Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-12-31 | CVE-2004-1517 | Unspecified vulnerability in Zonelabs Imsecure 1.0.0.0/1.0.1.0/1.0.2.0 Zone Labs IMsecure and IMsecure Pro before 1.5 allow remote attackers to bypass Active Link Filtering via an instant message containing a URL with hex encoded file extensions. | 7.5 |
| 2004-12-31 | CVE-2004-1515 | SQL-Injection vulnerability in vBulletin SQL injection vulnerability in (1) ttlast.php and (2) last10.php in vBulletin 3.0.x allows remote attackers to execute arbitrary SQL statements via the fsel parameter, as demonstrated using last.php. | 7.5 |
| 2004-12-31 | CVE-2004-1510 | Remote vulnerability in WebCalendar WebCalendar allows remote attackers to gain privileges by modifying critical parameters to (1) view_entry.php or (2) upcoming.php. | 7.5 |
| 2004-12-31 | CVE-2004-1508 | Remote vulnerability in WebCalendar init.php in WebCalendar allows remote attackers to execute arbitrary local PHP scripts via the user_inc parameter. | 7.5 |
| 2004-12-31 | CVE-2004-1505 | Directory Traversal vulnerability in Salims Softhouse JAF CMS 3.0 Directory traversal vulnerability in index.php in Just Another Flat file (JAF) CMS 3.0RC allows remote attackers to read arbitrary files and possibly execute PHP code via a .. | 7.5 |
| 2004-12-31 | CVE-2004-1498 | Input Validation vulnerability in WebHost Automation Helm Control Panel SQL injection vulnerability in the compose message form in HELM 3.1.19 and earlier allows remote attackers to execute arbitrary SQL commands via the messageToUserAccNum parameter. | 7.5 |
| 2004-12-31 | CVE-2004-1485 | Remote Buffer Overflow vulnerability in InetUtils TFTP Client Buffer overflow in the TFTP client in InetUtils 1.4.2 allows remote malicious DNS servers to execute arbitrary code via a large DNS response that is handled by the gethostbyname function. | 7.5 |
| 2004-12-31 | CVE-2004-1482 | Buffer Overflow vulnerability in BNC sbuf_getmsg() The sbuf_getmsg function in BNC incorrectly handles backspace characters, which could allow remote attackers to bypass authentication and gain access to arbitrary scripts. | 7.5 |
| 2004-12-31 | CVE-2004-1480 | Access Restriction Bypass vulnerability in HP StorageWorks Command View XP Unknown vulnerability in the management station in HP StorageWorks Command View XP 1.8B and earlier allows remote attackers to bypass access restrictions. | 7.5 |
| 2004-12-31 | CVE-2004-1478 | Remote vulnerability in Macromedia JRun JRun 4.0 does not properly generate and handle the JSESSIONID, which allows remote attackers to perform a session fixation attack and hijack a user's HTTP session. | 7.5 |