Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2004-11-23 | CVE-2004-0346 | Off-by-one Error vulnerability in Proftpd 1.2.7/1.2.8/1.2.9 Off-by-one buffer overflow in _xlate_ascii_write() in ProFTPD 1.2.7 through 1.2.9rc2p allows local users to gain privileges via a 1024 byte RETR command. | 7.8 |
2004-11-23 | CVE-2004-0340 | Unspecified vulnerability in Texas Imperial Software Wftpd Stack-based buffer overflow in WFTPD Pro Server 3.21 Release 1, Pro Server 3.20 Release 2, Server 3.21 Release 1, and Server 3.10 allows local users to execute arbitrary code via long (1) LIST, (2) NLST, or (3) STAT commands. | 7.2 |
2004-11-23 | CVE-2004-0328 | Authentication Bypass vulnerability in Gigabyte Gn-B46B 1.003.00 Gigabyte Gn-B46B 2.4Ghz wireless broadband router firmware 1.003.00 allows local users on the same local network as the router to bypass authentication by using a copy of the router's html menu on a separate system. | 7.2 |
2004-11-23 | CVE-2004-0279 | Unspecified vulnerability in AIM Sniff AIM Sniff AIM Sniff (aimSniff.pl) 0.9b allows local users to overwrite arbitrary files via a symlink attack on /tmp/AS.log. | 7.2 |
2004-11-23 | CVE-2004-0274 | Unspecified vulnerability in Eggheads Eggdrop IRC BOT Share.mod in Eggheads Eggdrop IRC bot 1.6.10 through 1.6.15 can mistakenly assign STAT_OFFERED status to a bot that is not a sharebot, which allows remote attackers to use STAT_OFFERED to promote a bot to a sharebot and conduct unauthorized activities. | 7.5 |
2004-11-23 | CVE-2004-0272 | Input Validation vulnerability in Maxwebportal 1.30/1.31 SQL injection vulnerability in MaxWebPortal allows remote attackers to inject arbitrary SQL code and gain sensitive information via the SendTo parameter in Personal Messages. | 7.5 |
2004-11-23 | CVE-2004-0258 | Buffer Overrun vulnerability in Multiple RealPlayer/RealOne Player Supported File Type Multiple buffer overflows in RealOne Player, RealOne Player 2.0, RealOne Enterprise Desktop, and RealPlayer Enterprise allow remote attackers to execute arbitrary code via malformed (1) .RP, (2) .RT, (3) .RAM, (4) .RPM or (5) .SMIL files. | 7.6 |
2004-11-23 | CVE-2004-0238 | Local Buffer Overflow vulnerability in 0Verkill 0.16 Multiple buffer overflows in Overkill (0verkill) 0.15pre3 might allow local users to execute arbitrary code in the client via a long HOME environment variable in the (1) load_cfg and (2) save_cfg functions; possibly allow remote attackers to execute arbitrary code via long strings to (3) the send_message function; and, in the server, via (4) the parse_command_line function. | 7.2 |
2004-11-23 | CVE-2004-0079 | NULL Pointer Dereference vulnerability in multiple products The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference. | 7.5 |
2004-11-12 | CVE-2004-1315 | Unspecified vulnerability in PHPbb Group PHPbb viewtopic.php in phpBB 2.x before 2.0.11 improperly URL decodes the highlight parameter when extracting words and phrases to highlight, which allows remote attackers to execute arbitrary PHP code by double-encoding the highlight value so that special characters are inserted into the result, which is then processed by PHP exec, as exploited by the Santy.A worm. | 7.5 |