Vulnerabilities (CVE)

Total 273866 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2003-1436 1 Crossnuke 1 Nukebrowser 2024-11-20 6.8 MEDIUM N/A
PHP remote file inclusion vulnerability in nukebrowser.php in Nukebrowser 2.1 to 2.5 allows remote attackers to execute arbitrary PHP code via the filhead parameter.
CVE-2003-1435 1 Francisco Burzi 1 Php-nuke 2024-11-20 7.5 HIGH N/A
SQL injection vulnerability in PHP-Nuke 5.6 and 6.0 allows remote attackers to execute arbitrary SQL commands via the days parameter to the search module.
CVE-2003-1434 1 Pete Werner 1 Login Ldap 2024-11-20 6.8 MEDIUM N/A
login_ldap 3.1 and 3.2 allows remote attackers to initiate unauthenticated bind requests if (1) bind_anon_dn is on, which allows a bind with no password provided, (2) bind_anon_cred is on, which allows a bind with no DN, or (3) bind_anon is on, which allows a bind with no DN or password.
CVE-2003-1433 1 Epic Games 1 Unreal Engine 2024-11-20 4.3 MEDIUM N/A
Epic Games Unreal Engine 226f through 436 does not validate the challenge key, which allows remote attackers to exhaust the player limit by joining the game multiple times.
CVE-2003-1432 1 Epic Games 2 Unreal Engine, Unreal Tournament 2003 2024-11-20 10.0 HIGH N/A
Epic Games Unreal Engine 226f through 436 allows remote attackers to cause a denial of service (CPU consumption or crash) and possibly execute arbitrary code via (1) a packet with a negative size value, which is treated as a large positive number during memory allocation, or (2) a negative size value in a package file.
CVE-2003-1431 1 Epic Games 1 Unreal Engine 2024-11-20 7.1 HIGH N/A
Buffer overflow in Epic Games Unreal Engine 226f through 436 allows remote attackers to cause a denial of service (crash) via a long host string in the Unreal URL.
CVE-2003-1430 3 Epic Games, Linux, Microsoft 3 Unreal Engine, Linux Kernel, All Windows 2024-11-20 5.0 MEDIUM N/A
Directory traversal vulnerability in Unreal Tournament Server 436 and earlier allows remote attackers to access known files via a ".." (dot dot) in an unreal:// URL.
CVE-2003-1429 1 Proxomitron 1 Proxomitron Naoko 2024-11-20 7.5 HIGH N/A
Buffer overflow in Proxomitron Naoko 4.4 allows remote attackers to execute arbitrary code via a long request.
CVE-2003-1428 2 Bharat Mediratta, Linux 2 Gallery, Linux Kernel 2024-11-20 4.8 MEDIUM N/A
Gallery 1.3.3 creates directories with insecure permissions, which allows local users to read, modify, or delete photos.
CVE-2003-1427 1 Netgear 1 Fm114p 2024-11-20 6.4 MEDIUM N/A
Directory traversal vulnerability in the web configuration interface in Netgear FM114P 1.4 allows remote attackers to read arbitrary files, such as the netgear.cfg configuration file, via a hex-encoded (%2e%2e%2f) ../ (dot dot slash) in the port parameter.
CVE-2003-1426 1 Cpanel 1 Cpanel 2024-11-20 3.3 LOW N/A
Openwebmail in cPanel 5.0, when run using suid Perl, adds the directory in the SCRIPT_FILENAME environment variable to Perl's @INC include array, which allows local users to execute arbitrary code by modifying SCRIPT_FILENAME to reference a directory containing a malicious openwebmail-shared.pl executable.
CVE-2003-1425 1 Cpanel 1 Cpanel 2024-11-20 10.0 HIGH N/A
guestbook.cgi in cPanel 5.0 allows remote attackers to execute arbitrary commands via the template parameter.
CVE-2003-1424 1 Petitforum 1 Petitforum 2024-11-20 6.8 MEDIUM N/A
message.php in Petitforum does not properly authenticate users, which allows remote attackers to impersonate forum users via a modified connect cookie.
CVE-2003-1423 4 Linux, Microsoft, Petitforum and 1 more 4 Linux Kernel, All Windows, Petitforum and 1 more 2024-11-20 5.0 MEDIUM N/A
Petitforum stores the liste.txt data file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as e-mail addresses and encrypted passwords.
CVE-2003-1422 1 Gentoo 1 Syslinux 2024-11-20 10.0 HIGH N/A
Multiple unspecified vulnerabilities in the installer for SYSLINUX 2.01, when running setuid root, allow local users to gain privileges via unknown vectors.
CVE-2003-1421 1 Suckbot 1 Suckbot 2024-11-20 4.3 MEDIUM N/A
Unspecified vulnerability in mod_mysql_logger shared object in SuckBot 0.006 allows remote attackers to cause a denial of service (seg fault) via unknown attack vectors.
CVE-2003-1420 1 Opera 1 Opera Browser 2024-11-20 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Opera 6.0 through 7.0 with automatic redirection disabled allows remote attackers to inject arbitrary web script or HTML via the HTTP Location header.
CVE-2003-1419 1 Netscape 1 Navigator 2024-11-20 4.3 MEDIUM N/A
Netscape 7.0 allows remote attackers to cause a denial of service (crash) via a web page with an invalid regular expression argument to the JavaScript reformatDate function.
CVE-2003-1418 1 Apache 1 Http Server 2024-11-20 4.3 MEDIUM N/A
Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via (1) the ETag header, which reveals the inode number, or (2) multipart MIME boundary, which reveals child process IDs (PID).
CVE-2003-1417 1 Ncipher 1 Support Software 2024-11-20 4.4 MEDIUM N/A
nCipher Support Software 6.00, when using generatekey KeySafe to import keys, does not delete the temporary copies of the key, which may allow local users to gain access to the key by reading the (1) key.pem or (2) key.der files.