Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-12-31 | CVE-2004-1405 | Remote Arbitrary Script Upload vulnerability in MediaWiki MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code. | 7.5 |
| 2004-12-31 | CVE-2004-1404 | Remote vulnerability in Opentools Attachment Mod Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code. | 7.5 |
| 2004-12-31 | CVE-2004-1403 | Remote File Include vulnerability in SIR GNUBoard PHP remote file inclusion vulnerability in index.php in GNUBoard 3.39 and earlier allows remote attackers to execute arbitrary PHP code by modifying the doc parameter to reference a URL on a remote web server that contains the code. | 7.5 |
| 2004-12-31 | CVE-2004-1401 | Remote SQL Injection vulnerability in ASP-Rider SQL injection vulnerability in verify.asp in Asp-rider allows remote attackers to execute arbitrary SQL statements and bypass authentication via the username parameter. | 7.5 |
| 2004-12-31 | CVE-2004-1400 | Unspecified vulnerability in Active Server Corner ASP Calendar 1.0 The control panel in ASP Calendar does not require authentication to access, which allows remote attackers to gain unauthorized access via a direct request to main.asp. | 7.5 |
| 2004-12-31 | CVE-2004-1386 | Improper Input Validation vulnerability in Tiki Tikiwiki Cms/Groupware 1.6.1 TikiWiki before 1.8.4.1 does not properly verify uploaded images, which could allow remote attackers to upload and execute arbitrary PHP scripts, a different vulnerability than CVE-2005-0200. | 7.5 |
| 2004-12-31 | CVE-2004-1383 | Cross-Site Scripting and SQL Injection vulnerability in PHPGroupWare Multiple SQL injection vulnerabilities in phpGroupWare 0.9.16.003 and earlier allow remote attackers to execute arbitrary SQL statements via the (1) order, (2) project_id, (3) pro_main, or (4) hours_id parameters to index.php or (5) ticket_id to viewticket_details.php. | 7.5 |
| 2004-12-31 | CVE-2004-1332 | Buffer Overflow vulnerability in HP HP-UX FTP Server Debug Logging Mode Stack-based buffer overflow in the FTP daemon in HP-UX 11.11i, with the -v (debug) option enabled, allows remote attackers to execute arbitrary code via a long command request. | 7.5 |
| 2004-12-31 | CVE-2004-1330 | Local Buffer Overflow vulnerability in IBM AIX PAGINIT Buffer overflow in paginit in AIX 5.1 through 5.3 allows local users to execute arbitrary code via a long username. | 7.2 |
| 2004-12-31 | CVE-2004-1328 | Newgrp Local Privilege Escalation vulnerability in HP Hp-Ux 11.00/11.11/11.4 Unknown vulnerability in newgrp in HP-UX B.11.00, B.11.04, and B.11.11 allows local users to gain elevated privileges. | 7.2 |