Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-04-11 | CVE-2004-1926 | Code Injection vulnerability in Tiki Tikiwiki Cms/Groupware 1.6.1/1.8.1 Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to inject arbitrary code via the (1) Theme, (2) Country, (3) Real Name, or (4) Displayed time zone fields in a User Profile, or the (5) Name, (6) Description, (7) URL, or (8) Country fields in a Directory/Add Site operation. | 7.5 |
| 2004-04-10 | CVE-2004-1921 | Unspecified vulnerability in X-Micro Wlan 11B Broadband Router Firmware X-Micro WLAN 11b Broadband Router 1.6.0.1 has a hardcoded "1502" username and password, which could allow remote attackers to gain access. | 7.5 |
| 2004-04-10 | CVE-2004-1920 | Unspecified vulnerability in X-Micro Wlan 11B Broadband Router Firmware X-Micro WLAN 11b Broadband Router 1.2.2, 1.2.2.3, 1.2.2.4, and 1.6.0.0 has a hardcoded "super" username and password, which could allow remote attackers to gain access. | 7.5 |
| 2004-04-08 | CVE-2004-1917 | Remote vulnerability in LCDproc LCDd Format string vulnerability in test_func_func in LCDProc 0.4.1 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the str variable. | 7.5 |
| 2004-04-08 | CVE-2004-1916 | Remote vulnerability in LCDproc LCDd Multiple buffer overflows in LCDProc 0.4.1, and possibly other 0.4.x versions up to 0.4.4, allows remote attackers to execute arbitrary code via (1) a long invalid command to parse_all_client_messages function, or (2) long argv command to test_func_func function. | 7.5 |
| 2004-04-08 | CVE-2004-1915 | Remote vulnerability in LCDproc LCDd Buffer overflow in the parse_all_client_messages function in LCDproc 0.4.x up to 0.4.4 allows remote attackers to execute arbitrary code via a large number of arguments. | 7.5 |
| 2004-03-29 | CVE-2004-1870 | Input Validation vulnerability in All Enthusiast Photopost PHP Pro Multiple SQL injection vulnerabilities in PhotoPost PHP Pro 4.6.x and earlier allow remote attackers to gain users' passwords via the (1) photo parameter to addfav.php, (2) photo parameter to comments.php, (3) credit parameter to comments.php, (4) cat parameter to index.php, (5) ppuser parameter to showgallery.php, (6) cat parameter to showgallery.php, (7) cat parameter to uploadphoto.php, (8) albumid parameter to useralbums.php, or (9) albumid parameter to useralbums.php. | 7.5 |
| 2004-03-29 | CVE-2004-0194 | Buffer Overflow vulnerability in Adobe Acrobat Reader 5.1 Stack-based buffer overflow in the OutputDebugString function for Adobe Acrobat Reader 5.1 allows remote attackers to execute arbitrary code via a PDF document with XML Forms Data Format (XFDF) data. | 7.5 |
| 2004-03-29 | CVE-2004-0160 | Unspecified vulnerability in Synaesthesia Synaesthesia 2.2 and earlier allows local users to execute arbitrary code via a symlink attack on the configuration file. | 7.2 |
| 2004-03-29 | CVE-2003-1018 | Local Format String vulnerability in IBM AIX 4.3.3/5.1/5.2 Format string vulnerability in enq command in AIX 4.3, 5.1, and 5.2 allows local users with rintq group privileges to gain privileges via unknown attack vectors. | 7.2 |