CVE-2003-1456 – Mike Bobbitt Album.PL 0.61 - Remote Command Execution
https://notcve.org/view.php?id=CVE-2003-1456
Album.pl 6.1 allows remote attackers to execute arbitrary commands, when an alternative configuration file is used, via unknown attack vectors. • https://www.exploit-db.com/exploits/22545 http://perl.bobbitt.ca/yabbse/index.php?board=2%3Baction=display%3Bthreadid=720 http://securityreason.com/securityalert/3270 http://www.securityfocus.com/archive/1/319763 http://www.securityfocus.com/bid/7444 https://exchange.xforce.ibmcloud.com/vulnerabilities/11878 • CWE-20: Improper Input Validation •
CVE-2003-1454
https://notcve.org/view.php?id=CVE-2003-1454
Invision Power Services Invision Board 1.0 through 1.1.1, when a forum is password protected, stores the administrator password in a cookie in plaintext, which could allow remote attackers to gain access. • http://securityreason.com/securityalert/3276 http://www.securityfocus.com/archive/1/319747 http://www.securityfocus.com/bid/7440 https://exchange.xforce.ibmcloud.com/vulnerabilities/11871 •
CVE-2003-1423
https://notcve.org/view.php?id=CVE-2003-1423
Petitforum stores the liste.txt data file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as e-mail addresses and encrypted passwords. • http://securitytracker.com/id?1006117 https://exchange.xforce.ibmcloud.com/vulnerabilities/11358 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2003-1467
https://notcve.org/view.php?id=CVE-2003-1467
Multiple cross-site scripting (XSS) vulnerabilities in (1) login.php, (2) register.php, (3) post.php, and (4) common.php in Phorum before 3.4.3 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors. • http://securityreason.com/securityalert/3288 http://www.securityfocus.com/archive/1/321310 http://www.securityfocus.com/bid/7572 http://www.securityfocus.com/bid/7573 http://www.securityfocus.com/bid/7576 http://www.securityfocus.com/bid/7577 http://www.securityfocus.com/bid/7584 https://exchange.xforce.ibmcloud.com/vulnerabilities/12487 https://exchange.xforce.ibmcloud.com/vulnerabilities/12502 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2003-1372 – myPHPNuke 1.8.8 - 'links.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2003-1372
Cross-site scripting (XSS) vulnerability in links.php script in myPHPNuke 1.8.8, and possibly earlier versions, allows remote attackers to inject arbitrary HTML and web script via the (1) ratenum or (2) query parameters. • https://www.exploit-db.com/exploits/22268 http://archives.neohapsis.com/archives/bugtraq/2003-02/0231.html http://secunia.com/advisories/8125 http://www.osvdb.org/3931 http://www.securityfocus.com/bid/6892 https://exchange.xforce.ibmcloud.com/vulnerabilities/11376 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •