Vulnerabilities > Microsoft
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2003-12-31 | CVE-2003-1454 | Unspecified vulnerability in Invision Power Services Invision Board 1.0/1.0.1/1.1.1 Invision Power Services Invision Board 1.0 through 1.1.1, when a forum is password protected, stores the administrator password in a cookie in plaintext, which could allow remote attackers to gain access. | 5.0 |
| 2003-12-31 | CVE-2003-1448 | Resource Management Errors vulnerability in Microsoft Windows 2000 Memory leak in the Windows 2000 kernel allows remote attackers to cause a denial of service (SMB request hang) via a NetBIOS continuation packet. | 7.8 |
| 2003-12-31 | CVE-2003-1437 | Unspecified vulnerability in BEA Weblogic Server 7.0/7.0.0.1 BEA WebLogic Express and WebLogic Server 7.0 and 7.0.0.1, stores passwords in plaintext when a keystore is used to store a private key or trust certificate authorities, which allows local users to gain access. | 2.1 |
| 2003-12-31 | CVE-2003-1430 | Path Traversal vulnerability in Epic Games Unreal Engine 226F/433/436 Directory traversal vulnerability in Unreal Tournament Server 436 and earlier allows remote attackers to access known files via a ".." (dot dot) in an unreal:// URL. | 5.0 |
| 2003-12-31 | CVE-2003-1423 | Permissions, Privileges, and Access Controls vulnerability in Petitforum Petitforum stores the liste.txt data file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as e-mail addresses and encrypted passwords. | 5.0 |
| 2003-12-31 | CVE-2003-1407 | Buffer Errors vulnerability in Microsoft Windows NT 4.0 Buffer overflow in cmd.exe in Windows NT 4.0 may allow local users to execute arbitrary code via a long pathname argument to the cd command. | 7.2 |
| 2003-12-31 | CVE-2003-1392 | Cryptographic Issues vulnerability in multiple products CryptoBuddy 1.0 and 1.2 does not use the user-supplied passphrase to encrypt data, which could allow local users to use their own passphrase to decrypt the data. | 6.6 |
| 2003-12-31 | CVE-2003-1378 | Permissions, Privileges, and Access Controls vulnerability in Microsoft Outlook and Outlook Express Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077. | 8.8 |
| 2003-12-31 | CVE-2003-1372 | Cross-Site Scripting vulnerability in Myphpnuke 1.8.8 Cross-site scripting (XSS) vulnerability in links.php script in myPHPNuke 1.8.8, and possibly earlier versions, allows remote attackers to inject arbitrary HTML and web script via the (1) ratenum or (2) query parameters. | 4.3 |
| 2003-12-31 | CVE-2003-1357 | Configuration vulnerability in Replicom Proxyview ProxyView has a default administrator password of Administrator for Embedded Windows NT, which allows remote attackers to gain access. | 10.0 |