Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-04-26 | CVE-2004-1972 | Video Gallery Module SQL Injection vulnerability in Francisco Burzi PHP-Nuke 7.2 SQL injection vulnerability in modules.php in PHP-Nuke Video Gallery Module 0.1 Beta 5 allows remote attackers to execute arbitrary SQL code via the (1) clipid or (2) catid parameters in a viewclip, viewcat, or voteclip action. | 7.5 |
| 2004-04-26 | CVE-2004-1970 | Authentication Bypass vulnerability in Samsung SmartEther Switch Firmware Samsung SmartEther SS6215S switch, and possibly other Samsung switches, allows remote attackers and local users to gain administrative access by providing the admin username followed by a password that is the maximum allowed length, then pressing the enter key after the resulting error message. | 7.5 |
| 2004-04-26 | CVE-2004-1078 | Unspecified vulnerability in Citrix Metaframe Client and Program Neighborhood Agent Stack-based buffer overflow in the client for Citrix Program Neighborhood Agent for Win32 8.00.24737 and earlier and Citrix MetaFrame Presentation Server client for WinCE before 8.33 allows remote attackers to execute arbitrary code via a long cached icon filename in the InName XML element. | 7.5 |
| 2004-04-25 | CVE-2004-1969 | The avatar upload capability in Open Bulletin Board (OpenBB) 1.0.6 and earlier allows remote attackers to execute arbitrary script by uploading files that include scripting code such as Javascript. | 7.5 |
| 2004-04-25 | CVE-2004-1967 | Cross-Site Request Forgery (CSRF) vulnerability in Openbb 1.0.6 Cross-site request forgery (CSRF) vulnerabilities in (1) cp_forums.php, (2) cp_usergroup.php, (3) cp_ipbans.php, (4) myhome.php, (5) post.php, or (6) moderator.php in Open Bulletin Board (OpenBB) 1.0.6 and earlier allow remote attackers to execute arbitrary code by including the code in an image tag or a link. | 8.8 |
| 2004-04-23 | CVE-2004-1961 | Unspecified vulnerability in Protector System Protector System 1.15B1 blocker.php in Protector System 1.15b1 allows remote attackers to bypass SQL injection protection and execute limited SQL commands via URL-encoded "'" characters ("%27"). | 7.5 |
| 2004-04-23 | CVE-2004-1952 | SQL Injection vulnerability in Advanced Guestbook Advanced Guestbook 2.2 SQL injection vulnerability in Advanced Guestbook 2.2 allows remote attackers to execute arbitrary SQL commands and gain privileges via the password. | 7.5 |
| 2004-04-20 | CVE-2004-1945 | Remote Buffer Overflow vulnerability in Kinesphere Corporation Exchange Pop3 4.0/5.0 Buffer overflow in Kinesphere eXchange POP3 allows remote attackers to execute arbitrary code via a long MAIL FROM field. | 7.5 |
| 2004-04-19 | CVE-2004-1943 | Remote File Include vulnerability in PHPBB album_portal.php PHP remote file inclusion vulnerability in album_portal.php in phpBB modified by Przemo 1.8 allows remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter. | 7.5 |
| 2004-04-19 | CVE-2004-1942 | Information Disclosure vulnerability in Sun Solaris Patch The Solaris 9 patches 113579-02 through 113579-05, and 114342-02 through 114342-05, prevent ypserv and ypxfrd from properly restricting access to secure NIS maps, which allows local users to use ypcat or ypmatch to extract the contents of a secure map such as passwd.adjunct.byname. | 7.5 |