Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2003-12-31 | CVE-2003-1354 | Buffer Errors vulnerability in Gamespy3D Gamespy 3D 2.62 Multiple GameSpy 3D 2.62 compatible gaming servers generate very large UDP responses to small requests, which allows remote attackers to use the servers as an amplifier in DDoS attacks with spoofed UDP query packets, as demonstrated using Battlefield 1942. | 5.0 |
| 2003-12-31 | CVE-2003-1353 | Cross-Site Scripting vulnerability in Lanifex Outreach Project Tool 0.946B Multiple cross-site scripting (XSS) vulnerabilities in Outreach Project Tool (OPT) 0.946b allow remote attackers to inject arbitrary web script or HTML, as demonstrated using the news field. | 4.3 |
| 2003-12-31 | CVE-2003-1352 | Configuration vulnerability in Gabber 0.8.7 Gabber 0.8.7 sends an email to a specific address during user login and logout, which allows remote attackers to obtain user session activity and Gabber version number by sniffing. | 5.0 |
| 2003-12-31 | CVE-2003-1351 | Path Traversal vulnerability in Greg Billock Edittag 1.1 Directory traversal vulnerability in edittag.cgi in EditTag 1.1 allows remote attackers to read arbitrary files via a "%2F.." (encoded slash dot dot) in the file parameter. | 5.0 |
| 2003-12-31 | CVE-2003-1350 | Improper Input Validation vulnerability in List Site PRO List Site PRO 2.0 List Site Pro 2.0 allows remote attackers to hijack user accounts by inserting a "|" (pipe), which is used as a field delimiter, into the bannerurl field. | 4.3 |
| 2003-12-31 | CVE-2003-1349 | Path Traversal vulnerability in Thomas Krebs Niteserver Ftpd 1.83 Directory traversal vulnerability in NITE ftp-server (NiteServer) 1.83 allows remote attackers to list arbitrary directories via a "\.." (backslash dot dot) in the CD (CWD) command. | 5.0 |
| 2003-12-31 | CVE-2003-1348 | Cross-Site Scripting vulnerability in Ftls Guestbook 1.1 Cross-site scripting (XSS) vulnerability in guestbook.cgi in ftls.org Guestbook 1.1 allows remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) name, or (3) title field. | 4.3 |
| 2003-12-31 | CVE-2003-1347 | Cross-Site Scripting vulnerability in Geeklog 1.3.7 Multiple cross-site scripting (XSS) vulnerabilities in Geeklog 1.3.7 allow remote attackers to inject arbitrary web script or HTML via the (1) cid parameter to comment.php, (2) uid parameter to profiles.php, (3) uid to users.php, and (4) homepage field. | 4.3 |
| 2003-12-31 | CVE-2003-1345 | Path Traversal vulnerability in Follett Software Webcollection Plus 5.00 Directory traversal vulnerability in s.dll in WebCollection Plus 5.00 allows remote attackers to view arbitrary files in c:\ via a full pathname in the d parameter. | 5.0 |
| 2003-12-31 | CVE-2003-1344 | Cryptographic Issues vulnerability in Trend Micro Virus Control System Trend Micro Virus Control System (TVCS) Log Collector allows remote attackers to obtain usernames, encrypted passwords, and other sensitive information via a URL request for getservers.exe with the action parameter set to "selects1", which returns log files. | 5.0 |