Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-12-31 | CVE-2004-2347 | Remote Command Execution vulnerability in Leif M. Wright web Blog 1.1/1.1.5 blog.cgi in Leif M. | 7.5 |
| 2004-12-31 | CVE-2004-2341 | Remote Security vulnerability in iSearch PHP file include injection vulnerability in isearch.inc.php for iSearch allows remote attackers to execute arbitrary code via the isearch_path parameter. | 7.5 |
| 2004-12-31 | CVE-2004-2340 | Remote SQL Injection vulnerability in PunkBuster Database ** UNVERIFIABLE ** SQL injection vulnerability in PunkBuster Screenshot Database (PB-DB) Alpha 6 allows remote attackers to execute arbitrary SQL commands via the username and password fields of the login form. | 7.5 |
| 2004-12-31 | CVE-2004-2338 | Unspecified vulnerability in Openbsd 3.3/3.4 OpenBSD 3.3 and 3.4 does not properly parse Accept and Deny rules without netmasks on big-endian 64-bit platforms such as SPARC64, which may allow remote attackers to bypass access restrictions. | 7.5 |
| 2004-12-31 | CVE-2004-2335 | Local Privilege Escalation vulnerability in Macromedia Contribute and Studio The Macromedia installers and e-licensing client on Mac OS X, as used for Macromedia Contribute 2, Director, Dreamweaver, Fireworks, Flash, and Studio, install the AuthenticationService setuid and writable by other users, which allows local users to gain privileges by modifying the program. | 7.2 |
| 2004-12-31 | CVE-2004-2329 | Local Privilege Escalation vulnerability in Kerio Personal Firewall 2.1.5 Kerio Personal Firewall (KPF) 2.1.5 allows local users to execute arbitrary code with SYSTEM privileges via the Load button in the Firewall Configuration Files option, which does not drop privileges before opening the file loading dialog box. | 7.2 |
| 2004-12-31 | CVE-2004-2326 | SQL Injection vulnerability in IP3 Networks products SQL injection vulnerability in IP3 Networks NetAccess Appliance before firmware 3.1.18b13 allows remote attackers to bypass authentication via the (1) login or (2) password. | 7.5 |
| 2004-12-31 | CVE-2004-2324 | Multiple vulnerability in DotNetNuke SQL injection vulnerability in DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d allows remote attackers to modify the backend database via the (1) table and (2) field parameters in LinkClick.aspx. | 7.5 |
| 2004-12-31 | CVE-2004-2322 | SQL-Injection vulnerability in Phpwebsite SQL injection vulnerability in the (1) announce and (2) notes modules of phpWebSite before 0.9.3-2 allows remote attackers to execute arbitrary SQL queries, as demonstrated using the ANN_id parameter to the announce module. | 7.5 |
| 2004-12-31 | CVE-2004-2314 | Remote Security vulnerability in Novell Ichain 2.1/2.2 The Telnet listener for Novell iChain Server before 2.2 Field Patch 3b 2.2.116 does not have a password by default, which allows remote attackers to gain access. | 7.5 |