Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2003-12-31 | CVE-2003-1230 | The implementation of SYN cookies (syncookies) in FreeBSD 4.5 through 5.0-RELEASE-p3 uses only 32-bit internal keys when generating syncookies, which makes it easier for remote attackers to conduct brute force ISN guessing attacks and spoof legitimate traffic. | 6.4 |
| 2003-12-31 | CVE-2003-1228 | Classic Buffer Overflow vulnerability in Mathopd Buffer overflow in the prepare_reply function in request.c for Mathopd 1.2 through 1.5b13, and possibly earlier versions, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via an HTTP request with a long path. | 7.5 |
| 2003-12-31 | CVE-2003-1227 | Code Injection vulnerability in Gallery Project Gallery 1.4/1.4Pl1 PHP remote file include vulnerability in index.php for Gallery 1.4 and 1.4-pl1, when running on Windows or in Configuration mode on Unix, allows remote attackers to inject arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter, a different vulnerability than CVE-2002-1412. | 7.5 |
| 2003-12-31 | CVE-2003-1226 | Password Storage vulnerability in BEA Weblogic Server 7.0/7.0.0.1 BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores certain secrets concerning password encryption insecurely in config.xml, filerealm.properties, and weblogic-rar.xml, which allows local users to learn those secrets and decrypt passwords. | 2.1 |
| 2003-12-31 | CVE-2003-1225 | Password Storage vulnerability in BEA Weblogic Server 7.0/7.0.0.1 The default CredentialMapper for BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores passwords in cleartext on disk, which allows local users to extract passwords. | 2.1 |
| 2003-12-31 | CVE-2003-1224 | Password Storage vulnerability in BEA Weblogic Server 7.0/7.0.0.1 Weblogic.admin for BEA WebLogic Server and Express 7.0 and 7.0.0.1 displays the JDBCConnectionPoolRuntimeMBean password to the screen in cleartext, which allows attackers to read a user's password by physically observing ("shoulder surfing") the screen. | 2.1 |
| 2003-12-31 | CVE-2003-1223 | Denial of Service and Information Disclosure vulnerability in Multiple BEA WebLogic Server/Express The Node Manager for BEA WebLogic Express and Server 6.1 through 8.1 SP 1 allows remote attackers to cause a denial of service (Node Manager crash) via malformed data to the Node Manager's port, as demonstrated by nmap. | 5.0 |
| 2003-12-31 | CVE-2003-1222 | Denial of Service and Information Disclosure vulnerability in BEA Weblogic Server 8.1 BEA Weblogic Express and Server 8.0 through 8.1 SP 1, when using a foreign Java Message Service (JMS) provider, echoes the password for the foreign provider to the console and stores it in cleartext in config.xml, which could allow attackers to obtain the password. | 5.0 |
| 2003-12-31 | CVE-2003-1221 | Denial of Service and Information Disclosure vulnerability in BEA Weblogic Server 7.0/7.0.0.1/8.1 BEA WebLogic Express and Server 7.0 through 8.1 SP 1, under certain circumstances when a request to use T3 over SSL (t3s) is made to the insecure T3 port, may use a non-SSL connection for the communication, which could allow attackers to sniff sessions. | 5.0 |
| 2003-12-31 | CVE-2003-1220 | Denial of Service and Information Disclosure vulnerability in Multiple BEA WebLogic Server/Express BEA WebLogic Server proxy plugin for BEA Weblogic Express and Server 6.1 through 8.1 SP 1 allows remote attackers to cause a denial of service (proxy plugin crash) via a malformed URL. | 5.0 |