Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-08-20 | CVE-2004-1732 | SQL Injection Vulnerability And Directory Traversal vulnerability in Mydms 1.4/1.4.1 SQL injection vulnerability in out.ViewFolder.php in MyDMS before 1.4.2 allows remote attackers to execute arbitrary SQL commands via the folderid parameter. | 7.5 |
| 2004-08-20 | CVE-2004-1728 | Remote Buffer Overflow vulnerability in British National Corpus SARA Buffer overflow in British National Corpus SARA (sarad) allows remote attackers to execute arbitrary code by calling the client with a long string. | 7.5 |
| 2004-08-20 | CVE-2004-1726 | Buffer Overflow and Integer Handling vulnerability in John Bradley XV 3.10A Multiple integer overflows in (1) xviris.c, (2) xvpcx.c, and (3) xvpm.c in XV allow remote attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow. | 7.5 |
| 2004-08-18 | CVE-2004-1724 | Information Disclosure vulnerability in PHP Fusion PHP Fusion 4.0 The ReadMe First.txt file in PHP-Fusion 4.0 instructs users to set the permissions on the fusion_admin/db_backups directory to world read/write/execute (777), which allows remote attackers to download or view database backups, which have easily guessable filenames and contain the administrator username and password. | 7.5 |
| 2004-08-18 | CVE-2004-0779 | Remote Security vulnerability in Firebird The (1) Mozilla 1.6, (2) Firebird 0.7 and (3) Firefox 0.8 web browsers do not properly verify that cached passwords for SSL encrypted sites are only sent via SSL encrypted sessions to the site, which allows a remote attacker to cause a cached password to be sent in cleartext to a spoofed site. | 7.5 |
| 2004-08-18 | CVE-2004-0765 | Unspecified vulnerability in Mozilla Firefox, Mozilla and Thunderbird The cert_TestHostName function in Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, only checks the hostname portion of a certificate when the hostname portion of the URI is not a fully qualified domain name (FQDN), which allows remote attackers to spoof trusted certificates. | 7.5 |
| 2004-08-18 | CVE-2004-0518 | Remote Security vulnerability in Apple Mac OS X Server Unknown vulnerability in AppleFileServer for Mac OS X 10.3.4, related to "the use of SSH and reporting errors," has unknown impact and attack vectors. | 7.5 |
| 2004-08-18 | CVE-2004-0514 | Security vulnerability in Apple Mac OS X Unknown vulnerability in LoginWindow for Mac OS X 10.3.4, related to "handling of directory services lookups." | 7.2 |
| 2004-08-18 | CVE-2004-0490 | Local Privilege Escalation vulnerability in cPanel cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529. | 7.2 |
| 2004-08-18 | CVE-2004-0432 | ProFTPD 1.2.9 treats the Allow and Deny directives for CIDR based ACL entries as if they were AllowAll, which could allow FTP clients to bypass intended access restrictions. | 7.5 |