Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2004-03-20 | CVE-2004-1847 | Multiple vulnerability in Expinion.net News Manager Lite News Manager Lite 2.5 allows remote attackers to bypass authentication and gain administrator privileges by setting the ADMIN parameter in the NEWS_LOGIN cookie. | 7.5 |
2004-03-20 | CVE-2004-1846 | Multiple vulnerability in Expinion.Net News Manager Lite 2.5 Multiple SQL injection vulnerabilities in News Manager Lite 2.5 allow remote attackers to execute arbitrary SQL code via the (1) ID parameter to more.asp, (2) ID parameter to category_news.asp, or (3) filter parameter to news_sort.asp. | 7.5 |
2004-03-20 | CVE-2004-1843 | SQL Injection vulnerability in Expinion.net Member Management System ID Parameter SQL injection vulnerability in Member Management System 2.1 allows remote attackers to execute arbitrary SQL via the ID parameter to (1) resend.asp or (2) news_view.asp. | 7.5 |
2004-03-20 | CVE-2004-1833 | Privilege Escalation vulnerability in Borland Interbase Database User The admin.ib file in Borland Interbase 7.1 for Linux has default world writable permissions, which allows local users to gain database administrative privileges. | 7.5 |
2004-03-16 | CVE-2004-1826 | SQL Injection vulnerability in Mambo Open Source SQL injection vulnerability in index.php in Mambo Open Source 4.5 stable 1.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2004-03-15 | CVE-2004-1821 | Multiple vulnerability in Warpspeed 4Nalbum Module 0.92 SQL injection vulnerability in 4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to gain privileges or perform unauthorized database operations via the gid parameter. | 7.5 |
2004-03-15 | CVE-2004-1820 | Multiple vulnerability in Warpspeed 4Nalbum Module 0.92 PHP remote file inclusion vulnerability in displaycategory.php in 4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to execute arbitrary PHP code by modifying the basepath parameter to reference a URL on a remote web server that contains fileFunctions.php. | 7.5 |
2004-03-15 | CVE-2004-0193 | Heap Overflow vulnerability in Internet Security Systems Protocol Analysis Module SMB Parsing Heap-based buffer overflow in the ISS Protocol Analysis Module (PAM), as used in certain versions of RealSecure Network 7.0 and Server Sensor 7.0, Proventia A, G, and M Series, RealSecure Desktop 7.0 and 3.6, RealSecure Guard 3.6, RealSecure Sentry 3.6, BlackICE PC Protection 3.6, and BlackICE Server Protection 3.6, allows remote attackers to execute arbitrary code via an SMB packet containing an authentication request with a long username. | 7.5 |
2004-03-15 | CVE-2004-0190 | Unspecified vulnerability in Symantec products Symantec FireWall/VPN Appliance model 200 records a cleartext password for the password administration page, which may be cached on the administrator's local system or in a proxy, which allows attackers to steal the password and gain privileges. | 7.5 |
2004-03-15 | CVE-2004-0189 | Unspecified vulnerability in Squid The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL ("%00") character, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists. | 7.5 |