Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2003-12-31 | CVE-2003-1320 | Resource Management Errors vulnerability in Sonicwall Firmware SonicWALL firmware before 6.4.0.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted Internet Key Exchange (IKE) response packets, possibly including (1) a large Security Parameter Index (SPI) field, (2) a large number of payloads, or (3) a long payload. | 5.1 |
| 2003-12-31 | CVE-2003-1317 | Cross-Site Scripting vulnerability in eNdonesia Mod Parameter Cross-site scripting (XSS) vulnerability in mod.php in eNdonesia 8.2 allows remote attackers to inject arbitrary web script or HTML via the mod parameter. network endonesia | 6.8 |
| 2003-12-31 | CVE-2003-1316 | Path Disclosure vulnerability in eNdonesia Mod Parameter mod.php in eNdonesia 8.2 allows remote attackers to obtain sensitive information via a ' (quote) value in the lng parameter, which reveals the path in an error message. | 5.0 |
| 2003-12-31 | CVE-2003-1312 | Remote Security vulnerability in Netegrity SiteMinder siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder places a session ID string in the value of the SMSESSION parameter in a URL, which might allow remote attackers to obtain the ID by sniffing, reading Referer logs, or other methods. network netegrity | 4.3 |
| 2003-12-31 | CVE-2003-1311 | Remote Security vulnerability in Netegrity SiteMinder siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder does not ensure that the TARGET parameter names a valid redirection resource, which allows remote attackers to construct a URL that might trick users into visiting an arbitrary web site referenced by this parameter. network netegrity | 6.8 |
| 2003-12-31 | CVE-2003-1310 | Unspecified vulnerability in Symantec Norton Antivirus 2002/2003 The DeviceIoControl function in the Norton Device Driver (NAVAP.sys) in Symantec Norton AntiVirus 2002 allows local users to gain privileges by overwriting memory locations via certain control codes (aka "Device Driver Attack"). | 4.6 |
| 2003-12-31 | CVE-2003-1308 | Local Security vulnerability in FVWM CRLF injection vulnerability in fvwm-menu-directory for fvwm 2.5.x before 2.5.10 and 2.4.x before 2.4.18 allows local users to execute arbitrary commands via carriage returns in a filename. | 4.6 |
| 2003-12-31 | CVE-2003-1305 | Microsoft Internet Explorer allows remote attackers to cause a denial of service (resource consumption) via a Javascript src attribute that recursively loads the current web page. network low complexity | 5.0 |
| 2003-12-31 | CVE-2003-1304 | Unspecified vulnerability in Early Impact Productcart EarlyImpact ProductCart 1.0 through 2.0 stores database/EIPC.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive database information via a direct request. | 5.0 |
| 2003-12-31 | CVE-2003-1303 | Denial-Of-Service vulnerability in PHP 4.3.0/4.3.1/4.3.2 Buffer overflow in the imap_fetch_overview function in the IMAP functionality (php_imap.c) in PHP before 4.3.3 allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a long e-mail address in a (1) To or (2) From header. | 5.0 |