Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2003-12-31 | CVE-2003-1250 | Denial Of Service vulnerability in Efficient Networks 5861 DSL Router 5.3.80Firmware Efficient Networks 5861 DSL router, when running firmware 5.3.80 configured to block incoming TCP SYN, packets allows remote attackers to cause a denial of service (crash) via a flood of TCP SYN packets to the WAN interface using a port scanner such as nmap. | 5.0 |
| 2003-12-31 | CVE-2003-1249 | Unspecified vulnerability in Businessobjects Webintelligence 2.7.1 WebIntelligence 2.7.1 uses guessable user session cookies, which allows remote attackers to hijack sessions. | 7.5 |
| 2003-12-31 | CVE-2003-1248 | Unspecified vulnerability in Positive Software H-Sphere 2.3Rc3 H-Sphere WebShell 2.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) mode and (2) zipfile parameters in a URL request. | 7.5 |
| 2003-12-31 | CVE-2003-1247 | Remote Buffer Overrun vulnerability in Positive Software H-Sphere 2.3Rc3 Multiple buffer overflows in H-Sphere WebShell 2.3 allow remote attackers to execute arbitrary code via (1) a long URL content type in CGI::readFile, (2) a long path in diskusage, and (3) a long fname in flist. | 7.5 |
| 2003-12-31 | CVE-2003-1246 | Symbolic Link Bypass vulnerability in Pedestal Software Integrity Protection Driver 1.2/1.3 NtCreateSymbolicLinkObject in ntdll.dll in Integrity Protection Driver (IPD) 1.2 and 1.3 allows local users to create and overwrite arbitrary files via a symlink attack on \winnt\system32\drivers using the subst command. | 2.1 |
| 2003-12-31 | CVE-2003-1245 | index2.php in Mambo 4.0.12 allows remote attackers to gain administrator access via a URL request where session_id is set to the MD5 hash of a session cookie. | 10.0 |
| 2003-12-31 | CVE-2003-1244 | SQL Injection vulnerability in PHPbb Group PHPbb 2.0.0/2.0.1/2.0.2 SQL injection vulnerability in page_header.php in phpBB 2.0, 2.0.1 and 2.0.2 allows remote attackers to brute force user passwords and possibly gain unauthorized access to forums via the forum_id parameter to index.php. | 7.5 |
| 2003-12-31 | CVE-2003-1243 | Cross-Site Scripting vulnerability in Sage Content Management System Cross-site scripting vulnerability (XSS) in Sage 1.0 b3 allows remote attackers to insert arbitrary HTML or web script via the mod parameter. network sage | 4.3 |
| 2003-12-31 | CVE-2003-1242 | Path Disclosure vulnerability in Sage Content Management System Sage 1.0 b3 allows remote attackers to obtain the root web server path via a URL request for a non-existent module, which returns the path in an error message. | 5.0 |
| 2003-12-31 | CVE-2003-1241 | HTML Injection vulnerability in Levcgi.Com Myguestbook 3.0 Cross-site scripting vulnerability (XSS) in (1) admin_index.php, (2) admin_pass.php, (3) admin_modif.php, and (4) admin_suppr.php in MyGuestbook 3.0 allows remote attackers to execute arbitrary PHP code by modifying the location parameter to reference a URL on a remote web server that contains file.php via script injected into the pseudo, email, and message parameters. network levcgi-com | 4.3 |