Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2004-12-31 | CVE-2004-1439 | Buffer Overflow vulnerability in Sapporoworks Black Jumbodog 3.6.1 Buffer overflow in BlackJumboDog 3.x allows remote attackers to execute arbitrary code via long FTP commands such as (1) USER, (2) PASS, (3) RETR,(4) CWD, (5) XMKD, and (6) XRMD. | 7.5 |
2004-12-31 | CVE-2004-1437 | Remote Digest Authentication Buffer Overflow vulnerability in Pavuk 0.928R1/0.928R2/0.9Pl28I Multiple buffer overflows in the digest authentication functionality in Pavuk 0.9.28-r2 and earlier allow remote attackers to execute arbitrary code. | 7.5 |
2004-12-31 | CVE-2004-1436 | Multiple vulnerability in Cisco ONS The Transaction Language 1 (TL1) login interface in Cisco ONS 15327 4.6(0) and 4.6(1) and 15454 and 15454 SDH 4.6(0) and 4.6(1), when a user account is configured with a blank password, allows remote attackers to gain unauthorized access by logging in with a password larger than 10 characters. | 7.5 |
2004-12-31 | CVE-2004-1430 | Remote SQL Injection vulnerability in Ipbproarcade 2.5 SQL injection vulnerability in the show_stats module in Arcade.php in IbProArcade allows remote attackers to execute arbitrary SQL code via the gameid parameter. | 7.5 |
2004-12-31 | CVE-2004-1429 | Remote Security vulnerability in FTP Server ArGoSoft FTP 1.4.2.4 and earlier does not limit the number of times that a bad password can be entered, which makes it easier for remote attackers to guess passwords via a brute force attack. | 7.5 |
2004-12-31 | CVE-2004-1427 | Remote File Include vulnerability in Korweblog 1.6.1/1.6.2Cvs PHP remote file inclusion vulnerability in main.inc in KorWeblog 1.6.2-cvs and earlier allows remote attackers to execute arbitrary PHP code by modifying the G_PATH parameter to reference a URL on a remote web server that contains the code, as demonstrated in index.php when using .. | 7.5 |
2004-12-31 | CVE-2004-1423 | Code Injection vulnerability in PHP-Calendar Multiple PHP remote file inclusion vulnerabilities in Sean Proctor PHP-Calendar before 0.10.1, as used in Commonwealth of Massachusetts Virtual Law Office (VLO) and other products, allow remote attackers to execute arbitrary PHP code via a URL in the phpc_root_path parameter to (1) includes/calendar.php or (2) includes/setup.php. | 7.5 |
2004-12-31 | CVE-2004-1421 | Remote vulnerability in WHM Autopilot 2.4.5/2.4.6/2.4.6.5 Multiple PHP remote file inclusion vulnerabilities (1) step_one.php, (2) step_one_tables.php, (3) step_two_tables.php in WHM AutoPilot 2.4.6.5 and earlier allow remote attackers to execute arbitrary PHP code by modifying the server_inc parameter to reference a URL on a remote web server that contains the code. | 7.5 |
2004-12-31 | CVE-2004-1408 | Remote vulnerability in Singapore Image Gallery The addImage method for admin.class.php in Image Gallery Web Application 0.9.10 does not properly check filenames, which allows remote attackers to upload and execute arbitrary files. | 7.5 |
2004-12-31 | CVE-2004-1406 | Remote SQL Injection vulnerability in Ikonboard SQL injection vulnerability in ikonboard.cgi in Ikonboard 3.1.0 through 3.1.3 allows remote attackers to inject arbitrary SQL commands via the (1) st or (2) keywords parameter. | 7.5 |