Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2003-12-31 | CVE-2003-1240 | Code Injection vulnerability in Cutephp Cutenews 0.88 PHP remote file inclusion vulnerability in CuteNews 0.88 allows remote attackers to execute arbitrary PHP code via a URL in the cutepath parameter in (1) shownews.php, (2) search.php, or (3) comments.php. | 7.5 |
| 2003-12-31 | CVE-2003-1239 | Unspecified vulnerability in Wihphoto 0.86 Directory traversal vulnerability in sendphoto.php in WihPhoto 0.86 allows remote attackers to read arbitrary files via .. | 5.0 |
| 2003-12-31 | CVE-2003-1238 | Cross-Site Scripting vulnerability in Nuked-Klan Cross-site scripting vulnerability (XSS) in Nuked-Klan 1.3 beta and earlier allows remote attackers to steal authentication information via cookies by injecting arbitrary HTML or script into op of the (1) Team, (2) News, and (3) Liens modules. network nuked-klan | 5.8 |
| 2003-12-31 | CVE-2003-1237 | HTML Injection vulnerability in WWWBoard Cross-site scripting vulnerability (XSS) in WWWBoard 2.0A2.1 and earlier allows remote attackers to inject arbitrary HTML or web script via a message post. network matt-wright | 4.3 |
| 2003-12-31 | CVE-2003-1236 | Unspecified vulnerability in Tanne 0.6.17 Multiple format string vulnerabilities in the logger function in netzio.c for Tanne 0.6.17 allows remote attackers to execute arbitrary code via format string specifiers in syslog. | 10.0 |
| 2003-12-31 | CVE-2003-1235 | Information Disclosure vulnerability in BRS WebWeaver BRW WebWeaver 1.03 allows remote attackers to obtain sensitive server environment information via a URL request for testcgi.exe, which lists the values of environment variables and the current working directory. | 5.0 |
| 2003-12-31 | CVE-2003-1234 | Integer Overflow vulnerability in FreeBSD System Call f_count Integer overflow in the f_count counter in FreeBSD before 4.2 through 5.0 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via multiple calls to (1) fpathconf and (2) lseek, which do not properly decrement f_count through a call to fdrop. | 3.6 |
| 2003-12-31 | CVE-2003-1233 | Link Following vulnerability in Pedestalsoftware Integrity Protection Driver 1.3 Pedestal Software Integrity Protection Driver (IPD) 1.3 and earlier allows privileged attackers, such as rootkits, to bypass file access restrictions to the Windows kernel by using the NtCreateSymbolicLinkObject function to create a symbolic link to (1) \Device\PhysicalMemory or (2) to a drive letter using the subst command. | 9.8 |
| 2003-12-31 | CVE-2003-1232 | Local Variable Arbitrary Command Execution vulnerability in GNU Emacs 21.2.1 Emacs 21.2.1 does not prompt or warn the user before executing Lisp code in the local variables section of a text file, which allows user-assisted attackers to execute arbitrary commands, as demonstrated using the mode-name variable. | 5.1 |
| 2003-12-31 | CVE-2003-1231 | Cross-Site Scripting vulnerability in Ecw-Shop 5.01/5.5 Cross-site scripting (XSS) vulnerability in index.php in ECW-Shop 5.5 allows remote attackers to inject arbitrary web script or HTML via the cat parameter. network ecw-shop | 4.3 |