Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-12-31 | CVE-2004-1892 | Remote Buffer Overflow vulnerability in Emule 0.42D Stack-based buffer overflow in DecodeBase16 function, as used in the (1) IRC module and (2) web server in eMule 0.42d, allows remote attackers to execute arbitrary code via a long string. | 7.5 |
| 2004-12-31 | CVE-2004-1888 | Remote Arbitrary Command Execution vulnerability in Aborior Encore Web Forum display.cgi in Aborior Encore WebForum allows remote to execute arbitrary commands via shell metacharacters in the file variable. | 7.5 |
| 2004-12-31 | CVE-2004-1881 | SQL Injection vulnerability in Cactusoft Cactushop 5.0/5.1 SQL injection vulnerability in (1) mailorder.asp or (2) payonline.asp in CactuShop 5.x allows remote attackers to execute arbitrary SQL commands via the strItems parameter. | 7.5 |
| 2004-12-31 | CVE-2004-1842 | Cross-Site Request Forgery (CSRF) vulnerability in PHPnuke PHP-Nuke Cross-site request forgery (CSRF) vulnerability in Php-Nuke 6.x through 7.1.0 allows remote attackers to gain administrative privileges via an img tag with a URL to admin.php. | 8.8 |
| 2004-12-31 | CVE-2004-1841 | SQL Injection vulnerability in MS Analysis Website Traffic Analyzer 2.0 SQL injection vulnerability in MS Analysis module 2.0 for PHP-Nuke allows remote attackers to execute arbitrary SQL via the referer field in an HTTP request. | 7.5 |
| 2004-12-31 | CVE-2004-1836 | SQL Injection vulnerability in Invision Power Services Invision Power TOP Site List 1.0/1.1/1.1Rc2 SQL injection vulnerability in index.php in Invision Power Top Site List 1.1 RC 2 and earlier allows remote attackers to execute arbitrary SQL via the id parameter of the comments action. | 7.5 |
| 2004-12-31 | CVE-2004-1835 | SQL Injection vulnerability in Invision Power Services Invision Gallery 1.0.1 Multiple SQL injection vulnerabilities in index.php in Invision Gallery 1.0.1 allow remote attackers to execute arbitrary SQL via the (1) img, (2) cat, (3) sort_key, (4) order_key, (5) user, or (6) album parameters. | 7.5 |
| 2004-12-31 | CVE-2004-1813 | Remote Authentication Bypass vulnerability in Vocaltec Vgw4 8 Telephony Gateway 8.0 VocalTec VGW4/8 Gateway 8.0 allows remote attackers to bypass authentication via an HTTP request to home.asp with a trailing slash (/). | 7.5 |
| 2004-12-31 | CVE-2004-1811 | Unspecified vulnerability in HP SSL Http Server 5.0/5.92 The SSL HTTP Server in HP Web-enabled Management Software 5.0 through 5.92, with anonymous access enabled, allows remote attackers to compromise the trusted certificates by uploading their own certificates. | 7.5 |
| 2004-12-31 | CVE-2004-1806 | SQL Injection vulnerability in Dogpatch Software Cfwebstore 5.0 SQL injection vulnerability in index.cfm in CFWebstore 5.0 allows remote attackers to execute SQL commands via the (1) category_id, (2) product_id, or (3) feature_id parameters. | 7.5 |