CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2003-1423
https://notcve.org/view.php?id=CVE-2003-1423
31 Dec 2003 — Petitforum stores the liste.txt data file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as e-mail addresses and encrypted passwords. • http://securitytracker.com/id?1006117 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 2%CPEs: 5EXPL: 1CVE-2003-1430 – Epic Games Unreal Engine 436 - URL Directory Traversal
https://notcve.org/view.php?id=CVE-2003-1430
31 Dec 2003 — Directory traversal vulnerability in Unreal Tournament Server 436 and earlier allows remote attackers to access known files via a ".." (dot dot) in an unreal:// URL. • https://www.exploit-db.com/exploits/22224 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2003-1454
https://notcve.org/view.php?id=CVE-2003-1454
31 Dec 2003 — Invision Power Services Invision Board 1.0 through 1.1.1, when a forum is password protected, stores the administrator password in a cookie in plaintext, which could allow remote attackers to gain access. • http://securityreason.com/securityalert/3276 •
CVSS: 9.8EPSS: 4%CPEs: 4EXPL: 1CVE-2003-1456 – Mike Bobbitt Album.PL 0.61 - Remote Command Execution
https://notcve.org/view.php?id=CVE-2003-1456
31 Dec 2003 — Album.pl 6.1 allows remote attackers to execute arbitrary commands, when an alternative configuration file is used, via unknown attack vectors. • https://www.exploit-db.com/exploits/22545 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 4%CPEs: 4EXPL: 2CVE-2003-1463 – Alt-N WebAdmin 2.0.x - Remote File Disclosure
https://notcve.org/view.php?id=CVE-2003-1463
31 Dec 2003 — Absolute path traversal vulnerability in Alt-N Technologies WebAdmin 2.0.0 through 2.0.2 allows remote attackers with administrator privileges to (1) determine the installation path by reading the contents of the Name parameter in a link, and (2) read arbitrary files via an absolute path in the Name parameter. • https://www.exploit-db.com/exploits/22542 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2003-1467
https://notcve.org/view.php?id=CVE-2003-1467
31 Dec 2003 — Multiple cross-site scripting (XSS) vulnerabilities in (1) login.php, (2) register.php, (3) post.php, and (4) common.php in Phorum before 3.4.3 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors. • http://securityreason.com/securityalert/3288 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 6%CPEs: 2EXPL: 3CVE-2003-1472 – 3D-FTP Client 4.0 - Buffer Overflow
https://notcve.org/view.php?id=CVE-2003-1472
31 Dec 2003 — Buffer overflow in 3D-FTP client 4.0 allows remote FTP servers to cause a denial of service (crash) and possibly execute arbitrary code via a long banner. • https://www.exploit-db.com/exploits/22551 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2003-1477
https://notcve.org/view.php?id=CVE-2003-1477
31 Dec 2003 — MAILsweeper for SMTP 4.3.6 and 4.3.7 allows remote attackers to cause a denial of service (CPU consumption) via a PowerPoint attachment that either (1) is corrupt or (2) contains "embedded objects." • http://www.clearswift.com/download/bin/Patches/ReadMe_SMTP_438.htm • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •