LiveActive security incident?Get immediate response
CVE archive

May 2003

Browse CVE records published in May 2003, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 210 matching CVEs · Page 2 of 5.

Unknown · CVSS Not scored

CVE-2003-1204: Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site Server 4.0.12 BETA and earlier allow remo...

Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site Server 4.0.12 BETA and earlier allow remote attackers to execute script on other clients via (1) the link parameter in sectionswindow.php, the directory parameter in (2) gallery.php, (3) navigation.php, or (4) uploadimage.php, the path parameter in (5) view.php, (6) the choice parameter in upload.php, (7) the sitename parameter in mambosimple.php, (8) the type parameter in upload.php, or the id parameter in (9) emailarticle.php, (10) emailfaq.php, or (11) emailnews.php.

Published May 19, 2005 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2003-1148: Multiple PHP remote file inclusion vulnerabilities in J-Pierre DEZELUS Les Visiteurs 2.0.1, as used in phpM...

Multiple PHP remote file inclusion vulnerabilities in J-Pierre DEZELUS Les Visiteurs 2.0.1, as used in phpMyConferences (phpMyConference) 8.0.2 and possibly other products, allow remote attackers to execute arbitrary PHP code via a URL in the lvc_include_dir parameter to (1) config.inc.php or (2) new-visitor.inc.php in common/visiteurs/include/.

Published May 10, 2005 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2003-1133: Rit Research Labs The Bat!

Rit Research Labs The Bat! 1.0.11 through 2.0 creates new accounts with insecure ACLs, which allows local users to read other users' email messages.

Published May 10, 2005 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2003-1041: Internet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified director...

Internet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing ".." (dot dot) sequences and a filename that ends in "::" which is treated as a .chm file even if it does not have a .chm extension. NOTE: this bug may overlap CVE-2004-0475.

Published May 20, 2004 · Updated Aug 8, 2024