Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-12-31 | CVE-2004-2012 | Privilege Escalation vulnerability in NetBSD/FreeBSD Port Systrace Exit Routine Access Validation The systrace_exit function in the systrace utility for NetBSD-current and 2.0 before April 16, 2004, and certain FreeBSD ports, does not verify the owner of the /dec/systrace connection before setting euid to 0, which allows local users to gain root privileges. | 7.2 |
| 2004-12-31 | CVE-2004-2010 | Remote PHP Script Execution vulnerability in PHPShop PHP remote file inclusion vulnerability in index.php in phpShop 0.7.1 and earlier allows remote attackers to execute arbitrary PHP code by modifying the base_dir parameter to reference a URL on a remote web server that contains phpshop.cfg. | 7.5 |
| 2004-12-31 | CVE-2004-1966 | Input Validation vulnerability in OpenBB Multiple SQL injection vulnerabilities in Open Bulletin Board (OpenBB) 1.0.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) FID parameter in board.php, (2) sortorder, perpage, or id parameters in member.php, (3) forums parameter in search.php, or (4) PID or FID parameters in post.php. | 7.5 |
| 2004-12-31 | CVE-2004-1962 | Unspecified vulnerability in Protector System Protector System 1.15B1 SQL injection vulnerability in index.php in Protector System 1.15b1 allows remote attackers to bypass SQL injection filters by using "/**/" sequences in the targeted fields. | 7.5 |
| 2004-12-31 | CVE-2004-1955 | Multiple vulnerability in PHProfession 2.5 SQL injection vulnerability in modules.php in phProfession 2.5 allows remote attackers to execute arbitrary SQL code via the offset parameter. | 7.5 |
| 2004-12-31 | CVE-2004-1949 | Module SQL Injection vulnerability in Postnuke Software Foundation Postnuke 0.726 SQL injection vulnerability in PostNuke 7.2.6 and earlier allows remote attackers to execute arbitrary SQL via (1) the sif parameter to index.php in the Comments module or (2) timezoneoffset parameter to changeinfo.php in the Your_Account module. | 7.5 |
| 2004-12-31 | CVE-2004-1914 | Multiple vulnerability in NukeCalendar SQL injection vulnerability in modules.php in NukeCalendar 1.1.a, as used in PHP-Nuke, allows remote attackers to execute arbitrary SQL commands via the eid parameter. | 7.5 |
| 2004-12-31 | CVE-2004-1904 | Remote Heap Overflow vulnerability in Panda Activescan 5.0 Buffer overflow in ascontrol.dll in Panda ActiveScan 5.0 allows remote attackers to execute arbitrary code via the Internacional property followed by a long string. | 7.5 |
| 2004-12-31 | CVE-2004-1900 | Remote Format String vulnerability in Pan Vision IGI-2 Covert Strike Format string vulnerability in the logging function in IGI 2 Covert Strike server 1.3 and earlier allows remote attackers to execute arbitrary code via format string specifiers in RCON commands. | 7.5 |
| 2004-12-31 | CVE-2004-1896 | Heap Overflow vulnerability in NullSoft Winamp in_mod.dll Plug-in Heap-based buffer overflow in in_mod.dll in Nullsoft Winamp 2.91 through 5.02 allows remote attackers to execute arbitrary code via a Fasttracker 2 (.xm) mod media file. | 7.6 |