Vulnerabilities > Linux > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-01-05 | CVE-2003-0984 | Unspecified vulnerability in Linux Kernel Real time clock (RTC) routines in Linux kernel 2.4.23 and earlier do not properly initialize their structures, which could leak kernel data to user space. | 4.6 |
| 2003-12-31 | CVE-2003-1467 | Cross-Site Scripting vulnerability in Phorum Multiple cross-site scripting (XSS) vulnerabilities in (1) login.php, (2) register.php, (3) post.php, and (4) common.php in Phorum before 3.4.3 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | 4.3 |
| 2003-12-31 | CVE-2003-1454 | Unspecified vulnerability in Invision Power Services Invision Board 1.0/1.0.1/1.1.1 Invision Power Services Invision Board 1.0 through 1.1.1, when a forum is password protected, stores the administrator password in a cookie in plaintext, which could allow remote attackers to gain access. | 5.0 |
| 2003-12-31 | CVE-2003-1430 | Path Traversal vulnerability in Epic Games Unreal Engine 226F/433/436 Directory traversal vulnerability in Unreal Tournament Server 436 and earlier allows remote attackers to access known files via a ".." (dot dot) in an unreal:// URL. | 5.0 |
| 2003-12-31 | CVE-2003-1428 | Unspecified vulnerability in Bharat Mediratta Gallery 1.3.3 Gallery 1.3.3 creates directories with insecure permissions, which allows local users to read, modify, or delete photos. | 4.8 |
| 2003-12-31 | CVE-2003-1423 | Permissions, Privileges, and Access Controls vulnerability in Petitforum Petitforum stores the liste.txt data file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as e-mail addresses and encrypted passwords. | 5.0 |
| 2003-12-31 | CVE-2003-1372 | Cross-Site Scripting vulnerability in Myphpnuke 1.8.8 Cross-site scripting (XSS) vulnerability in links.php script in myPHPNuke 1.8.8, and possibly earlier versions, allows remote attackers to inject arbitrary HTML and web script via the (1) ratenum or (2) query parameters. | 4.3 |
| 2003-08-27 | CVE-2003-0619 | Unspecified vulnerability in Linux Kernel Integer signedness error in the decode_fh function of nfs3xdr.c in Linux kernel before 2.4.21 allows remote attackers to cause a denial of service (kernel panic) via a negative size value within XDR data of an NFSv3 procedure call. | 5.0 |
| 2003-08-27 | CVE-2003-0467 | Unspecified vulnerability in Linux Kernel 2.4.20/2.4.21 Unknown vulnerability in ip_nat_sack_adjust of Netfilter in Linux kernels 2.4.20, and some 2.5.x, when CONFIG_IP_NF_NAT_FTP or CONFIG_IP_NF_NAT_IRC is enabled, or the ip_nat_ftp or ip_nat_irc modules are loaded, allows remote attackers to cause a denial of service (crash) in systems using NAT, possibly due to an integer signedness error. | 5.0 |
| 2003-08-27 | CVE-2003-0187 | Unspecified vulnerability in Linux Kernel 2.4.20 The connection tracking core of Netfilter for Linux 2.4.20, with CONFIG_IP_NF_CONNTRACK enabled or the ip_conntrack module loaded, allows remote attackers to cause a denial of service (resource consumption) due to an inconsistency with Linux 2.4.20's support of linked lists, which causes Netfilter to fail to identify connections with an UNCONFIRMED status and use large timeouts. | 5.0 |