Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2003-12-31 | CVE-2003-1249 | Unspecified vulnerability in Businessobjects Webintelligence 2.7.1 WebIntelligence 2.7.1 uses guessable user session cookies, which allows remote attackers to hijack sessions. | 7.5 |
2003-12-31 | CVE-2003-1248 | Unspecified vulnerability in Positive Software H-Sphere 2.3Rc3 H-Sphere WebShell 2.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) mode and (2) zipfile parameters in a URL request. | 7.5 |
2003-12-31 | CVE-2003-1247 | Remote Buffer Overrun vulnerability in Positive Software H-Sphere 2.3Rc3 Multiple buffer overflows in H-Sphere WebShell 2.3 allow remote attackers to execute arbitrary code via (1) a long URL content type in CGI::readFile, (2) a long path in diskusage, and (3) a long fname in flist. | 7.5 |
2003-12-31 | CVE-2003-1244 | SQL Injection vulnerability in PHPbb Group PHPbb 2.0.0/2.0.1/2.0.2 SQL injection vulnerability in page_header.php in phpBB 2.0, 2.0.1 and 2.0.2 allows remote attackers to brute force user passwords and possibly gain unauthorized access to forums via the forum_id parameter to index.php. | 7.5 |
2003-12-31 | CVE-2003-1240 | Code Injection vulnerability in Cutephp Cutenews 0.88 PHP remote file inclusion vulnerability in CuteNews 0.88 allows remote attackers to execute arbitrary PHP code via a URL in the cutepath parameter in (1) shownews.php, (2) search.php, or (3) comments.php. | 7.5 |
2003-12-31 | CVE-2003-1228 | Classic Buffer Overflow vulnerability in Mathopd Buffer overflow in the prepare_reply function in request.c for Mathopd 1.2 through 1.5b13, and possibly earlier versions, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via an HTTP request with a long path. | 7.5 |
2003-12-31 | CVE-2003-1227 | Code Injection vulnerability in Gallery Project Gallery 1.4/1.4Pl1 PHP remote file include vulnerability in index.php for Gallery 1.4 and 1.4-pl1, when running on Windows or in Configuration mode on Unix, allows remote attackers to inject arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter, a different vulnerability than CVE-2002-1412. | 7.5 |
2003-12-31 | CVE-2003-1213 | Unspecified vulnerability in Maxwebportal 1.30 The default installation of MaxWebPortal 1.30 stores the portal database under the web document root with insecure access control, which allows remote attackers to obtain sensitive information via a direct request to database/db2000.mdb. | 7.5 |
2003-12-31 | CVE-2003-1212 | MaxWebPortal 1.30 allows remote attackers to perform unauthorized actions by modifying hidden form fields, such as the (1) news, (2) lock, or (3) allmem fields in the 'start new topic' HTML page. | 7.5 |
2003-12-31 | CVE-2003-1210 | Downloads Module SQL Injection vulnerability in PHP-Nuke Multiple SQL injection vulnerabilities in the Downloads module for PHP-Nuke 5.x through 6.5 allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to the getit function or the (2) min parameter to the search function. | 7.5 |