Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2003-12-31 | CVE-2003-1430 | Path Traversal vulnerability in Epic Games Unreal Engine 226F/433/436 Directory traversal vulnerability in Unreal Tournament Server 436 and earlier allows remote attackers to access known files via a ".." (dot dot) in an unreal:// URL. | 5.0 |
| 2003-12-31 | CVE-2003-1428 | Unspecified vulnerability in Bharat Mediratta Gallery 1.3.3 Gallery 1.3.3 creates directories with insecure permissions, which allows local users to read, modify, or delete photos. | 4.8 |
| 2003-12-31 | CVE-2003-1427 | Path Traversal vulnerability in Netgear Fm114P 1.4Betarelease17 Directory traversal vulnerability in the web configuration interface in Netgear FM114P 1.4 allows remote attackers to read arbitrary files, such as the netgear.cfg configuration file, via a hex-encoded (%2e%2e%2f) ../ (dot dot slash) in the port parameter. | 6.4 |
| 2003-12-31 | CVE-2003-1424 | Credentials Management vulnerability in Petitforum message.php in Petitforum does not properly authenticate users, which allows remote attackers to impersonate forum users via a modified connect cookie. | 6.8 |
| 2003-12-31 | CVE-2003-1423 | Permissions, Privileges, and Access Controls vulnerability in Petitforum Petitforum stores the liste.txt data file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as e-mail addresses and encrypted passwords. | 5.0 |
| 2003-12-31 | CVE-2003-1421 | Resource Management Errors vulnerability in Suckbot 0.006 Unspecified vulnerability in mod_mysql_logger shared object in SuckBot 0.006 allows remote attackers to cause a denial of service (seg fault) via unknown attack vectors. | 4.3 |
| 2003-12-31 | CVE-2003-1420 | Cross-site Scripting vulnerability in Opera Browser Cross-site scripting (XSS) vulnerability in Opera 6.0 through 7.0 with automatic redirection disabled allows remote attackers to inject arbitrary web script or HTML via the HTTP Location header. | 4.3 |
| 2003-12-31 | CVE-2003-1419 | Improper Input Validation vulnerability in Netscape Navigator 7.0 Netscape 7.0 allows remote attackers to cause a denial of service (crash) via a web page with an invalid regular expression argument to the JavaScript reformatDate function. | 4.3 |
| 2003-12-31 | CVE-2003-1418 | Information Exposure vulnerability in Apache Http Server Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child process IDs (PID). | 4.3 |
| 2003-12-31 | CVE-2003-1417 | Credentials Management vulnerability in Ncipher Support Software 6.00 nCipher Support Software 6.00, when using generatekey KeySafe to import keys, does not delete the temporary copies of the key, which may allow local users to gain access to the key by reading the (1) key.pem or (2) key.der files. | 4.4 |