Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2003-12-31 | CVE-2003-1384 | Cross-Site Scripting vulnerability in PY Software Py-Livredor 1.0 Cross-site scripting (XSS) vulnerability in index.php in PY-Livredor 1.0 allows remote attackers to insert arbitrary web script or HTML via the (1) titre, (2) Votre pseudo, (3) Votre e-mail, or (4) Votre message fields. | 4.3 |
| 2003-12-31 | CVE-2003-1383 | Permissions, Privileges, and Access Controls vulnerability in Logicworks web ERP WEB-ERP 0.1.4 and earlier allows remote attackers to obtain sensitive information via an HTTP request for the logicworks.ini file, which contains the MySQL database username and password. | 7.5 |
| 2003-12-31 | CVE-2003-1382 | Buffer Errors vulnerability in Instantservers Inc. Ismail 1.4.3 Buffer overflow in ISMail 1.4.3 and earlier allow remote attackers to execute arbitrary code via long domain names in (1) MAIL FROM or (2) RCPT TO fields. | 7.5 |
| 2003-12-31 | CVE-2003-1381 | USE of Externally-Controlled Format String vulnerability in Amxmod.Net AMX MOD 0.9.2 Format string vulnerability in AMX 0.9.2 and earlier, a plugin for Valve Software's Half-Life Server, allows remote attackers to execute arbitrary commands via format string specifiers in the amx_say command. | 6.8 |
| 2003-12-31 | CVE-2003-1380 | Path Traversal vulnerability in Bisonftp Server 4 R2 Directory traversal vulnerability in BisonFTP Server 4 release 2 allows remote attackers to (1) list directories above the root via an 'ls @../' command, or (2) list files above the root via a "mget @../FILE" command. | 7.5 |
| 2003-12-31 | CVE-2003-1379 | Information Exposure vulnerability in Point Clark Networks Clarkconnect 1.2 clarkconnectd in ClarkConnect Linux 1.2 allows remote attackers to obtain sensitive information about the server via the characters (1) A, which reveals the date and time, (2) F, (3) M, which reveals 'ifconfig' information, (4) P, which lists the processes, (5) Y, which reveals the snort log files, or (6) b, which reveals /var/log/messages. | 5.0 |
| 2003-12-31 | CVE-2003-1378 | Permissions, Privileges, and Access Controls vulnerability in Microsoft Outlook and Outlook Express Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077. | 8.8 |
| 2003-12-31 | CVE-2003-1377 | Buffer Errors vulnerability in Sircd 0.4.0/0.4.4 Buffer overflow in the reverse DNS lookup of Smart IRC Daemon (SIRCD) 0.4.0 and 0.4.4 allows remote attackers to execute arbitrary code via a client with a long hostname. | 8.3 |
| 2003-12-31 | CVE-2003-1376 | Credentials Management vulnerability in Winzip 8.0 WinZip 8.0 uses weak random number generation for password protected ZIP files, which allows local users to brute force the encryption keys and extract the data from the zip file by guessing the state of the stream coder. | 4.6 |
| 2003-12-31 | CVE-2003-1375 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP Hp-Ux Buffer overflow in wall for HP-UX 10.20 through 11.11 may allow local users to execute arbitrary code by calling wall with a large file as an argument. | 7.2 |