Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2003-12-31 | CVE-2003-1404 | Information Exposure vulnerability in Dotbr Botbr 0.1 DotBr 0.1 stores config.inc with insufficient access control under the web document root, which allows remote attackers to obtain sensitive information such as SQL usernames and passwords. | 7.5 |
| 2003-12-31 | CVE-2003-1403 | Improper Input Validation vulnerability in Dotbr Botbr 0.1 foo.php3 in DotBr 0.1 allows remote attackers to obtain sensitive information via a direct request, which calls the phpinfo function. | 7.5 |
| 2003-12-31 | CVE-2003-1402 | Improper Input Validation vulnerability in Kietu 2.0/2.3 PHP remote file inclusion vulnerability in hit.php for Kietu 2.0 and 2.3 allows remote attackers to execute arbitrary PHP code via the url_hit parameter, a different vulnerability than CVE-2006-5015. | 7.5 |
| 2003-12-31 | CVE-2003-1401 | Credentials Management vulnerability in PHP Board PHP Board 1.0 login.php in php-Board 1.0 stores plaintext passwords in $username.txt with insufficient access control under the web document root, which allows remote attackers to obtain sensitive information via a direct request. | 5.8 |
| 2003-12-31 | CVE-2003-1400 | Cross-Site Scripting vulnerability in Francisco Burzi PHP-Nuke Cross-site scripting (XSS) vulnerability in the Your_Account module for PHP-Nuke 5.0 through 6.0 allows remote attackers to inject arbitrary web script or HTML via the user_avatar parameter. | 4.3 |
| 2003-12-31 | CVE-2003-1399 | Information Disclosure vulnerability in Eject 2.0.10/2.0.11/2.0.12 eject 2.0.10, when installed setuid on systems such as SuSE Linux 7.3, generates different error messages depending on whether a specified file exists or not, which allows local users to obtain sensitive information. local eject | 1.9 |
| 2003-12-31 | CVE-2003-1398 | Information Exposure vulnerability in Cisco IOS Cisco IOS 12.0 through 12.2, when IP routing is disabled, accepts false ICMP redirect messages, which allows remote attackers to cause a denial of service (network routing modification). | 9.3 |
| 2003-12-31 | CVE-2003-1397 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Opera Browser 6.05/7.0/7.01 The PluginContext object of Opera 6.05 and 7.0 allows remote attackers to cause a denial of service (crash) via an HTTP request containing a long string that gets passed to the ShowDocument method. | 4.3 |
| 2003-12-31 | CVE-2003-1396 | Out-of-bounds Write vulnerability in Opera Browser Heap-based buffer overflow in Opera 6.05 through 7.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a filename with a long extension. | 6.8 |
| 2003-12-31 | CVE-2003-1395 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Kazaa Media Desktop 2.0/2.0.2 Buffer overflow in KaZaA Media Desktop 2.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a response to the ad server. | 9.0 |