Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2003-12-31 | CVE-2003-1531 | Cross-Site Scripting vulnerability in Lilikoi Ceilidh Cross-site scripting (XSS) vulnerability in testcgi.exe in Lilikoi Software Ceilidh 2.70 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string. | 4.3 |
| 2003-12-31 | CVE-2003-1529 | Path Traversal vulnerability in Seagull Software Systems J Walk Application Server 3.2C9 Directory traversal vulnerability in Seagull Software Systems J Walk application server 3.2C9, and other versions before 3.3c4, allows remote attackers to read arbitrary files via a ".%252e" (encoded dot dot) in the URL. | 5.0 |
| 2003-12-31 | CVE-2003-1527 | BlackICE Defender 2.9.cap and Server Protection 3.5.cdf, when configured to automatically block attacks, allows remote attackers to block IP addresses and cause a denial of service via spoofed packets. | 4.3 |
| 2003-12-31 | CVE-2003-1526 | Information Exposure vulnerability in Francisco Burzi PHP-Nuke 7.0 PHP-Nuke 7.0 allows remote attackers to obtain the installation path via certain characters such as (1) ", (2) ', or (3) > in the search field, which reveals the path in an error message. | 5.0 |
| 2003-12-31 | CVE-2003-1524 | Permissions, Privileges, and Access Controls vulnerability in Pgpi Pgpdisk 6.0.2I PGPi PGPDisk 6.0.2i does not unmount a PGP partition when the switch user function in Windows XP is used, which could allow local users to access data on another user's PGP partition. | 6.3 |
| 2003-12-31 | CVE-2003-1522 | Cross-Site Scripting vulnerability in Pscs Vpop3 web Mail Server 2.0E/2.0F Cross-site scripting (XSS) vulnerability in PSCS VPOP3 Web Mail server 2.0e and 2.0f allows remote attackers to inject arbitrary web script or HTML via the redirect parameter to the admin/index.html page. | 4.3 |
| 2003-12-31 | CVE-2003-1521 | Unspecified vulnerability in SUN Java Plug-In Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model. | 6.4 |
| 2003-12-31 | CVE-2003-1520 | SQL Injection vulnerability in Fuzzymonkey Myclassifieds 2.11 SQL injection vulnerability in FuzzyMonkey My Classifieds 2.11 allows remote attackers to execute arbitrary SQL commands via the email parameter. | 6.8 |
| 2003-12-31 | CVE-2003-1519 | Cross-Site Scripting vulnerability in Vivisimo Clustering Engine 0 Cross-site scripting (XSS) vulnerability in Vivisimo clustering engine allows remote attackers to inject arbitrary web script or HTML via the query parameter to the search program. | 4.3 |
| 2003-12-31 | CVE-2003-1517 | Information Exposure vulnerability in Dansie Shopping Cart cart.pl in Dansie shopping cart allows remote attackers to obtain the installation path via an invalid db parameter, which leaks the path in an error message. | 5.0 |