Microsoft: >> All Windows Security Vulnerabilities
Directory traversal vulnerability in Unreal Tournament Server 436 and earlier allows remote attackers to access known files via a ".." (dot dot) in an unreal:// URL.
CVSS Score
5.0
EPSS Score
0.024
Published
2003-12-31
Invision Power Services Invision Board 1.0 through 1.1.1, when a forum is password protected, stores the administrator password in a cookie in plaintext, which could allow remote attackers to gain access.
CVSS Score
5.0
EPSS Score
0.003
Published
2003-12-31
Album.pl 6.1 allows remote attackers to execute arbitrary commands, when an alternative configuration file is used, via unknown attack vectors.
CVSS Score
5.0
EPSS Score
0.043
Published
2003-12-31
Absolute path traversal vulnerability in Alt-N Technologies WebAdmin 2.0.0 through 2.0.2 allows remote attackers with administrator privileges to (1) determine the installation path by reading the contents of the Name parameter in a link, and (2) read arbitrary files via an absolute path in the Name parameter.
CVSS Score
3.5
EPSS Score
0.039
Published
2003-12-31
Multiple cross-site scripting (XSS) vulnerabilities in (1) login.php, (2) register.php, (3) post.php, and (4) common.php in Phorum before 3.4.3 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
CVSS Score
4.3
EPSS Score
0.006
Published
2003-12-31
Buffer overflow in 3D-FTP client 4.0 allows remote FTP servers to cause a denial of service (crash) and possibly execute arbitrary code via a long banner.
CVSS Score
5.0
EPSS Score
0.068
Published
2003-12-31
MAILsweeper for SMTP 4.3.6 and 4.3.7 allows remote attackers to cause a denial of service (CPU consumption) via a PowerPoint attachment that either (1) is corrupt or (2) contains "embedded objects."
CVSS Score
7.8
EPSS Score
0.006
Published
2003-12-31
Page 3