Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2003-12-31 | CVE-2003-1280 | File Corruption vulnerability in Eekim Cgihtml 1.69 Directory traversal vulnerability in cgihtml 1.69 allows remote attackers to overwrite and create arbitrary files via a .. | 5.0 |
2003-12-31 | CVE-2003-1279 | S-PLUS 6.0 allows local users to overwrite arbitrary files and possibly elevate privileges via a symlink attack on (1) /tmp/__F8499 by Sqpe, (2) /tmp/PRINT.$$.out by PRINT, (3) /tmp/SUBST$PID.TXT and /tmp/ed.cmds$PID by mustfix.hlinks, (4) /tmp/file.1 and /tmp/file.2 by sas_get, (5) /tmp/file.1 by sas_vars, and (6) /tmp/sgml2html$$tmp /tmp/sgml2html$$tmp1 /tmp/sgml2html$$tmp2 by sglm2html. | 4.6 |
2003-12-31 | CVE-2003-1278 | HTML Injection vulnerability in Infopop Opentopic 2.3.1 Cross-site scripting vulnerability (XSS) in OpenTopic 2.3.1 allows remote attackers to execute arbitrary script as other users and possibly steal authentication information via cookies by injecting arbitrary HTML or script into IMG tags. network infopop | 4.3 |
2003-12-31 | CVE-2003-1277 | Cross-Site Scripting vulnerability in Yabb 1.5.0 Cross-site scripting (XSS) vulnerabilities in Yet Another Bulletin Board (YaBB) 1.5.0 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via cookies by injecting arbitrary HTML or script into (1) news_icon of news_template.php, and (2) threadid and subject of index.html network yabb | 4.3 |
2003-12-31 | CVE-2003-1276 | Local Security vulnerability in Nettelephone 3.5.6 Netfone.exe of NetTelephone 3.5.6 uses weak encryption for user PIN's and stores user account numbers in plaintext in the HKEY_CURRENT_USER\Software\MediaRing.com\SDK\NetTelephone\settings registry key, which could allow local users to gain unauthorized access to NetTelephone accounts. | 4.6 |
2003-12-31 | CVE-2003-1275 | Denial Of Service vulnerability in Microsoft Pocket IE 3.0 Pocket Internet Explorer (PIE) 3.0 allows remote attackers to cause a denial of service (crash) via a Javascript function that uses the object.innerHTML function to recursively call that function. | 5.0 |
2003-12-31 | CVE-2003-1274 | Denial-Of-Service vulnerability in Nullsoft Winamp 3.0 Winamp 3.0 allows remote attackers to cause a denial of service (crash) via .b4s file with a file: argument to the Playstring parameter that contains MS-DOS device names such as aux. | 5.0 |
2003-12-31 | CVE-2003-1273 | Denial Of Service vulnerability in Nullsoft Winamp 3.0 Winamp 3.0 allows remote attackers to cause a denial of service (crash) via a .b4s file with a playlist name that contains some non-English characters, e.g. | 2.1 |
2003-12-31 | CVE-2003-1272 | Buffer Overflow vulnerability in Nullsoft Winamp 3.0 Multiple buffer overflows in Winamp 3.0 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a .b4s file containing (1) a long playlist name or (2) a long path in a file: argument to the Playstring parameter. | 9.3 |
2003-12-31 | CVE-2003-1271 | Cross-Site Scripting vulnerability in AN An-Http 1.41E Cross-site scripting vulnerability (XSS) in AN HTTP 1.41e allows remote attackers to execute arbitrary web script or HTML as other users via a URL containing the script. network an | 4.3 |