Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2003-12-31 | CVE-2003-1342 | Resource Management Errors vulnerability in Trend Micro Virus Control System 1.8 Trend Micro Virus Control System (TVCS) 1.8 running with IIS allows remote attackers to cause a denial of service (memory consumption) in IIS via multiple URL requests for ActiveSupport.exe. | 5.0 |
| 2003-12-31 | CVE-2003-1340 | SQL Injection vulnerability in PHPnuke PHP-Nuke 5.6/6.5 Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 5.6 and 6.5 allow remote authenticated users to execute arbitrary SQL commands via (1) a uid (user) cookie to modules.php; and allow remote attackers to execute arbitrary SQL commands via an aid (admin) cookie to the Web_Links module in a (2) viewlink, (3) MostPopular, or (4) NewLinksDate action, different vectors than CVE-2003-0279. | 6.5 |
| 2003-12-31 | CVE-2003-1338 | Unspecified vulnerability in Aprelium Technologies Abyss web Server CRLF injection vulnerability in Aprelium Abyss Web Server 1.1.2 and earlier allows remote attackers to inject arbitrary HTTP headers and possibly conduct HTTP Response Splitting attacks via CRLF sequences in the Location header. network aprelium-technologies | 4.3 |
| 2003-12-31 | CVE-2003-1335 | Path Traversal vulnerability in KAI Blankenhorn Bitfolge Simple and Nice Index File Directory traversal vulnerability in Kai Blankenhorn Bitfolge simple and nice index file (aka snif) before 1.2.5 allows remote attackers to download files from locations above the snif directory. | 5.0 |
| 2003-12-31 | CVE-2003-1334 | Cross-Site Scripting vulnerability in KAI Blankenhorn Bitfolge Simple and Nice Index File Cross-site scripting (XSS) vulnerability in Kai Blankenhorn Bitfolge simple and nice index file (aka snif) before 1.2.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2003-12-31 | CVE-2003-1331 | Buffer Overrun vulnerability in MySQL libmysqlclient Library mysql_real_connect() Stack-based buffer overflow in the mysql_real_connect function in the MySql client library (libmysqlclient) 4.0.13 and earlier allows local users to execute arbitrary code via a long socket name, a different vulnerability than CVE-2001-1453. | 4.0 |
| 2003-12-31 | CVE-2003-1330 | Unspecified vulnerability in Clearswift Limited Mailsweeper 4.3.6Sp1 Clearswift MAILsweeper for SMTP 4.3.6 SP1 does not execute custom "on strip unsuccessful" hooks, which allows remote attackers to bypass e-mail attachment filtering policies via an attachment that MAILsweeper can detect but not remove. | 5.0 |
| 2003-12-31 | CVE-2003-1325 | Denial-Of-Service vulnerability in Half-Life Cstrike Dedicated Server The SV_CheckForDuplicateNames function in Valve Software Half-Life CSTRIKE Dedicated Server 1.1.1.0 and earlier allows remote authenticated users to cause a denial of service (infinite loop and daemon hang) via a certain connection string to UDP port 27015 that represents "absence of player informations," a related issue to CVE-2006-0734. | 5.2 |
| 2003-12-31 | CVE-2003-1324 | Local Security vulnerability in Elmme-Mailer ELM Me+ 2.4 Race condition in the can_open function in Elm ME+ 2.4, when installed setgid mail and the operating system lacks POSIX saved ID support, allows local users to read and modify certain files with the privileges of the mail group. | 4.6 |
| 2003-12-31 | CVE-2003-1323 | Remote Security vulnerability in ELM Development Group ELM 2.4 Elm ME+ 2.4 before PL109S, when installed setgid mail and the operating system lacks POSIX saved ID support, allows local users to read and modify certain files with the privileges of the mail group via unspecified vectors. network elm-development-group | 6.8 |