Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2003-12-31 | CVE-2003-1312 | Remote Security vulnerability in Netegrity SiteMinder siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder places a session ID string in the value of the SMSESSION parameter in a URL, which might allow remote attackers to obtain the ID by sniffing, reading Referer logs, or other methods. network netegrity | 4.3 |
| 2003-12-31 | CVE-2003-1311 | Remote Security vulnerability in Netegrity SiteMinder siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder does not ensure that the TARGET parameter names a valid redirection resource, which allows remote attackers to construct a URL that might trick users into visiting an arbitrary web site referenced by this parameter. network netegrity | 6.8 |
| 2003-12-31 | CVE-2003-1310 | Unspecified vulnerability in Symantec Norton Antivirus 2002/2003 The DeviceIoControl function in the Norton Device Driver (NAVAP.sys) in Symantec Norton AntiVirus 2002 allows local users to gain privileges by overwriting memory locations via certain control codes (aka "Device Driver Attack"). | 4.6 |
| 2003-12-31 | CVE-2003-1309 | Local Device Driver IO Control Code Execution vulnerability in Zonelabs Zonealarm 3.7.202/3.7.211 The DeviceIoControl function in the TrueVector Device Driver (VSDATANT) in ZoneAlarm before 3.7.211, Pro before 4.0.146.029, and Plus before 4.0.146.029 allows local users to gain privileges via certain signals (aka "Device Driver Attack"). | 10.0 |
| 2003-12-31 | CVE-2003-1308 | Local Security vulnerability in FVWM CRLF injection vulnerability in fvwm-menu-directory for fvwm 2.5.x before 2.5.10 and 2.4.x before 2.4.18 allows local users to execute arbitrary commands via carriage returns in a filename. | 4.6 |
| 2003-12-31 | CVE-2003-1306 | Microsoft URLScan 2.5, with the RemoveServerHeader option enabled, allows remote attackers to obtain sensitive information (server name and version) via an HTTP request that generates certain errors such as 400 "Bad Request," which leak the Server header in the response. | 2.6 |
| 2003-12-31 | CVE-2003-1305 | Microsoft Internet Explorer allows remote attackers to cause a denial of service (resource consumption) via a Javascript src attribute that recursively loads the current web page. network low complexity | 5.0 |
| 2003-12-31 | CVE-2003-1304 | Unspecified vulnerability in Early Impact Productcart EarlyImpact ProductCart 1.0 through 2.0 stores database/EIPC.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive database information via a direct request. | 5.0 |
| 2003-12-31 | CVE-2003-1303 | Denial-Of-Service vulnerability in PHP 4.3.0/4.3.1/4.3.2 Buffer overflow in the imap_fetch_overview function in the IMAP functionality (php_imap.c) in PHP before 4.3.3 allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a long e-mail address in a (1) To or (2) From header. | 5.0 |
| 2003-12-31 | CVE-2003-1302 | Denial-Of-Service vulnerability in PHP The IMAP functionality in PHP before 4.3.1 allows remote attackers to cause a denial of service via an e-mail message with a (1) To or (2) From header with an address that contains a large number of "\" (backslash) characters. | 5.0 |