid (admin) cookie to the Web_Links module in a (2) viewlink, (3) MostPopular, or (4) NewLinksDate action, different vectors than CVE-2003-0279.
15575 CVE-2003-1323 2003-12-31 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
Elm ME+ 2.4 before PL109S, when installed setgid mail and the operating system lacks POSIX saved ID support, allows local users to read and modify certain files with the privileges of the mail group via unspecified vectors.
15576 CVE-2003-1317 XSS 2003-12-31 2017-07-28
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in mod.php in eNdonesia 8.2 allows remote attackers to inject arbitrary web script or HTML via the mod parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
15577 CVE-2003-1311 2003-12-31 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder does not ensure that the TARGET parameter names a valid redirection resource, which allows remote attackers to construct a URL that might trick users into visiting an arbitrary web site referenced by this parameter.
15578 CVE-2003-1262 DoS Exec Code Overflow 2003-12-31 2016-10-17
6.4
None Remote Low Not required None Partial Partial
Buffer overflow in the http_fetch function of HTTP Fetcher 1.0.0 and 1.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a URL request via a long (1) host, (2) referer, or (3) userAgent value.
15579 CVE-2003-1256 Exec Code 2003-12-31 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
aff_liste_langue.php in E-theni allows remote attackers to execute arbitrary PHP code by modifying the rep_include parameter to reference a URL on a remote web server that contains para_langue.php.
15580 CVE-2003-1255 2003-12-31 2017-07-10
6.4
None Remote Low Not required Partial Partial None
add_bookmark.php in Active PHP Bookmarks (APB) 1.1.01 allows remote attackers to add arbitrary bookmarks as other users using a modified auth_user_id parameter.
15581 CVE-2003-1230 2003-12-31 2017-07-10
6.4
None Remote Low Not required Partial Partial None
The implementation of SYN cookies (syncookies) in FreeBSD 4.5 through 5.0-RELEASE-p3 uses only 32-bit internal keys when generating syncookies, which makes it easier for remote attackers to conduct brute force ISN guessing attacks and spoof legitimate traffic.
15582 CVE-2003-1211 XSS 2003-12-31 2017-07-10
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in search.asp for MaxWebPortal 1.30 and possibly earlier versions allows remote attackers to inject arbitrary web script or HTML via the Search parameter.
15583 CVE-2003-1204 XSS 2003-12-31 2017-07-10
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site Server 4.0.12 BETA and earlier allow remote attackers to execute script on other clients via (1) the link parameter in sectionswindow.php, the directory parameter in (2) gallery.php, (3) navigation.php, or (4) uploadimage.php, the path parameter in (5) view.php, (6) the choice parameter in upload.php, (7) the sitename parameter in mambosimple.php, (8) the type parameter in upload.php, or the id parameter in (9) emailarticle.php, (10) emailfaq.php, or (11) emailnews.php.
15584 CVE-2003-1199 XSS 2004-03-11 2017-07-10
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in MyProxy 20030629 allows remote attackers to inject arbitrary web script or HTML via the URL.
15585 CVE-2003-1197 XSS 2003-10-30 2017-07-10
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in index.php for Ledscripts.com LedForums Beta 1 allows remote attackers to inject arbitrary web script or HTML via the (1) top_message parameter or (2) topic field of a new thread.
15586 CVE-2003-1194 XSS 2003-10-30 2017-07-10
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in Booby .1 through 0.2.3 allows remote attackers to inject arbitrary web script or HTML via the error message.
15587 CVE-2003-1187 XSS 2003-11-02 2017-07-10
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in include.php in PHPKIT 1.6.02 and 1.6.03 allows remote attackers to inject arbitrary web script or HTML via the contact_email parameter.
15588 CVE-2003-1182 XSS 2003-11-03 2017-07-10
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in MPM Guestbook 1.2 allows remote attackers to inject arbitrary web script or HTML via the lng parameter.
15589 CVE-2003-1176 2003-12-31 2017-07-10
6.4
None Remote Low Not required Partial Partial None
post_message_form.asp in Web Wiz Forums 6.34 through 7.5, when quote mode is used, allows remote attackers to read or write to private forums by modifying the FID (forum ID) parameter.
15590 CVE-2003-1175 XSS 2003-12-31 2017-07-10
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in index.php in Sympoll 1.5 allows remote attackers to inject arbitrary web script or HTML via the vo parameter.
15591 CVE-2003-1146 XSS 2003-05-11 2008-09-05
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in John Beatty Easy PHP Photo Album 1.0 allows remote attackers to inject arbitrary web script or HTML via the dir parameter.
15592 CVE-2003-1145 XSS 2003-11-03 2017-07-10
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in friendmail.php in OpenAutoClassifieds 1.0 allows remote attackers to inject arbitrary web script or HTML via the listing parameter.
15593 CVE-2003-0965 XSS 2004-02-17 2017-10-10
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in the admin CGI script for Mailman before 2.1.4 allows remote attackers to steal session cookies and conduct unauthorized activities.
15594 CVE-2003-0935 2003-12-01 2017-10-10
6.4
None Remote Low Not required Partial Partial None
Net-SNMP before 5.0.9 allows a user or community to access data in MIB objects, even if that data is not allowed to be viewed.
15595 CVE-2003-0904 200 +Info 2004-01-20 2018-10-12
6.0
User Remote Medium Single system Partial Partial Partial
Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. when SharePoint Services 2.0 is installed.
15596 CVE-2003-0885 2003-12-31 2008-09-05
6.4
None Remote Low Not required None Partial Partial
Xscreensaver 4.14 contains certain debugging code that should have been omitted, which causes Xscreensaver to create temporary files insecurely in the (1) apple2, (2) xanalogtv, and (3) pong screensavers, and allows local users to overwrite arbitrary files via a symlink attack.
15597 CVE-2003-0768 XSS Bypass 2003-09-22 2016-10-17
6.8
User Remote Medium Not required Partial Partial Partial
Microsoft ASP.Net 1.1 allows remote attackers to bypass the Cross-Site Scripting (XSS) and Script Injection protection feature via a null character in the beginning of a tag name.
15598 CVE-2003-0749 XSS 2003-10-20 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in wgate.dll for SAP Internet Transaction Server (ITS) 4620.2.0.323011 allows remote attackers to insert arbitrary web script and steal cookies via the ~service parameter.
15599 CVE-2003-0736 XSS 2003-10-20 2016-10-17
6.8
User Remote Medium Not required Partial Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in phpWebSite 0.9.x and earlier allow remote attackers to execute arbitrary web script via (1) the day parameter in the calendar module, (2) the fatcat_id parameter in the fatcat module, (3) the PAGE_id parameter in the pagemaster module, (4) the PDA_limit parameter in the search, and (5) possibly other parameters in the calendar, fatcat, and pagemaster modules.
15600 CVE-2003-0733 XSS 2003-10-20 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in WebLogic Integration 7.0 and 2.0, Liquid Data 1.1, and WebLogic Server and Express 5.1 through 7.0, allow remote attackers to execute arbitrary web script and steal authentication credentials via (1) a forward instruction to the Servlet container or (2) other vulnerabilities in the WebLogic Server console application.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.