|
347691
|
- |
|
francisco_burzi
|
php-nuke
|
Cross-site scripting (XSS) vulnerability in the Your_Account module for PHP-Nuke 5.0 through 6.0 allows remote attackers to inject arbitrary web script or HTML via the user_avatar parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2003-1400
|
2017-07-29 10:29 |
2003-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347692
|
- |
|
php_board
|
php_board
|
login.php in php-Board 1.0 stores plaintext passwords in $username.txt with insufficient access control under the web document root, which allows remote attackers to obtain sensitive information via …
|
CWE-255
Credentials Management
|
CVE-2003-1401
|
2017-07-29 10:29 |
2003-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347693
|
- |
|
kietu
|
kietu
|
PHP remote file inclusion vulnerability in hit.php for Kietu 2.0 and 2.3 allows remote attackers to execute arbitrary PHP code via the url_hit parameter, a different vulnerability than CVE-2006-5015.
|
CWE-20
Improper Input Validation
|
CVE-2003-1402
|
2017-07-29 10:29 |
2003-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347694
|
- |
|
dotbr
|
botbr
|
foo.php3 in DotBr 0.1 allows remote attackers to obtain sensitive information via a direct request, which calls the phpinfo function.
|
CWE-20
Improper Input Validation
|
CVE-2003-1403
|
2017-07-29 10:29 |
2003-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347695
|
- |
|
dotbr
|
botbr
|
DotBr 0.1 stores config.inc with insufficient access control under the web document root, which allows remote attackers to obtain sensitive information such as SQL usernames and passwords.
|
CWE-200
Information Exposure
|
CVE-2003-1404
|
2017-07-29 10:29 |
2003-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347696
|
- |
|
dotbr
|
botbr
|
DotBr 0.1 allows remote attackers to execute arbitrary shell commands via the cmd parameter to (1) exec.php3 or (2) system.php3.
|
CWE-20
Improper Input Validation
|
CVE-2003-1405
|
2017-07-29 10:29 |
2003-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347697
|
- |
|
adalis_infomatique
|
d_forum
|
PHP remote file inclusion vulnerability in D-Forum 1.00 through 1.11 allows remote attackers to execute arbitrary PHP code via a URL in the (1) my_header parameter to header.php3 or (2) my_footer par…
|
CWE-94
Code Injection
|
CVE-2003-1406
|
2017-07-29 10:29 |
2003-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347698
|
- |
|
microsoft
|
windows_nt
|
Buffer overflow in cmd.exe in Windows NT 4.0 may allow local users to execute arbitrary code via a long pathname argument to the cd command.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2003-1407
|
2017-07-29 10:29 |
2003-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347699
|
- |
|
lotus
|
domino_server
|
Lotus Domino Server 5.0 and 6.0 allows remote attackers to read the source code for files via an HTTP request with a filename with a trailing dot.
|
CWE-200
Information Exposure
|
CVE-2003-1408
|
2017-07-29 10:29 |
2003-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347700
|
- |
|
ej3
|
topo
|
TOPo 1.43 allows remote attackers to obtain sensitive information by sending an HTTP request with an invalid parameter to (1) in.php or (2) out.php, which reveals the path to the TOPo directory in th…
|
CWE-200
Information Exposure
|
CVE-2003-1409
|
2017-07-29 10:29 |
2003-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
