CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
16401 CVE-2003-1368 119 DoS Exec Code Overflow 2003-12-31 2017-07-28
6.4
None Remote Low Not required None Partial Partial
Buffer overflow in the 32bit FTP client 9.49.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long FTP server banner.
16402 CVE-2003-1363 2003-12-31 2008-09-05
6.4
None Remote Low Not required Partial Partial None
The remote web management interface of Aprelium Technologies Abyss Web Server 1.1.2 and earlier does not log connection attempts to the web management port (9999), which allows remote attackers to mount brute force attacks on the administration console without detection.
16403 CVE-2003-1340 89 Exec Code Sql 2003-12-31 2018-10-19
6.5
None Remote Low Single system Partial Partial Partial
Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 5.6 and 6.5 allow remote authenticated users to execute arbitrary SQL commands via (1) a uid (user) cookie to modules.php; and allow remote attackers to execute arbitrary SQL commands via an aid (admin) cookie to the Web_Links module in a (2) viewlink, (3) MostPopular, or (4) NewLinksDate action, different vectors than CVE-2003-0279.
16404 CVE-2003-1323 2003-12-31 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
Elm ME+ 2.4 before PL109S, when installed setgid mail and the operating system lacks POSIX saved ID support, allows local users to read and modify certain files with the privileges of the mail group via unspecified vectors.
16405 CVE-2003-1317 XSS 2003-12-31 2017-07-28
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in mod.php in eNdonesia 8.2 allows remote attackers to inject arbitrary web script or HTML via the mod parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
16406 CVE-2003-1311 2003-12-31 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder does not ensure that the TARGET parameter names a valid redirection resource, which allows remote attackers to construct a URL that might trick users into visiting an arbitrary web site referenced by this parameter.
16407 CVE-2003-1262 DoS Exec Code Overflow 2003-12-31 2016-10-17
6.4
None Remote Low Not required None Partial Partial
Buffer overflow in the http_fetch function of HTTP Fetcher 1.0.0 and 1.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a URL request via a long (1) host, (2) referer, or (3) userAgent value.
16408 CVE-2003-1256 Exec Code 2003-12-31 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
aff_liste_langue.php in E-theni allows remote attackers to execute arbitrary PHP code by modifying the rep_include parameter to reference a URL on a remote web server that contains para_langue.php.
16409 CVE-2003-1255 2003-12-31 2017-07-10
6.4
None Remote Low Not required Partial Partial None
add_bookmark.php in Active PHP Bookmarks (APB) 1.1.01 allows remote attackers to add arbitrary bookmarks as other users using a modified auth_user_id parameter.
16410 CVE-2003-1230 2003-12-31 2017-07-10
6.4
None Remote Low Not required Partial Partial None
The implementation of SYN cookies (syncookies) in FreeBSD 4.5 through 5.0-RELEASE-p3 uses only 32-bit internal keys when generating syncookies, which makes it easier for remote attackers to conduct brute force ISN guessing attacks and spoof legitimate traffic.
16411 CVE-2003-1211 XSS 2003-12-31 2017-07-10
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in search.asp for MaxWebPortal 1.30 and possibly earlier versions allows remote attackers to inject arbitrary web script or HTML via the Search parameter.
16412 CVE-2003-1204 XSS 2003-12-31 2017-07-10
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site Server 4.0.12 BETA and earlier allow remote attackers to execute script on other clients via (1) the link parameter in sectionswindow.php, the directory parameter in (2) gallery.php, (3) navigation.php, or (4) uploadimage.php, the path parameter in (5) view.php, (6) the choice parameter in upload.php, (7) the sitename parameter in mambosimple.php, (8) the type parameter in upload.php, or the id parameter in (9) emailarticle.php, (10) emailfaq.php, or (11) emailnews.php.
16413 CVE-2003-1199 XSS 2004-03-11 2017-07-10
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in MyProxy 20030629 allows remote attackers to inject arbitrary web script or HTML via the URL.
16414 CVE-2003-1197 XSS 2003-10-30 2017-07-10
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in index.php for Ledscripts.com LedForums Beta 1 allows remote attackers to inject arbitrary web script or HTML via the (1) top_message parameter or (2) topic field of a new thread.
16415 CVE-2003-1194 XSS 2003-10-30 2017-07-10
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in Booby .1 through 0.2.3 allows remote attackers to inject arbitrary web script or HTML via the error message.
16416 CVE-2003-1187 XSS 2003-11-02 2017-07-10
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in include.php in PHPKIT 1.6.02 and 1.6.03 allows remote attackers to inject arbitrary web script or HTML via the contact_email parameter.
16417 CVE-2003-1182 XSS 2003-11-03 2017-07-10
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in MPM Guestbook 1.2 allows remote attackers to inject arbitrary web script or HTML via the lng parameter.
16418 CVE-2003-1176 2003-12-31 2017-07-10
6.4
None Remote Low Not required Partial Partial None
post_message_form.asp in Web Wiz Forums 6.34 through 7.5, when quote mode is used, allows remote attackers to read or write to private forums by modifying the FID (forum ID) parameter.
16419 CVE-2003-1175 XSS 2003-12-31 2017-07-10
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in index.php in Sympoll 1.5 allows remote attackers to inject arbitrary web script or HTML via the vo parameter.
16420 CVE-2003-1146 XSS 2003-05-11 2008-09-05
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in John Beatty Easy PHP Photo Album 1.0 allows remote attackers to inject arbitrary web script or HTML via the dir parameter.
16421 CVE-2003-1145 XSS 2003-11-03 2017-07-10
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in friendmail.php in OpenAutoClassifieds 1.0 allows remote attackers to inject arbitrary web script or HTML via the listing parameter.
16422 CVE-2003-0965 XSS 2004-02-17 2017-10-10
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in the admin CGI script for Mailman before 2.1.4 allows remote attackers to steal session cookies and conduct unauthorized activities.
16423 CVE-2003-0935 2003-12-01 2017-10-10
6.4
None Remote Low Not required Partial Partial None
Net-SNMP before 5.0.9 allows a user or community to access data in MIB objects, even if that data is not allowed to be viewed.
16424 CVE-2003-0904 200 +Info 2004-01-20 2018-10-12
6.0
User Remote Medium Single system Partial Partial Partial
Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. when SharePoint Services 2.0 is installed.
16425 CVE-2003-0885 2003-12-31 2008-09-05
6.4
None Remote Low Not required None Partial Partial
Xscreensaver 4.14 contains certain debugging code that should have been omitted, which causes Xscreensaver to create temporary files insecurely in the (1) apple2, (2) xanalogtv, and (3) pong screensavers, and allows local users to overwrite arbitrary files via a symlink attack.
16426 CVE-2003-0768 XSS Bypass 2003-09-22 2016-10-17
6.8
User Remote Medium Not required Partial Partial Partial
Microsoft ASP.Net 1.1 allows remote attackers to bypass the Cross-Site Scripting (XSS) and Script Injection protection feature via a null character in the beginning of a tag name.
16427 CVE-2003-0749 XSS 2003-10-20 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in wgate.dll for SAP Internet Transaction Server (ITS) 4620.2.0.323011 allows remote attackers to insert arbitrary web script and steal cookies via the ~service parameter.
16428 CVE-2003-0736 XSS 2003-10-20 2016-10-17
6.8
User Remote Medium Not required Partial Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in phpWebSite 0.9.x and earlier allow remote attackers to execute arbitrary web script via (1) the day parameter in the calendar module, (2) the fatcat_id parameter in the fatcat module, (3) the PAGE_id parameter in the pagemaster module, (4) the PDA_limit parameter in the search, and (5) possibly other parameters in the calendar, fatcat, and pagemaster modules.
16429 CVE-2003-0733 XSS 2003-10-20 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in WebLogic Integration 7.0 and 2.0, Liquid Data 1.1, and WebLogic Server and Express 5.1 through 7.0, allow remote attackers to execute arbitrary web script and steal authentication credentials via (1) a forward instruction to the Servlet container or (2) other vulnerabilities in the WebLogic Server console application.
16430 CVE-2003-0728 2003-10-20 2016-10-17
6.4
None Remote Low Not required Partial Partial None
Horde before 2.2.4 allows remote malicious web sites to steal session IDs and read or create arbitrary email by stealing the ID from a referrer URL.
16431 CVE-2003-0712 XSS 2003-11-17 2018-10-12
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in the HTML encoding for the Compose New Message form in Microsoft Exchange Server 5.5 Outlook Web Access (OWA) allows remote attackers to execute arbitrary web script.
16432 CVE-2003-0625 2003-08-27 2016-10-17
6.4
None Remote Low Not required Partial None Partial
Off-by-one error in certain versions of xfstt allows remote attackers to read potentially sensitive memory via a malformed client request in the connection handshake, which leaks the memory in the server's response.
16433 CVE-2003-0602 XSS 2003-08-27 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
Multiple cross-site scripting vulnerabilities (XSS) in Bugzilla 2.16.x before 2.16.3 and 2.17.x before 2.17.4 allow remote attackers to insert arbitrary HTML or web script via (1) multiple default German and Russian HTML templates or (2) ALT and NAME attributes in AREA tags as used by the GraphViz graph generation feature for local dependency graphs.
16434 CVE-2003-0587 XSS 2003-08-18 2016-10-17
6.9
Admin Local Medium Not required Complete Complete Complete
Cross-site scripting (XSS) vulnerability in Infopop Ultimate Bulletin Board (UBB) 6.x allows remote authenticated users to execute arbitrary web script and gain administrative access via the "displayed name" attribute of the "ubber" cookie.
16435 CVE-2003-0526 XSS 2003-08-18 2018-10-12
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to inject arbitrary web script via a URL containing the script in the domain name portion, which is not properly cleansed in the default error pages (1) 500.htm for "500 Internal Server error" or (2) 404.htm for "404 Not Found."
16436 CVE-2003-0524 2003-08-18 2016-10-17
6.2
Admin Local High Not required Complete Complete Complete
Qt in Knoppix 3.1 Live CD allows local users to overwrite arbitrary files via a symlink attack on the qt_plugins_3.0rc temporary file in the .qt directory.
16437 CVE-2003-0523 XSS 2003-08-18 2016-10-17
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in msg.asp for certain versions of ProductCart allow remote attackers to execute arbitrary web script via the message parameter.
16438 CVE-2003-0521 +Priv XSS 2003-08-18 2016-10-17
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in cPanel 6.4.2 allows remote attackers to insert arbitrary HTML and possibly gain cPanel administrator privileges via script in a URL that is logged but not properly quoted when displayed via the (1) Error Log or (2) Latest Visitors screens.
16439 CVE-2003-0492 XSS 2003-08-07 2017-07-10
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in search.asp for Snitz Forums 3.4.03 and earlier allows remote attackers to execute arbitrary web script via the Search parameter.
16440 CVE-2003-0484 XSS 2003-08-07 2016-10-17
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in viewtopic.php for phpBB allows remote attackers to insert arbitrary web script via the topic_id parameter.
16441 CVE-2003-0483 XSS 2003-08-07 2016-10-17
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerabilities in XMB Forum 1.8 Partagium allow remote attackers to insert arbitrary script via (1) the member parameter to member.php or (2) the action parameter to buddy.php.
16442 CVE-2003-0416 XSS 2003-06-30 2016-10-17
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in index.cgi for Bandmin 1.4 allows remote attackers to insert arbitrary HTML or script via (1) the year parameter in a showmonth action, (2) the month parameter in a showmonth action, or (3) the host parameter in a showhost action.
16443 CVE-2003-0413 XSS 2003-06-30 2016-10-17
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in the webapps-simple sample application for (1) Sun ONE Application Server 7.0 for Windows 2000/XP or (2) Sun Java System Web Server 6.1 allows remote attackers to insert arbitrary web script or HTML via an HTTP request that generates an "Invalid JSP file" error, which inserts the text in the resulting error message.
16444 CVE-2003-0399 2003-07-02 2016-10-17
6.4
None Remote Low Not required Partial Partial None
Vignette StoryServer 4 and 5, Vignette V/5, and possibly other versions allows remote attackers to perform unauthorized SELECT queries by setting the vgn_creds cookie to an arbitrary value and directly accessing the save template.
16445 CVE-2003-0392 Dir. Trav. 2003-07-02 2016-10-17
6.4
None Remote Low Not required None Partial Partial
Directory traversal vulnerability in ST FTP Service 3.0 allows remote attackers to list arbitrary directories via a CD command with a DoS drive letter argument (e.g. E:).
16446 CVE-2003-0348 2003-07-24 2018-10-12
6.4
None Remote Low Not required Partial Partial None
A certain Microsoft Windows Media Player 9 Series ActiveX control allows remote attackers to view and manipulate the Media Library on the local system via HTML script.
16447 CVE-2003-0341 XSS 2003-05-21 2016-10-17
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in Owl Intranet Engine 0.71 and earlier allows remote attackers to insert arbitrary script via the Search field.
16448 CVE-2003-0314 DoS 2003-06-16 2016-10-17
6.4
None Remote Low Not required Partial None Partial
Snowblind Web Server 1.0 allows remote attackers to cause a denial of service (crash) via a URL that ends in a "</" sequence.
16449 CVE-2003-0313 Dir. Trav. 2003-06-16 2016-10-17
6.4
None Remote Low Not required Partial None Partial
Directory traversal vulnerability in Snowblind Web Server 1.0 allows remote attackers to list arbitrary directory contents via a ... (triple dot) in an HTTP request.
16450 CVE-2003-0312 Dir. Trav. 2003-06-16 2016-10-17
6.4
None Remote Low Not required Partial None Partial
Directory traversal vulnerability in Snowblind Web Server 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP request.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.