Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Total 210374 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2003-1365 1 Perl 1 Cgi Lite 2017-07-28 5.0 MEDIUM N/A
The escape_dangerous_chars function in CGI::Lite 2.0 and earlier does not correctly remove special characters including (1) "\" (backslash), (2) "?", (3) "~" (tilde), (4) "^" (carat), (5) newline, or (6) carriage return, which could allow remote attackers to read or write arbitrary files, or execute arbitrary commands, in shell scripts that rely on CGI::Lite to filter such dangerous inputs.
CVE-2003-1366 1 Openbsd 1 Openbsd 2017-07-28 3.3 LOW N/A
chpass in OpenBSD 2.0 through 3.2 allows local users to read portions of arbitrary files via a hard link attack on a temporary file used to store user database information.
CVE-2003-1367 1 Great Circle Associates 1 Majordomo 2017-07-28 7.8 HIGH N/A
The which_access variable for Majordomo 2.0 through 1.94.4, and possibly earlier versions, is set to "open" by default, which allows remote attackers to identify the email addresses of members of mailing lists via a "which" command.
CVE-2003-1368 1 Electrasoft 1 Ftp Client 2017-07-28 6.4 MEDIUM N/A
Buffer overflow in the 32bit FTP client 9.49.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long FTP server banner.
CVE-2003-1369 1 Save It Software Pty 1 Bytecatcherftp 2017-07-28 6.8 MEDIUM N/A
Buffer overflow in ByteCatcher FTP client 1.04b allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long FTP server banner.
CVE-2003-1370 1 Nuked-klan 1 Nuked-klan 2017-07-28 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Nuked-Klan 1.2b allow remote attackers to inject arbitrary HTML or web script via (1) the Author field in the Guestbook module, (2) the Titre or Pseudo fields in the Forum module, or (3) "La Tribune Libre" in the Shoutbox module.
CVE-2003-1371 1 Nuked-klan 1 Nuked-klan 2017-07-28 4.3 MEDIUM N/A
Nuked-Klan 1.3b, and possibly earlier versions, allows remote attackers to obtain sensitive server information via an op parameter set to phpinfo for the (1) Team, (2) News, or (3) Liens modules.
CVE-2003-1372 4 Linux, Microsoft, Myphpnuke and 1 more 4 Linux Kernel, All Windows, Myphpnuke and 1 more 2017-07-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in links.php script in myPHPNuke 1.8.8, and possibly earlier versions, allows remote attackers to inject arbitrary HTML and web script via the (1) ratenum or (2) query parameters.
CVE-2003-1373 1 Phpbb Group 1 Phpbb 2017-07-28 6.8 MEDIUM N/A
Directory traversal vulnerability in auth.php for PhpBB 1.4.0 through 1.4.4 allows remote attackers to read and include arbitrary files via .. (dot dot) sequences followed by NULL (%00) characters in CGI parameters, as demonstrated using the lang parameter in prefs.php.
CVE-2003-1374 1 Hp 1 Hp-ux 2017-07-28 4.6 MEDIUM N/A
Buffer overflow in disable of HP-UX 11.0 may allow local users to execute arbitrary code via a long argument to the (1) -r or (2)-c options.
CVE-2003-1376 1 Winzip 1 Winzip 2017-07-28 4.6 MEDIUM N/A
WinZip 8.0 uses weak random number generation for password protected ZIP files, which allows local users to brute force the encryption keys and extract the data from the zip file by guessing the state of the stream coder.
CVE-2003-1377 1 Sircd 1 Sircd 2017-07-28 8.3 HIGH N/A
Buffer overflow in the reverse DNS lookup of Smart IRC Daemon (SIRCD) 0.4.0 and 0.4.4 allows remote attackers to execute arbitrary code via a client with a long hostname.
CVE-2003-1378 1 Microsoft 2 Outlook, Outlook Express 2017-07-28 8.8 HIGH N/A
Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077.
CVE-2003-1379 1 Point Clark Networks 1 Clarkconnect 2017-07-28 5.0 MEDIUM N/A
clarkconnectd in ClarkConnect Linux 1.2 allows remote attackers to obtain sensitive information about the server via the characters (1) A, which reveals the date and time, (2) F, (3) M, which reveals 'ifconfig' information, (4) P, which lists the processes, (5) Y, which reveals the snort log files, or (6) b, which reveals /var/log/messages.
CVE-2003-1380 1 Bisonftp 1 Bisonftp Server 4 2017-07-28 7.5 HIGH N/A
Directory traversal vulnerability in BisonFTP Server 4 release 2 allows remote attackers to (1) list directories above the root via an 'ls @../' command, or (2) list files above the root via a "mget @../FILE" command.
CVE-2003-1381 1 Amxmod.net 1 Amx Mod 2017-07-28 6.8 MEDIUM N/A
Format string vulnerability in AMX 0.9.2 and earlier, a plugin for Valve Software's Half-Life Server, allows remote attackers to execute arbitrary commands via format string specifiers in the amx_say command.
CVE-2003-1382 1 Instantservers Inc. 1 Ismail 2017-07-28 7.5 HIGH N/A
Buffer overflow in ISMail 1.4.3 and earlier allow remote attackers to execute arbitrary code via long domain names in (1) MAIL FROM or (2) RCPT TO fields.
CVE-2003-1383 1 Logicworks 1 Web Erp 2017-07-28 7.5 HIGH N/A
WEB-ERP 0.1.4 and earlier allows remote attackers to obtain sensitive information via an HTTP request for the logicworks.ini file, which contains the MySQL database username and password.
CVE-2003-1384 1 Py Software 1 Py-livredor 2017-07-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.php in PY-Livredor 1.0 allows remote attackers to insert arbitrary web script or HTML via the (1) titre, (2) Votre pseudo, (3) Votre e-mail, or (4) Votre message fields.
CVE-2003-1385 1 Invision Power Services 1 Invision Power Board 2017-07-28 6.8 MEDIUM N/A
ipchat.php in Invision Power Board 1.1.1 allows remote attackers to execute arbitrary PHP code, if register_globals is enabled, by modifying the root_path parameter to reference a URL on a remote web server that contains the code.