Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2003-12-31 | CVE-2003-1467 | Cross-Site Scripting vulnerability in Phorum Multiple cross-site scripting (XSS) vulnerabilities in (1) login.php, (2) register.php, (3) post.php, and (4) common.php in Phorum before 3.4.3 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | 4.3 |
| 2003-12-31 | CVE-2003-1465 | Path Traversal vulnerability in Phorum 3.4/3.4.1/3.4.2 Directory traversal vulnerability in download.php in Phorum 3.4 through 3.4.2 allows remote attackers to read arbitrary files. | 5.0 |
| 2003-12-31 | CVE-2003-1462 | Denial of Service vulnerability in Mod_Survey SYSBASE Disk Resource Consumption mod_survey 3.0.0 through 3.0.15-pre6 does not check whether a survey exists before creating a subdirectory for it, which allows remote attackers to cause a denial of service (disk consumption and possible crash). | 5.0 |
| 2003-12-31 | CVE-2003-1459 | Code Injection vulnerability in Ttcms and Ttforum Multiple PHP remote file inclusion vulnerabilities in ttCMS 2.2 and ttForum allow remote attackers to execute arbitrary PHP code via the (1) template parameter in News.php or (2) installdir parameter in install.php. | 6.8 |
| 2003-12-31 | CVE-2003-1457 | Configuration vulnerability in Auerswald Comsuite CTI Controlcenter 3.1 Auerswald COMsuite CTI ControlCenter 3.1 creates a default "runasositron" user account with an easily guessable password, which allows local users or remote attackers to gain access. | 4.6 |
| 2003-12-31 | CVE-2003-1454 | Unspecified vulnerability in Invision Power Services Invision Board 1.0/1.0.1/1.1.1 Invision Power Services Invision Board 1.0 through 1.1.1, when a forum is password protected, stores the administrator password in a cookie in plaintext, which could allow remote attackers to gain access. | 5.0 |
| 2003-12-31 | CVE-2003-1453 | Cross-Site Scripting vulnerability in Xoops Cross-site scripting (XSS) vulnerability in the MytextSanitizer function in XOOPS 1.3.5 through 1.3.9 and XOOPS 2.0 through 2.0.1 allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in an IMG tag. | 4.3 |
| 2003-12-31 | CVE-2003-1451 | Buffer Errors vulnerability in Symantec Norton Antivirus 2002 Buffer overflow in Symantec Norton AntiVirus 2002 allows remote attackers to execute arbitrary code via an e-mail attachment with a compressed ZIP file that contains a file with a long filename. | 6.4 |
| 2003-12-31 | CVE-2003-1450 | Improper Input Validation vulnerability in Bitchx BitchX 75p3 and 1.0c16 through 1.0c20cvs allows remote attackers to cause a denial of service (segmentation fault) via a malformed RPL_NAMREPLY numeric 353 message. | 5.0 |
| 2003-12-31 | CVE-2003-1446 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Rogue 5.22/985.0 Buffer overflow in the save_into_file function in save.c for Rogue 5.2-2 allows local users to execute arbitrary code with games group privileges by setting a long HOME environment variable and invoking the save game function with a ~ (tilde). | 4.9 |