U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
There are 164,884 matching records.
Displaying matches 157,521 through 157,540.
Vuln ID Summary CVSS Severity
CVE-2003-1145

Cross-site scripting (XSS) vulnerability in friendmail.php in OpenAutoClassifieds 1.0 allows remote attackers to inject arbitrary web script or HTML via the listing parameter.

Published: November 03, 2003; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2003-1182

Cross-site scripting (XSS) vulnerability in MPM Guestbook 1.2 allows remote attackers to inject arbitrary web script or HTML via the lng parameter.

Published: November 03, 2003; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2003-1184

Multiple cross-site scripting (XSS) vulnerabilities in ThWboard Beta 2.8 and 2.81 allow remote attackers to inject arbitrary web script or HTML via (1) time in board.php, (2) the profile Homepage-Feld, (3) pictures, and (4) other "Diverse XSS Bugs."

Published: November 03, 2003; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2003-1185

Multiple SQL injection vulnerabilities in ThWboard before Beta 2.8.2 allow remote attackers to inject arbitrary SQL commands via various vectors including (1) Admin-Center, (2) Announcements, (3) admin/calendar.php, and (4) showevent.php.

Published: November 03, 2003; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2003-1190

Cross-site scripting (XSS) vulnerability in PHPRecipeBook 1.24 through 2.17 allows remote attackers to inject arbitrary web script or HTML via a recipe.

Published: November 03, 2003; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2003-1192

Stack-based buffer overflow in IA WebMail Server 3.1.0 allows remote attackers to execute arbitrary code via a long GET request.

Published: November 03, 2003; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2003-1193

Multiple SQL injection vulnerabilities in the Portal DB (1) List of Values (LOVs), (2) Forms, (3) Hierarchy, and (4) XML components packages in Oracle Oracle9i Application Server 9.0.2.00 through 3.0.9.8.5 allow remote attackers to execute arbitrary SQL commands via the URL.

Published: November 03, 2003; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2003-1196

SQL injection vulnerability in viewtopic.asp in VieBoard 2.6 allows remote attackers to execute arbitrary SQL commands via the forumid parameter.

Published: November 03, 2003; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2003-1187

Cross-site scripting (XSS) vulnerability in include.php in PHPKIT 1.6.02 and 1.6.03 allows remote attackers to inject arbitrary web script or HTML via the contact_email parameter.

Published: November 02, 2003; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2003-1188

Unichat allows remote attackers to cause a denial of service (crash) by adding extra chat characters (avatars) and logging in to a chat room, as demonstrated using duplicate ACTOR entries in u2res000.rit.

Published: November 02, 2003; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2003-1159

Plug and Play Web Server Proxy 1.0002c allows remote attackers to cause a denial of service (server crash) via an invalid URI in an HTTP GET request to TCP port 8080.

Published: October 31, 2003; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2003-1143

Croteam Serious Sam demo test 2 2.1a, Serious Sam: the First Encounter 1.05, and Serious Sam: the Second Encounter 1.05 allow remote attackers to cause a denial of service (crash or freeze) via a TCP packet with an invalid first parameter.

Published: October 30, 2003; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2003-1160

FlexWATCH Network video server 132 allows remote attackers to bypass authentication and gain administrative privileges via an HTTP request to aindex.htm that contains double leading slashes (//).

Published: October 30, 2003; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2003-1194

Cross-site scripting (XSS) vulnerability in Booby .1 through 0.2.3 allows remote attackers to inject arbitrary web script or HTML via the error message.

Published: October 30, 2003; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2003-1197

Cross-site scripting (XSS) vulnerability in index.php for Ledscripts.com LedForums Beta 1 allows remote attackers to inject arbitrary web script or HTML via the (1) top_message parameter or (2) topic field of a new thread.

Published: October 30, 2003; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2003-1186

Buffer overflow in TelCondex SimpleWebServer 2.12.30210 Build3285 allows remote attackers to execute arbitrary code via a long HTTP Referer header.

Published: October 29, 2003; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2003-1189

Unknown vulnerability in Nokia IPSO 3.7, configured as IP Clusters, allows remote attackers to cause a denial of service via unknown attack vectors.

Published: October 29, 2003; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2003-1191

chatbox.php in e107 0.554 and 0.603 allows remote attackers to cause a denial of service (pages fail to load) via HTML in the Name field, which prevents the main.php form from being loaded.

Published: October 29, 2003; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2003-1151

Cross-site scripting (XSS) vulnerability in Fastream NETFile Server 6.0.3.588 allows remote attackers to inject arbitrary web script or HTML via the URL, which is displayed on a "404 Not Found" error page.

Published: October 28, 2003; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2003-1183

The WebCache component in Oracle Files 9.0.3.1.0, 9.0.3.2.0, and 9.0.3.3.0 of Oracle Collaboration Suite Release 1 caches files despite the cacheability rules imposed by Oracle Files, which allows local users to gain access.

Published: October 28, 2003; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 4.6 MEDIUM