Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2004-12-31 | CVE-2004-2737 | SQL Injection vulnerability in Netsupport DNA Helpdesk 1.01 SQL injection vulnerability in problist.asp in NetSupport DNA HelpDesk 1.01 allows remote attackers to execute arbitrary SQL commands via the where parameter. | 7.5 |
2004-12-31 | CVE-2004-2724 | Improper Authentication vulnerability in Lionmax Software Chat Anywhere 2.72A LionMax Software Chat Anywhere 2.72a allows remote attackers to cause a denial of service (server crash and client CPU consumption) via a username beginning with percent (%) followed by a null character. | 7.1 |
2004-12-31 | CVE-2004-2716 | SQL Injection vulnerability in PHP Heaven PHPmychat 0.14.5 Multiple SQL injection vulnerabilities in usersL.php3 in PHPMyChat 0.14.5 allow remote attackers to execute arbitrary SQL commands via the (1) sortBy, (2) sortOrder, (3) startReg, (4) U, (5) LastCheck , and (6) R parameters. | 7.5 |
2004-12-31 | CVE-2004-2715 | Improper Authentication vulnerability in PHP Heaven PHPmychat 0.14.5 edituser.php3 in PHPMyChat 0.14.5 allow remote attackers to bypass authentication and gain administrative privileges by setting the do_not_login parameter to false. | 7.5 |
2004-12-31 | CVE-2004-2711 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Phrozensmoke Gyach Enhanced Multiple buffer overflows in Gyach Enhanced (Gyach-E) before 1.0.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to "avatar retrieval." | 7.5 |
2004-12-31 | CVE-2004-2710 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Phrozensmoke Gyach Enhanced Multiple buffer overflows in Gyach Enhanced (Gyach-E) before 1.0.3 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to (1) sending certain typing statuses or (2) setting the chat room status bar to the current chat room name. | 7.5 |
2004-12-31 | CVE-2004-2709 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Phrozensmoke Gyach Enhanced Buffer overflow in the strip_html_tags method for Gyach Enhanced (Gyach-E) before 1.0.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via unknown vectors involving HTML tags. | 7.5 |
2004-12-31 | CVE-2004-2707 | Undisclosed vulnerability in GYach Enhanced Multiple unspecified vulnerabilities in Gyach Enhanced (Gyach-E) before 1.0.5 have unknown impact and attack vectors related to "several security flaws," probably related to buffer overflows in HTTP server responses. | 7.5 |
2004-12-31 | CVE-2004-2695 | SQL Injection vulnerability in multiple products SQL injection vulnerability in the Authorize.net callback code (subscriptions/authorize.php) in Jelsoft vBulletin 3.0 through 3.0.3 allows remote attackers to execute arbitrary SQL statements via the x_invoice_num parameter. | 7.5 |
2004-12-31 | CVE-2004-2693 | Permissions, Privileges, and Access Controls vulnerability in HP Hp-Ux 11.00/11.04/11.11 HP-UX B.11.00 and B.11.11 with B6848AB GTK+ Support Libraries installed uses insecure directory permissions, which allows local users to gain privileges via files in /opt/gnome/src/GLib/. | 7.2 |