Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2003-12-31 | CVE-2003-1213 | Unspecified vulnerability in Maxwebportal 1.30 The default installation of MaxWebPortal 1.30 stores the portal database under the web document root with insecure access control, which allows remote attackers to obtain sensitive information via a direct request to database/db2000.mdb. | 7.5 |
| 2003-12-31 | CVE-2003-1212 | MaxWebPortal 1.30 allows remote attackers to perform unauthorized actions by modifying hidden form fields, such as the (1) news, (2) lock, or (3) allmem fields in the 'start new topic' HTML page. | 7.5 |
| 2003-12-31 | CVE-2003-1211 | Cross-site scripting (XSS) vulnerability in search.asp for MaxWebPortal 1.30 and possibly earlier versions allows remote attackers to inject arbitrary web script or HTML via the Search parameter. network maxwebportal | 6.8 |
| 2003-12-31 | CVE-2003-1210 | Downloads Module SQL Injection vulnerability in PHP-Nuke Multiple SQL injection vulnerabilities in the Downloads module for PHP-Nuke 5.x through 6.5 allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to the getit function or the (2) min parameter to the search function. | 7.5 |
| 2003-12-31 | CVE-2003-1209 | Improper Input Validation vulnerability in Monkey-Project Monkey The Post_Method function in Monkey HTTP Daemon before 0.6.2 allows remote attackers to cause a denial of service (crash) via a POST request without a Content-Type header. | 5.0 |
| 2003-12-31 | CVE-2003-1204 | Cross-Site Scripting vulnerability in Mambo Site Server Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site Server 4.0.12 BETA and earlier allow remote attackers to execute script on other clients via (1) the link parameter in sectionswindow.php, the directory parameter in (2) gallery.php, (3) navigation.php, or (4) uploadimage.php, the path parameter in (5) view.php, (6) the choice parameter in upload.php, (7) the sitename parameter in mambosimple.php, (8) the type parameter in upload.php, or the id parameter in (9) emailarticle.php, (10) emailfaq.php, or (11) emailnews.php. network mambo | 6.8 |
| 2003-12-31 | CVE-2003-1180 | Unspecified vulnerability in Advanced Poll Advanced Poll 2.0.0/2.0.1/2.0.2 Directory traversal vulnerability in Advanced Poll 2.0.2 allows remote attackers to read arbitrary files or inject arbitrary local PHP files via .. | 7.5 |
| 2003-12-31 | CVE-2003-1179 | Remote File Include vulnerability in Advanced Poll Common.Inc.PHP Multiple PHP remote file inclusion vulnerabilities in Advanced Poll 2.0.2 allow remote attackers to execute arbitrary PHP code via the include_path parameter in (1) booth.php, (2) png.php, (3) poll_ssi.php, or (4) popup.php, the (5) base_path parameter to common.inc.php. | 7.5 |
| 2003-12-31 | CVE-2003-1178 | Unspecified vulnerability in Advanced Poll Advanced Poll 2.0.0/2.0.1/2.0.2 Eval injection vulnerability in comments.php in Advanced Poll 2.0.2 allows remote attackers to execute arbitrary PHP code via the (1) id, (2) template_set, or (3) action parameter. | 7.5 |
| 2003-12-31 | CVE-2003-1177 | Remote Buffer Overflow vulnerability in Atrium Software Mercur Mailserver IMAP AUTH Buffer overflow in the base64 decoder in MERCUR Mailserver 4.2 before SP3a allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long (1) AUTH command to the POP3 server or (2) AUTHENTICATE command to the IMAP server. | 7.5 |