Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-12-31 | CVE-2004-2668 | SQL-Injection vulnerability in Interchange SQL injection vulnerability in Interchange before 4.8.9 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | 7.5 |
| 2004-12-31 | CVE-2004-2663 | Unspecified vulnerability in IBM Egatherer 2.0.0.16 The (1) SetDebugging and (2) RunEgatherer methods in IBM Access Support eGatherer ActiveX control 2.0.0.16 allow remote attackers to create files with arbitrary content, as demonstrated by creating a .hta file in a Startup folder. | 7.5 |
| 2004-12-31 | CVE-2004-2653 | Remote Security vulnerability in Megabbs 2.0/2.1 Unspecified vulnerability in PD9 Software MegaBBS 2.0 and 2.1 allows attackers to gain privileges via unknown vectors involving (1) admin/userlevelmembers-edit.asp and (2) admin/edit-groups.asp. | 7.5 |
| 2004-12-31 | CVE-2004-2652 | Remote Denial Of Service vulnerability in Snort DecodeTCPOptions The DecodeTCPOptions function in decode.c in Snort before 2.3.0, when printing TCP/IP options using FAST output or verbose mode, allows remote attackers to cause a denial of service (crash) via packets with invalid TCP/IP options, which trigger a null dereference. | 7.8 |
| 2004-12-31 | CVE-2004-2639 | Remote Security vulnerability in Journalness Unspecified vulnerability in Journalness 3.0.7 and earlier allows remote attackers to create or modify posts via unknown attack vectors. | 7.5 |
| 2004-12-31 | CVE-2004-2638 | Unspecified vulnerability in Oscommerce 1.5.1 The Admin Access With Levels plugin in osCommerce 1.5.1 allows remote attackers to access files in the "admin/" directory by modifying the in_login parameter to a non-zero value. | 7.5 |
| 2004-12-31 | CVE-2004-2635 | Information Disclosure vulnerability in Mcafee Security Installer Control System 4.0.0.81 An ActiveX control for McAfee Security Installer Control System 4.0.0.81 allows remote attackers to access the Windows registry via web pages that use the control's RegQueryValue() method. | 7.5 |
| 2004-12-31 | CVE-2004-2632 | Input Validation vulnerability in phpMyAdmin phpMyAdmin 2.5.1 up to 2.5.7 allows remote attackers to modify configuration settings and gain unauthorized access to MySQL servers via modified $cfg['Servers'] variables. | 7.5 |
| 2004-12-31 | CVE-2004-2631 | Input Validation vulnerability in phpMyAdmin Eval injection vulnerability in left.php in phpMyAdmin 2.5.1 up to 2.5.7, when LeftFrameLight is FALSE, allows remote attackers to execute arbitrary PHP code via a crafted table name. | 7.5 |
| 2004-12-31 | CVE-2004-2630 | Remote Command Execution vulnerability in phpMyAdmin The MIME transformation system (transformations/text_plain__external.inc.php) in phpMyAdmin 2.5.0 up to 2.6.0-pl1 allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors. | 7.5 |