Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2003-12-31 | CVE-2003-1564 | XML Entity Expansion vulnerability in Xmlsoft Libxml2 libxml2, possibly before 2.5.0, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, aka the "billion laughs attack." | 6.5 |
| 2003-12-31 | CVE-2003-1563 | Denial Of Service vulnerability in Sun Cluster TCP Port Conflict Sun Cluster 2.2 through 3.2 for Oracle Parallel Server / Real Application Clusters (OPS/RAC) allows local users to cause a denial of service (cluster node panic or abort) by launching a daemon listening on a TCP port that would otherwise be used by the Distributed Lock Manager (DLM), possibly involving this daemon responding in a manner that spoofs a cluster reconfiguration. | 4.0 |
| 2003-12-31 | CVE-2003-1561 | Information Disclosure vulnerability in Opera Opera, probably before 7.50, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data. network opera | 4.3 |
| 2003-12-31 | CVE-2003-1560 | Information Exposure vulnerability in Netscape Navigator 4 Netscape 4 sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data. | 5.0 |
| 2003-12-31 | CVE-2003-1559 | Information Exposure vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer 5.22, and other 5 through 6 SP1 versions, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data. | 5.0 |
| 2003-12-31 | CVE-2003-1558 | Buffer Errors vulnerability in Fefe Fnord 1.6 Buffer overflow in httpd.c of fnord 1.6 allows remote attackers to create a denial of service (crash) and possibly execute arbitrary code via a long CGI request passed to the do_cgi function. | 5.0 |
| 2003-12-31 | CVE-2003-1556 | Cross-Site Scripting vulnerability in CGI City CC Guestbook Cross-site scripting (XSS) vulnerability in cc_guestbook.pl in CGI City CC GuestBook allows remote attackers to inject arbitrary web script or HTML via the (1) name and (2) homepage_title (webpage title) parameters. | 4.3 |
| 2003-12-31 | CVE-2003-1555 | Information Exposure vulnerability in Scoznet Scozbook 1.1Beta ScozNet ScozBook 1.1 BETA allows remote attackers to obtain sensitive information via an invalid PG parameter in view.php, which reveals the installation path in an error message. | 5.0 |
| 2003-12-31 | CVE-2003-1554 | Cross-Site Scripting vulnerability in Scoznet Scozbook 1.1Beta Cross-site scripting (XSS) vulnerability in scozbook/add.php in ScozNet ScozBook 1.1 BETA allows remote attackers to inject arbitrary web script or HTML via the (1) username, (2) useremail, (3) aim, (4) msn, (5) sitename and (6) siteaddy variables. | 4.3 |
| 2003-12-31 | CVE-2003-1553 | Information Exposure vulnerability in Sips 0.2.2 Haakon Nilsen Simple Internet Publishing System (SIPS) 0.2.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain password and other user information via a direct request to a user-specific configuration directory. | 4.3 |