CVSS: 9.8EPSS: 4%CPEs: 4EXPL: 1CVE-2003-1456 – Mike Bobbitt Album.PL 0.61 - Remote Command Execution
https://notcve.org/view.php?id=CVE-2003-1456
31 Dec 2003 — Album.pl 6.1 allows remote attackers to execute arbitrary commands, when an alternative configuration file is used, via unknown attack vectors. • https://www.exploit-db.com/exploits/22545 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2003-1330
https://notcve.org/view.php?id=CVE-2003-1330
31 Dec 2003 — Clearswift MAILsweeper for SMTP 4.3.6 SP1 does not execute custom "on strip unsuccessful" hooks, which allows remote attackers to bypass e-mail attachment filtering policies via an attachment that MAILsweeper can detect but not remove. • http://www.mimesweeper.com/download/bin/Patches/MAILsweeper_Patches_301_ReadMe.htm •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2003-1454
https://notcve.org/view.php?id=CVE-2003-1454
31 Dec 2003 — Invision Power Services Invision Board 1.0 through 1.1.1, when a forum is password protected, stores the administrator password in a cookie in plaintext, which could allow remote attackers to gain access. • http://securityreason.com/securityalert/3276 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2003-1477
https://notcve.org/view.php?id=CVE-2003-1477
31 Dec 2003 — MAILsweeper for SMTP 4.3.6 and 4.3.7 allows remote attackers to cause a denial of service (CPU consumption) via a PowerPoint attachment that either (1) is corrupt or (2) contains "embedded objects." • http://www.clearswift.com/download/bin/Patches/ReadMe_SMTP_438.htm • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 4%CPEs: 4EXPL: 2CVE-2003-1463 – Alt-N WebAdmin 2.0.x - Remote File Disclosure
https://notcve.org/view.php?id=CVE-2003-1463
31 Dec 2003 — Absolute path traversal vulnerability in Alt-N Technologies WebAdmin 2.0.0 through 2.0.2 allows remote attackers with administrator privileges to (1) determine the installation path by reading the contents of the Name parameter in a link, and (2) read arbitrary files via an absolute path in the Name parameter. • https://www.exploit-db.com/exploits/22542 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2003-1423
https://notcve.org/view.php?id=CVE-2003-1423
31 Dec 2003 — Petitforum stores the liste.txt data file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as e-mail addresses and encrypted passwords. • http://securitytracker.com/id?1006117 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2003-1467
https://notcve.org/view.php?id=CVE-2003-1467
31 Dec 2003 — Multiple cross-site scripting (XSS) vulnerabilities in (1) login.php, (2) register.php, (3) post.php, and (4) common.php in Phorum before 3.4.3 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors. • http://securityreason.com/securityalert/3288 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 6%CPEs: 2EXPL: 3CVE-2003-1472 – 3D-FTP Client 4.0 - Buffer Overflow
https://notcve.org/view.php?id=CVE-2003-1472
31 Dec 2003 — Buffer overflow in 3D-FTP client 4.0 allows remote FTP servers to cause a denial of service (crash) and possibly execute arbitrary code via a long banner. • https://www.exploit-db.com/exploits/22551 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •