Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2003-12-31 | CVE-2003-1418 | Information Exposure vulnerability in Apache Http Server Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child process IDs (PID). | 4.3 |
| 2003-12-31 | CVE-2003-1417 | Credentials Management vulnerability in Ncipher Support Software 6.00 nCipher Support Software 6.00, when using generatekey KeySafe to import keys, does not delete the temporary copies of the key, which may allow local users to gain access to the key by reading the (1) key.pem or (2) key.der files. | 4.4 |
| 2003-12-31 | CVE-2003-1416 | Improper Input Validation vulnerability in Bisonftp Server 4 R2 BisonFTP Server 4 release 2 allows remote attackers to cause a denial of service (CPU consumption) via a long (1) ls or (2) cwd command. | 4.3 |
| 2003-12-31 | CVE-2003-1415 | Buffer Errors vulnerability in Visual Mining Netcharts Xbrl Server 4.0.0 NetCharts XBRL Server 4.0.0 allows remote attackers to obtain sensitive information via an HTTP request with an invalid chunked transfer encoding specification. | 6.8 |
| 2003-12-31 | CVE-2003-1414 | Path Traversal vulnerability in Apple products Directory traversal vulnerability in parse_xml.cg Apple Darwin Streaming Server 4.1.2 and Apple Quicktime Streaming Server 4.1.1 allows remote attackers to read arbitrary files via a ... | 4.3 |
| 2003-12-31 | CVE-2003-1413 | Path Traversal vulnerability in Apple products parse_xml.cgi in Apple Darwin Streaming Server 4.1.1 allows remote attackers to determine the existence of arbitrary files by using ".." sequences in the filename parameter and comparing the resulting error messages. | 4.3 |
| 2003-12-31 | CVE-2003-1412 | Code Injection vulnerability in Gonicus System Administration 1.0 PHP remote file inclusion vulnerability in index.php for GONiCUS System Administrator (GOsa) 1.0 allows remote attackers to execute arbitrary PHP code via the plugin parameter to (1) 3fax/1blocklists/index.php; (2) 6departamentadmin/index.php, (3) 5terminals/index.php, (4) 4mailinglists/index.php, (5) 3departaments/index.php, and (6) 2groupd/index.php in 2administration/; or (7) the base parameter to include/help.php. | 6.8 |
| 2003-12-31 | CVE-2003-1411 | Code Injection vulnerability in Isoca Cedric Email Reader 0.4 PHP remote file inclusion vulnerability in emailreader_execute_on_each_page.inc.php in Cedric Email Reader 0.4 allows remote attackers to execute arbitrary PHP code via the emailreader_ini parameter. | 6.8 |
| 2003-12-31 | CVE-2003-1410 | Code Injection vulnerability in Isoca Cedric Email Reader 0.2/0.3 PHP remote file inclusion vulnerability in email.php (aka email.php3) in Cedric Email Reader 0.2 and 0.3 allows remote attackers to execute arbitrary PHP code via the cer_skin parameter. | 6.8 |
| 2003-12-31 | CVE-2003-1409 | Information Exposure vulnerability in EJ3 Topo 1.43 TOPo 1.43 allows remote attackers to obtain sensitive information by sending an HTTP request with an invalid parameter to (1) in.php or (2) out.php, which reveals the path to the TOPo directory in the error message. | 5.0 |