Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-12-31 | CVE-2004-2145 | SQL-Injection vulnerability in Megabbs 2/2.1 SQL injection vulnerability in PD9 Software MegaBBS 2 and 2.1 allows remote attackers to execute arbitrary SQL commands via the (1) sortdir or (2) criteria parameter to ladder-log.asp or the (3) memberid or (4) teamid parameter to view-profile.asp. | 7.5 |
| 2004-12-31 | CVE-2004-2143 | SQL Injection vulnerability in ReMOSitory SQL injection vulnerability in the ReMOSitory Server add-on module to Mambo Portal 4.5.1 (1.09) and earlier allows remote attackers to execute arbitrary SQL commands via the filecatid parameter in the com_remository option. | 7.5 |
| 2004-12-31 | CVE-2004-2111 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Solarwinds Serv-U File Server Stack-based buffer overflow in the site chmod command in Serv-U FTP Server before 4.2 allows remote attackers to execute arbitrary code via a long filename. | 8.5 |
| 2004-12-31 | CVE-2004-2110 | SQL-Injection vulnerability in Phorum SQL injection vulnerability in register.php in Phorum before 3.4.6 allows remote attackers to execute arbitrary SQL commands via the hide_email parameter. | 7.5 |
| 2004-12-31 | CVE-2004-2108 | SQL Injection vulnerability in QuadComm Q-Shop Multiple SQL injection vulnerabilities in QuadComm Q-Shop allow remote attackers to execute arbitrary SQL commands via certain parameters to (1) search.asp, (2) browse.asp, (3) details.asp, (4) showcat.asp, (5) users.asp, (6) addtomylist.asp, (7) modline.asp, (8) cart.asp, or (9) newuser.asp. | 7.5 |
| 2004-12-31 | CVE-2004-2107 | Unspecified vulnerability in Finjan Software Surfingate Finjan SurfinGate 6.0 and 7.0, when running in proxy mode, does not authenticate FHTTP commands on TCP port 3141, which allows remote attackers to use the finjan-parameter-type header to (1) restart the service, (2) use the getlastmsg command to view log information, or (3) use the online command to force a policy update from the database server. | 7.5 |
| 2004-12-31 | CVE-2004-2071 | Authentication Bypass vulnerability in Macallan Mail Solution 2.8.4.6Build260 Macallan Mail Solution 2.8.4.6 (Build 260), and possibly earlier versions, allows remote attackers to bypass authentication in the web interface via an HTTP GET request with two slashes ("//") after the server name. | 7.5 |
| 2004-12-31 | CVE-2004-2070 | The Altiris Client Service for Windows 5.6 SP1 Hotfix E (5.6.181) allows local users to execute arbitrary commands by opening the AClient tray icon and using the View Log File option, a different vulnerability than CVE-2005-1590. | 7.2 |
| 2004-12-31 | CVE-2004-2065 | Unspecified vulnerability in Daniel Barron Dansguardian DansGuardian 2.8 and earlier allows remote attackers to bypass the extension filtering rule via a hex encoded extension or . | 7.5 |
| 2004-12-31 | CVE-2004-2062 | Input Validation vulnerability in AntiBoard SQL injection vulnerability in antiboard.php in AntiBoard 0.7.2 and earlier allows remote attackers to execute arbitrary SQL via the (1) thread_id, (2) parent_id, or (3) mode parameters. | 7.5 |