Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2004-01-20 CVE-2004-0030 Inclusion of Functionality from Untrusted Control Sphere vulnerability in PHPgedview 2.61
PHP remote file inclusion vulnerability in (1) functions.php, (2) authentication_index.php, and (3) config_gedcom.php for PHPGEDVIEW 2.61 allows remote attackers to execute arbitrary PHP code by modifying the PGV_BASE_DIRECTORY parameter to reference a URL on a remote web server that contains the code.
network
low complexity
phpgedview CWE-829
critical
9.8
2004-01-05 CVE-2003-1013 NULL Pointer Dereference vulnerability in Ethereal
The Q.931 dissector in Ethereal before 0.10.0, and Tethereal, allows remote attackers to cause a denial of service (crash) via a malformed Q.931, which triggers a null dereference.
network
low complexity
ethereal CWE-476
7.5
2004-01-05 CVE-2003-1000 NULL Pointer Dereference vulnerability in Xchat 2.0.6
xchat 2.0.6 allows remote attackers to cause a denial of service (crash) via a passive DCC request with an invalid ID number, which causes a null dereference.
network
low complexity
xchat CWE-476
7.5
2004-01-05 CVE-2003-0981 Origin Validation Error vulnerability in Freescripts Visitorbook LE
FreeScripts VisitorBook LE (visitorbook.pl) logs the reverse DNS name of a visiting host, which allows remote attackers to spoof the origin of their incoming requests and facilitate cross-site scripting (XSS) attacks.
network
low complexity
freescripts CWE-346
6.1
2003-12-31 CVE-2003-1564 XML Entity Expansion vulnerability in Xmlsoft Libxml2
libxml2, possibly before 2.5.0, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, aka the "billion laughs attack."
network
low complexity
xmlsoft CWE-776
6.5
2003-12-31 CVE-2003-1233 Link Following vulnerability in Pedestalsoftware Integrity Protection Driver 1.3
Pedestal Software Integrity Protection Driver (IPD) 1.3 and earlier allows privileged attackers, such as rootkits, to bypass file access restrictions to the Windows kernel by using the NtCreateSymbolicLinkObject function to create a symbolic link to (1) \Device\PhysicalMemory or (2) to a drive letter using the subst command.
network
low complexity
pedestalsoftware CWE-59
critical
9.8
2003-11-17 CVE-2003-0844 Link Following vulnerability in Schroepl MOD Gzip
mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled.
local
low complexity
schroepl CWE-59
7.1
2003-11-17 CVE-2003-0545 Double Free vulnerability in Openssl 0.9.6/0.9.7
Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding.
network
low complexity
openssl CWE-415
critical
9.8
2003-11-03 CVE-2003-0899 Incorrect Calculation of Buffer Size vulnerability in Acme Thttpd 2.21/2.22/2.23
Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 allows remote attackers to execute arbitrary code via requests that contain '<' or '>' characters, which trigger the overflow when the characters are expanded to "&lt;" and "&gt;" sequences.
network
low complexity
acme CWE-131
critical
9.8
2003-10-07 CVE-2003-0791 Deserialization of Untrusted Data vulnerability in multiple products
The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and earlier allows attackers to execute native methods by modifying the string used as input to the script.thaw JavaScript function, which is then deserialized and executed.
network
low complexity
mozilla sco CWE-502
critical
9.8