Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2003-12-31 | CVE-2003-1290 | Remote Information Disclosure vulnerability in BEA WebLogic Server and WebLogic Express MBean BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, with RMI and anonymous admin lookup enabled, allows remote attackers to obtain configuration information by accessing MBeanHome via the Java Naming and Directory Interface (JNDI). | 5.0 |
| 2003-12-31 | CVE-2003-1289 | Local Security vulnerability in BSD IBCS2 The iBCS2 system call translator for statfs in NetBSD 1.5 through 1.5.3 and FreeBSD 4 up to 4.8-RELEASE-p2 and 5 up to 5.1-RELEASE-p1 allows local users to read portions of kernel memory (memory disclosure) via a large length parameter, which copies additional kernel memory into userland memory. | 2.1 |
| 2003-12-31 | CVE-2003-1288 | Denial-Of-Service vulnerability in Vserver Linux-Vserver 1.22 Multiple race conditions in Linux-VServer 1.22 with Linux kernel 2.4.23 and SMP allow local users to cause a denial of service (kernel oops) via unknown attack vectors related to the (1) s_info and (2) ip_info data structures and the (a) forget_original_parent, (b) goodness, (c) schedule, (d) update_process_times, and (e) vc_new_s_context functions. | 5.0 |
| 2003-12-31 | CVE-2003-1287 | Denial-Of-Service vulnerability in Server Sambar Server before 6.0 beta 3 allows attackers with physical access to execute arbitrary code via a request with an MS-DOS device name such as com1.pl, con.pl, or aux.pl, which causes Perl to read the code from the associated device. | 4.6 |
| 2003-12-31 | CVE-2003-1286 | Open Proxy Authentication Bypass vulnerability in Sambar HTTP Proxy in Sambar Server before 6.0 beta 6, when security.ini lacks a 127.0.0.1 proxydeny entry, allows remote attackers to send proxy HTTP requests to the Sambar Server's administrative interface and external web servers, by making a "Connection: keep-alive" request before the proxy requests. | 7.5 |
| 2003-12-31 | CVE-2003-1285 | Unspecified vulnerability in Sambar Server Multiple cross-site scripting (XSS) vulnerabilities in Sambar Server before 6.0 beta 6 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) isapi/testisa.dll, (2) testcgi.exe, (3) environ.pl, (4) the query parameter to samples/search.dll, (5) the price parameter to mortgage.pl, (6) the query string in dumpenv.pl, (7) the query string to dumpenv.pl, and (8) the E-Mail field of the guestbook script (book.pl). network sambar | 4.3 |
| 2003-12-31 | CVE-2003-1284 | Information Disclosure vulnerability in Sambar Server Sambar Server before 6.0 beta 6 allows remote attackers to obtain sensitive information via direct requests to the default scripts (1) environ.pl and (2) testcgi.exe. | 5.0 |
| 2003-12-31 | CVE-2003-1283 | Local Zone vulnerability in Kazaa Media Desktop 2.0 KaZaA Media Desktop (KMD) 2.0 launches advertisements in the Internet Explorer (IE) local security zone, which could allow remote attackers to view local files and possibly execute arbitrary code. | 7.5 |
| 2003-12-31 | CVE-2003-1282 | Information Disclosure vulnerability in IBM Net.Data IBM Net.Data allows remote attackers to obtain sensitive information such as path names, server names and possibly user names and passwords by causing the (1) $(DTW_CURRENT_FILENAME), (2) $(DATABASE), (3) $(LOGIN), (4) $(PASSWORD), and possibly other predefined variables that can be echoed back to the user via a web form. | 5.0 |
| 2003-12-31 | CVE-2003-1281 | Unspecified vulnerability in Eekim Cgihtml 1.69 cgihtml 1.69 allows local users to overwrite arbitrary files via a symlink attack on certain temporary files. | 2.1 |