Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2004-01-05 | CVE-2003-0979 | Remote Security vulnerability in Freescripts Visitorbook LE FreeScripts VisitorBook LE (visitorbook.pl) does not properly escape line breaks in input, which allows remote attackers to (1) use VisitorBook as an open mail relay, when $mailuser is 1, via extra headers in the email field, or (2) cause the guestbook database to be deleted via a large number of line breaks that exceeds the $max_posts variable. | 5.0 |
2004-01-04 | CVE-2004-1786 | Remote User Database Access vulnerability in ASPApp PortalAPP PortalApp places user credentials under the web root with insufficient access control, which allows remote attackers to gain access to sensitive information via a direct request to 8275.mdb. | 5.0 |
2003-12-31 | CVE-2003-1564 | XML Entity Expansion vulnerability in Xmlsoft Libxml2 libxml2, possibly before 2.5.0, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, aka the "billion laughs attack." | 6.5 |
2003-12-31 | CVE-2003-1563 | Denial Of Service vulnerability in Sun Cluster TCP Port Conflict Sun Cluster 2.2 through 3.2 for Oracle Parallel Server / Real Application Clusters (OPS/RAC) allows local users to cause a denial of service (cluster node panic or abort) by launching a daemon listening on a TCP port that would otherwise be used by the Distributed Lock Manager (DLM), possibly involving this daemon responding in a manner that spoofs a cluster reconfiguration. | 4.0 |
2003-12-31 | CVE-2003-1561 | Information Disclosure vulnerability in Opera Opera, probably before 7.50, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data. network opera | 4.3 |
2003-12-31 | CVE-2003-1560 | Information Exposure vulnerability in Netscape Navigator 4 Netscape 4 sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data. | 5.0 |
2003-12-31 | CVE-2003-1559 | Information Exposure vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer 5.22, and other 5 through 6 SP1 versions, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data. | 5.0 |
2003-12-31 | CVE-2003-1558 | Buffer Errors vulnerability in Fefe Fnord 1.6 Buffer overflow in httpd.c of fnord 1.6 allows remote attackers to create a denial of service (crash) and possibly execute arbitrary code via a long CGI request passed to the do_cgi function. | 5.0 |
2003-12-31 | CVE-2003-1556 | Cross-Site Scripting vulnerability in CGI City CC Guestbook Cross-site scripting (XSS) vulnerability in cc_guestbook.pl in CGI City CC GuestBook allows remote attackers to inject arbitrary web script or HTML via the (1) name and (2) homepage_title (webpage title) parameters. | 4.3 |
2003-12-31 | CVE-2003-1555 | Information Exposure vulnerability in Scoznet Scozbook 1.1Beta ScozNet ScozBook 1.1 BETA allows remote attackers to obtain sensitive information via an invalid PG parameter in view.php, which reveals the installation path in an error message. | 5.0 |