Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2004-08-06 | CVE-2004-0125 | Unspecified vulnerability in Freebsd The jail system call in FreeBSD 4.x before 4.10-RELEASE does not verify that an attempt to manipulate routing tables originated from a non-jailed process, which could allow local users to modify the routing table. | 7.2 |
2004-08-05 | CVE-2004-0641 | Unspecified vulnerability in Thomson Speedtouch 510Adslrouter Thomson SpeedTouch 510 ADSL Router with firmware GV8BAA3.270, and possibly earlier versions, generates predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections. | 7.5 |
2004-08-04 | CVE-2004-1370 | Multiple Unspecified vulnerability in Oracle Multiple SQL injection vulnerabilities in PL/SQL procedures that run with definer rights in Oracle 9i and 10g allow remote attackers to execute arbitrary SQL commands and gain privileges via (1) DBMS_EXPORT_EXTENSION, (2) WK_ACL.GET_ACL, (3) WK_ACL.STORE_ACL, (4) WK_ADM.COMPLETE_ACL_SNAPSHOT, (5) WK_ACL.DELETE_ACLS_WITH_STATEMENT, or (6) DRILOAD.VALIDATE_STMT. | 7.5 |
2004-08-04 | CVE-2004-1368 | Multiple Unspecified vulnerability in Oracle ISQL*Plus in Oracle 10g Application Server allows remote attackers to execute arbitrary files via an absolute pathname in the file parameter to the load.uix script. | 7.8 |
2004-08-04 | CVE-2004-1364 | Path Traversal vulnerability in Oracle products Directory traversal vulnerability in extproc in Oracle 9i and 10g allows remote attackers to access arbitrary libraries outside of the $ORACLE_HOME\bin directory. | 8.5 |
2004-08-04 | CVE-2004-1362 | Multiple Unspecified vulnerability in Oracle The PL/SQL module for the Oracle HTTP Server in Oracle Application Server 10g, when using the WE8ISO8859P1 character set, does not perform character conversions properly, which allows remote attackers to bypass access restrictions for certain procedures via an encoded URL with "%FF" encoded sequences that are improperly converted to "Y" characters. | 7.5 |
2004-08-02 | CVE-2004-1706 | Denial Of Service vulnerability in U.S.Robotics Usr808054 1.21H The U.S. | 7.5 |
2004-07-30 | CVE-2004-1707 | Privilege Escalation vulnerability in Oracle Database Default Library Directory The (1) dbsnmp and (2) nmo programs in Oracle 8i, Oracle 9i, and Oracle IAS 9.0.2.0.1, on Unix systems, use a default path to find and execute library files while operating at raised privileges, which allows certain Oracle user accounts to gain root privileges via a modified libclntsh.so.9.0. | 7.2 |
2004-07-30 | CVE-2004-1704 | Remote Security vulnerability in Wpquiz WpQuiz 2.60b1 through 2.60b8 allows remote attackers to gain privileges via a direct request to adminrestore.php in the extras directory. | 7.5 |
2004-07-30 | CVE-2004-1703 | Cross-Site Request Forgery (CSRF) vulnerability in Fusionphp Fusion News 3.6.1 Fusion News 3.6.1 allows remote attackers to add user accounts, if the administrator is logged in, via a comment that contains an img bbcode tag that calls index.php with the signup action, which is executed when the administrator's browser loads the page with the img tag. | 8.8 |