Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2004-07-29 | CVE-2004-2067 | SQL Injection vulnerability in Jaws 0.2/0.3/0.4 SQL injection vulnerability in controlpanel.php in Jaws Framework and Content Management System 0.4 allows remote attackers to execute arbitrary SQL and bypass authentication via the (1) user, (2) password, or (3) crypted_password parameters. | 7.5 |
2004-07-29 | CVE-2004-2066 | SQL Injection vulnerability in LinPHA Session Cookie SQL injection vulnerability in session.php in LinPHA 0.9.4 allows remote attackers to execute arbitrary SQL code and bypass authentication via the (1) linpha_userid or (2) linpha_password cookies. | 7.5 |
2004-07-27 | CVE-2004-0739 | Denial-Of-Service vulnerability in Snapfiles Whisper FTP Surfer 1.0.7 Buffer overflow in Whisper FTP Surfer 1.0.7 allows remote FTP servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long filename. | 7.5 |
2004-07-27 | CVE-2004-0738 | SQL-Injection vulnerability in Francisco Burzi PHP-Nuke 8.0Final Multiple SQL injection vulnerabilities in the Search module in Php-Nuke allow remote attackers to execute arbitrary SQL via the (1) min or (2) categ parameters. | 7.5 |
2004-07-27 | CVE-2004-0737 | Cross-Site Scripting vulnerability in Francisco Burzi PHP-Nuke 8.0Final Multiple cross-site scripting vulnerabilities in index.php in the Search module for Php-Nuke allows remote attackers to inject arbitrary web script or HTML via the (1) sid, (2) max, (3) sel1, (4) sel2, (5) sel3, (6) sel4, (7) sel5, (8) match, (9) mod1, (10) mod2, or (11) mod3 parameters. | 7.5 |
2004-07-27 | CVE-2004-0735 | Remote Buffer Overflow vulnerability in Medal Of Honor Allied Assault Buffer overflow in Medal of Honor (1) Allied Assault 1.11v9 and earlier, (2) Breakthrough 2.40b and earlier, and (3) Spearhead 2.15 and earlier, when playing on a Local Area Network (LAN), allows remote attackers to execute arbitrary code via vectors such as (1) the getinfo query, (2) the connect packet, and other unknown vectors. | 7.5 |
2004-07-27 | CVE-2004-0734 | Remote Command Execution vulnerability in Extropia Webstore 1.0/2.0 Web_Store.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter. | 7.5 |
2004-07-27 | CVE-2004-0733 | Unspecified vulnerability in Ollydbg Format string vulnerability in OllyDbg 1.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers that are directly provided to the OutputDebugString function call. | 7.5 |
2004-07-27 | CVE-2004-0732 | SQL-Injection vulnerability in Francisco Burzi PHP-Nuke 8.0Final SQL injection vulnerability in index.php in the Search module for Php-Nuke allows remote attackers to execute arbitrary SQL statements via the instory parameter. | 7.5 |
2004-07-27 | CVE-2004-0727 | Unspecified vulnerability in Microsoft Internet Explorer 6.0.2800.1106 Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as demonstrated by SimilarMethodNameRedir, aka the "Similar Method Name Redirection Cross Domain Vulnerability." | 7.5 |