Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2004-04-19 | CVE-2004-1938 | SQL Injection vulnerability in Phorum Phorum_URIAuth SQL injection vulnerability in userlogin.php in Phorum 3.4.7 allows remote attackers to execute arbitrary SQL commands via doubly hex-encoded characters such as "%2527", which is translated to "'", as demonstrated using the phorum_uriauth parameter to list.php. | 7.5 |
2004-04-15 | CVE-2004-1934 | Remote File Include Command Injection vulnerability in Isesam Gemitel 3.50 PHP remote file inclusion vulnerability in affich.php in Gemitel 3.50 allows remote attackers to execute arbitrary PHP code via the base parameter. | 7.5 |
2004-04-15 | CVE-2004-0364 | Remote Command Execution vulnerability in Symantec Norton Internet Security 2004 The WrapNISUM ActiveX component (WrapUM.dll) in Norton Internet Security 2004 is marked safe for scripting, which allows remote attackers to execute arbitrary programs via the LaunchURL method. | 7.5 |
2004-04-15 | CVE-2004-0363 | Buffer Overrun vulnerability in Symantec Norton Antispam 2004 Stack-based buffer overflow in the SymSpamHelper ActiveX component (symspam.dll) in Norton AntiSpam 2004, as used in Norton Internet Security 2004, allows remote attackers to execute arbitrary code via a long parameter to the LaunchCustomRuleWizard method. | 7.5 |
2004-04-15 | CVE-2004-0362 | Buffer Overflow vulnerability in Internet Security Systems Protocol Analysis Module ICQ Parsing Multiple stack-based buffer overflows in the ICQ parsing routines of the ISS Protocol Analysis Module (PAM) component, as used in various RealSecure, Proventia, and BlackICE products, allow remote attackers to execute arbitrary code via a SRV_MULTI response containing a SRV_USER_ONLINE response packet and a SRV_META_USER response packet with long (1) nickname, (2) firstname, (3) lastname, or (4) email address fields, as exploited by the Witty worm. | 7.5 |
2004-04-15 | CVE-2004-0224 | Remote Buffer Overflow vulnerability in Courier Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail before 4.0.0 may allow remote attackers to execute arbitrary code "when Unicode character is out of BMP range." | 7.5 |
2004-04-15 | CVE-2004-0217 | Link Following vulnerability in Symantec Antivirus Scan Engine 4.0/4.3 The LiveUpdate capability (liveupdate.sh) in Symantec AntiVirus Scan Engine 4.0 and 4.3 for Red Hat Linux allows local users to create or append to arbitrary files via a symlink attack on /tmp/LiveUpdate.log. | 7.0 |
2004-04-15 | CVE-2004-0153 | Remote Security vulnerability in Emil 2.0.4/2.0.5/2.1.0Beta9 Multiple format string vulnerabilities in emil 2.1.0 and earlier may allow remote attackers to execute arbitrary code by triggering certain error messages. | 7.5 |
2004-04-15 | CVE-2004-0152 | Remote Security vulnerability in Emil 2.0.4/2.0.5/2.1.0Beta9 Multiple stack-based buffer overflows in (1) the encode_mime function, (2) the encode_uuencode function, (3) or the decode_uuencode function for emil 2.1.0 and earlier allow remote attackers to execute arbitrary code via e-mail messages containing attachments with filenames. | 7.5 |
2004-04-15 | CVE-2004-0151 | Privilege Escalation vulnerability in Xintercepttalk Xitalk 1.1.11 Unknown vulnerability in xitalk 1.1.11 and earlier allows local users to execute arbitrary commands. | 7.2 |