CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2003-1380 Directory traversal vulnerability in BisonFTP Server 4 release 2 allows remote attackers to (1) list directories above the root via an 'ls @../' command, or (2) list files above the root via a "mget @... | N/A | NONE | — | 0 |
| CVE-2003-1381 Format string vulnerability in AMX 0.9.2 and earlier, a plugin for Valve Software's Half-Life Server, allows remote attackers to execute arbitrary commands via format string specifiers in the amx_say ... | N/A | NONE | — | 0 |
| CVE-2003-1382 Buffer overflow in ISMail 1.4.3 and earlier allow remote attackers to execute arbitrary code via long domain names in (1) MAIL FROM or (2) RCPT TO fields. | N/A | NONE | — | 0 |
| CVE-2003-1383 WEB-ERP 0.1.4 and earlier allows remote attackers to obtain sensitive information via an HTTP request for the logicworks.ini file, which contains the MySQL database username and password. | N/A | NONE | — | 0 |
| CVE-2003-1384 Cross-site scripting (XSS) vulnerability in index.php in PY-Livredor 1.0 allows remote attackers to insert arbitrary web script or HTML via the (1) titre, (2) Votre pseudo, (3) Votre e-mail, or (4) Vo... | N/A | NONE | — | 0 |
| CVE-2003-1385 ipchat.php in Invision Power Board 1.1.1 allows remote attackers to execute arbitrary PHP code, if register_globals is enabled, by modifying the root_path parameter to reference a URL on a remote web ... | N/A | NONE | — | 0 |
| CVE-2003-1386 AXIS 2400 Video Server 2.00 through 2.33 allows remote attackers to obtain sensitive information via an HTTP request to /support/messages, which displays the server's /var/log/messages file. | N/A | NONE | — | 0 |
| CVE-2003-1387 Buffer overflow in Opera 6.05 and 6.06, and possibly other versions, allows remote attackers to execute arbitrary code via a URL with a long username. | N/A | NONE | — | 0 |
| CVE-2003-1388 Buffer overflow in Opera 7.02 Build 2668 allows remote attackers to crash Opera via a long HTTP request ending in a .ZIP extension. | N/A | NONE | — | 0 |
| CVE-2003-1389 RTS CryptoBuddy 1.2 and earlier truncates long passphrases without warning the user, which may make it easier to conduct certain brute force guessing attacks. | N/A | NONE | — | 0 |
| CVE-2003-1390 RTS CryptoBuddy 1.2 and earlier stores bytes 53 through 55 of a 55-byte passphrase in plaintext, which makes it easier for local users to guess the passphrase. | N/A | NONE | — | 0 |
| CVE-2003-1391 RTS CryptoBuddy 1.0 and 1.2 uses a weak encryption algorithm for the passphrase and generates predictable keys, which makes it easier for attackers to guess the passphrase. | N/A | NONE | — | 0 |
| CVE-2003-1392 CryptoBuddy 1.0 and 1.2 does not use the user-supplied passphrase to encrypt data, which could allow local users to use their own passphrase to decrypt the data. | N/A | NONE | — | 0 |
| CVE-2003-1393 Buffer overflow in Gupta SQLBase 8.1.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long EXECUTE command. | N/A | NONE | — | 0 |
| CVE-2003-1394 CoffeeCup Software Password Wizard 4.0 stores sensitive information such as usernames and passwords in a .apw file under the web document root with insufficient access control, which allows remote att... | N/A | NONE | — | 0 |
| CVE-2003-1395 Buffer overflow in KaZaA Media Desktop 2.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a response to the ad server. | N/A | NONE | — | 0 |
| CVE-2003-1396 Heap-based buffer overflow in Opera 6.05 through 7.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a filename with a long extension. | N/A | NONE | — | 0 |
| CVE-2003-1397 The PluginContext object of Opera 6.05 and 7.0 allows remote attackers to cause a denial of service (crash) via an HTTP request containing a long string that gets passed to the ShowDocument method. | N/A | NONE | — | 0 |
| CVE-2003-1398 Cisco IOS 12.0 through 12.2, when IP routing is disabled, accepts false ICMP redirect messages, which allows remote attackers to cause a denial of service (network routing modification). | N/A | NONE | — | 0 |
| CVE-2003-1399 eject 2.0.10, when installed setuid on systems such as SuSE Linux 7.3, generates different error messages depending on whether a specified file exists or not, which allows local users to obtain sensit... | N/A | NONE | — | 0 |
| CVE-2003-1400 Cross-site scripting (XSS) vulnerability in the Your_Account module for PHP-Nuke 5.0 through 6.0 allows remote attackers to inject arbitrary web script or HTML via the user_avatar parameter. | N/A | NONE | — | 0 |
| CVE-2003-1401 login.php in php-Board 1.0 stores plaintext passwords in $username.txt with insufficient access control under the web document root, which allows remote attackers to obtain sensitive information via a... | N/A | NONE | — | 0 |
| CVE-2003-1402 PHP remote file inclusion vulnerability in hit.php for Kietu 2.0 and 2.3 allows remote attackers to execute arbitrary PHP code via the url_hit parameter, a different vulnerability than CVE-2006-5015. | N/A | NONE | — | 0 |
| CVE-2003-1403 foo.php3 in DotBr 0.1 allows remote attackers to obtain sensitive information via a direct request, which calls the phpinfo function. | N/A | NONE | — | 0 |
| CVE-2003-1404 DotBr 0.1 stores config.inc with insufficient access control under the web document root, which allows remote attackers to obtain sensitive information such as SQL usernames and passwords. | N/A | NONE | — | 0 |
| CVE-2003-1405 DotBr 0.1 allows remote attackers to execute arbitrary shell commands via the cmd parameter to (1) exec.php3 or (2) system.php3. | N/A | NONE | — | 0 |
| CVE-2003-1406 PHP remote file inclusion vulnerability in D-Forum 1.00 through 1.11 allows remote attackers to execute arbitrary PHP code via a URL in the (1) my_header parameter to header.php3 or (2) my_footer para... | N/A | NONE | — | 0 |
| CVE-2003-1407 Buffer overflow in cmd.exe in Windows NT 4.0 may allow local users to execute arbitrary code via a long pathname argument to the cd command. | N/A | NONE | — | 0 |
| CVE-2003-1408 Lotus Domino Server 5.0 and 6.0 allows remote attackers to read the source code for files via an HTTP request with a filename with a trailing dot. | N/A | NONE | — | 0 |
| CVE-2003-1409 TOPo 1.43 allows remote attackers to obtain sensitive information by sending an HTTP request with an invalid parameter to (1) in.php or (2) out.php, which reveals the path to the TOPo directory in the... | N/A | NONE | — | 0 |
| CVE-2003-1410 PHP remote file inclusion vulnerability in email.php (aka email.php3) in Cedric Email Reader 0.2 and 0.3 allows remote attackers to execute arbitrary PHP code via the cer_skin parameter. | N/A | NONE | — | 0 |
| CVE-2003-1411 PHP remote file inclusion vulnerability in emailreader_execute_on_each_page.inc.php in Cedric Email Reader 0.4 allows remote attackers to execute arbitrary PHP code via the emailreader_ini parameter. | N/A | NONE | — | 0 |
| CVE-2003-1412 PHP remote file inclusion vulnerability in index.php for GONiCUS System Administrator (GOsa) 1.0 allows remote attackers to execute arbitrary PHP code via the plugin parameter to (1) 3fax/1blocklists/... | N/A | NONE | — | 0 |
| CVE-2003-1413 parse_xml.cgi in Apple Darwin Streaming Server 4.1.1 allows remote attackers to determine the existence of arbitrary files by using ".." sequences in the filename parameter and comparing the resulting... | N/A | NONE | — | 0 |
| CVE-2003-1414 Directory traversal vulnerability in parse_xml.cg Apple Darwin Streaming Server 4.1.2 and Apple Quicktime Streaming Server 4.1.1 allows remote attackers to read arbitrary files via a ... (triple dot) ... | N/A | NONE | — | 0 |
| CVE-2003-1415 NetCharts XBRL Server 4.0.0 allows remote attackers to obtain sensitive information via an HTTP request with an invalid chunked transfer encoding specification. | N/A | NONE | — | 0 |
| CVE-2003-1416 BisonFTP Server 4 release 2 allows remote attackers to cause a denial of service (CPU consumption) via a long (1) ls or (2) cwd command. | N/A | NONE | — | 0 |
| CVE-2003-1417 nCipher Support Software 6.00, when using generatekey KeySafe to import keys, does not delete the temporary copies of the key, which may allow local users to gain access to the key by reading the (1) ... | N/A | NONE | — | 0 |
| CVE-2003-1418 Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, whi... | N/A | NONE | — | 0 |
| CVE-2003-1419 Netscape 7.0 allows remote attackers to cause a denial of service (crash) via a web page with an invalid regular expression argument to the JavaScript reformatDate function. | N/A | NONE | — | 0 |
| CVE-2003-1420 Cross-site scripting (XSS) vulnerability in Opera 6.0 through 7.0 with automatic redirection disabled allows remote attackers to inject arbitrary web script or HTML via the HTTP Location header. | N/A | NONE | — | 0 |
| CVE-2003-1421 Unspecified vulnerability in mod_mysql_logger shared object in SuckBot 0.006 allows remote attackers to cause a denial of service (seg fault) via unknown attack vectors. | N/A | NONE | — | 0 |
| CVE-2003-1422 Multiple unspecified vulnerabilities in the installer for SYSLINUX 2.01, when running setuid root, allow local users to gain privileges via unknown vectors. | N/A | NONE | — | 0 |
| CVE-2003-1423 Petitforum stores the liste.txt data file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as e-mail addresses and encry... | N/A | NONE | — | 0 |
| CVE-2003-1424 message.php in Petitforum does not properly authenticate users, which allows remote attackers to impersonate forum users via a modified connect cookie. | N/A | NONE | — | 0 |
| CVE-2003-1425 guestbook.cgi in cPanel 5.0 allows remote attackers to execute arbitrary commands via the template parameter. | N/A | NONE | — | 0 |
| CVE-2003-1426 Openwebmail in cPanel 5.0, when run using suid Perl, adds the directory in the SCRIPT_FILENAME environment variable to Perl's @INC include array, which allows local users to execute arbitrary code by ... | N/A | NONE | — | 0 |
| CVE-2003-1427 Directory traversal vulnerability in the web configuration interface in Netgear FM114P 1.4 allows remote attackers to read arbitrary files, such as the netgear.cfg configuration file, via a hex-encode... | N/A | NONE | — | 0 |
| CVE-2003-1428 Gallery 1.3.3 creates directories with insecure permissions, which allows local users to read, modify, or delete photos. | N/A | NONE | — | 0 |
| CVE-2003-1429 Buffer overflow in Proxomitron Naoko 4.4 allows remote attackers to execute arbitrary code via a long request. | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.