Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2004-01-05 | CVE-2003-0977 | CVS server before 1.11.10 may allow attackers to cause the CVS server to create directories and files in the file system root directory via malformed module requests. | 7.5 |
2004-01-05 | CVE-2003-0963 | Unspecified vulnerability in Alexander V. Lukyanov Lftp Buffer overflows in (1) try_netscape_proxy and (2) try_squid_eplf for lftp 2.6.9 and earlier allow remote HTTP servers to execute arbitrary code via long directory names that are processed by the ls or rels commands. | 7.5 |
2004-01-03 | CVE-2004-1785 | SQL Injection vulnerability in Invision Power Board Calendar.PHP SQL injection vulnerability in calendar.php for Invision Power Board 1.3 allows remote attackers to execute arbitrary SQL commands via the m parameter, which sets the $this->chosen_month variable. | 7.5 |
2004-01-03 | CVE-2004-1784 | Buffer Overflow vulnerability in Webcam Corp Webcam Watchdog 1.0/1.1/3.63 Buffer overflow in the web server of Webcam Watchdog 3.63 allows remote attackers to execute arbitrary code via a long HTTP GET request. | 7.5 |
2003-12-31 | CVE-2003-1557 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Spamassassin Off-by-one buffer overflow in spamc of SpamAssassin 2.40 through 2.43, when using BSMTP mode ("-B"), allows remote attackers to execute arbitrary code via email containing headers with leading "." characters. | 7.6 |
2003-12-31 | CVE-2003-1533 | SQL Injection vulnerability in PHPpass 2 SQL injection vulnerability in accesscontrol.php in PhpPass 2 allows remote attackers to execute arbitrary SQL commands via the (1) uid and (2) pwd parameters. | 7.5 |
2003-12-31 | CVE-2003-1532 | SQL Injection vulnerability in Julien Desaunay PHPmyshop 1.00 SQL injection vulnerability in compte.php in PhpMyShop 1.00 allows remote attackers to execute arbitrary SQL commands via the (1) identifiant and (2) password parameters. | 7.5 |
2003-12-31 | CVE-2003-1530 | SQL Injection vulnerability in PHPbb 2.0.3 SQL injection vulnerability in privmsg.php in phpBB 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the mark[] parameter. | 7.5 |
2003-12-31 | CVE-2003-1528 | Link Following vulnerability in Fujitsu Siemens Networker 6.0 nsr_shutdown in Fujitsu Siemens NetWorker 6.0 allows local users to overwrite arbitrary files via a symlink attack on the nsrsh[PID] temporary file. | 7.2 |
2003-12-31 | CVE-2003-1523 | SQL Injection vulnerability in Dbmail 1.0/1.1 SQL injection vulnerability in the IMAP daemon in dbmail 1.1 allows remote attackers to execute arbitrary SQL commands via the (1) login username, (2) mailbox name, and possibly other attack vectors. | 7.5 |