Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-04-12 | CVE-2004-1928 | Improper Input Validation vulnerability in Tiki Tikiwiki Cms/Groupware 1.6.1/1.8.1 The image upload feature in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to upload and possibly execute arbitrary files via the img/wiki_up URL. | 7.5 |
| 2004-04-12 | CVE-2004-1925 | SQL Injection vulnerability in Tiki Tikiwiki Cms/Groupware 1.6.1/1.8.1 Multiple SQL injection vulnerabilities in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allow remote attackers to execute arbitrary SQL commands via the sort_mode parameter in (1) tiki-usermenu.php, (2) tiki-list_file_gallery.php, (3) tiki-directory_ranking.php, (4) tiki-browse_categories.php, (5) tiki-index.php, (6) tiki-user_tasks.php, (7) tiki-directory_ranking.php, (8) tiki-directory_search.php, (9) tiki-file_galleries.php, (10) tiki-list_faqs.php, (11) tiki-list_trackers.php, (12) tiki-list_blogs.php, or via the offset parameter in (13) tiki-usermenu.php, (14) tiki-browse_categories.php, (15) tiki-index.php, (16) tiki-user_tasks.php, (17) tiki-list_faqs.php, (18) tiki-list_trackers.php, or (19) tiki-list_blogs.php. | 7.5 |
| 2004-04-11 | CVE-2004-1926 | Code Injection vulnerability in Tiki Tikiwiki Cms/Groupware 1.6.1/1.8.1 Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to inject arbitrary code via the (1) Theme, (2) Country, (3) Real Name, or (4) Displayed time zone fields in a User Profile, or the (5) Name, (6) Description, (7) URL, or (8) Country fields in a Directory/Add Site operation. | 7.5 |
| 2004-04-10 | CVE-2004-1921 | Unspecified vulnerability in X-Micro Wlan 11B Broadband Router Firmware X-Micro WLAN 11b Broadband Router 1.6.0.1 has a hardcoded "1502" username and password, which could allow remote attackers to gain access. | 7.5 |
| 2004-04-10 | CVE-2004-1920 | Unspecified vulnerability in X-Micro Wlan 11B Broadband Router Firmware X-Micro WLAN 11b Broadband Router 1.2.2, 1.2.2.3, 1.2.2.4, and 1.6.0.0 has a hardcoded "super" username and password, which could allow remote attackers to gain access. | 7.5 |
| 2004-04-08 | CVE-2004-1917 | Remote vulnerability in LCDproc LCDd Format string vulnerability in test_func_func in LCDProc 0.4.1 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the str variable. | 7.5 |
| 2004-04-08 | CVE-2004-1916 | Remote vulnerability in LCDproc LCDd Multiple buffer overflows in LCDProc 0.4.1, and possibly other 0.4.x versions up to 0.4.4, allows remote attackers to execute arbitrary code via (1) a long invalid command to parse_all_client_messages function, or (2) long argv command to test_func_func function. | 7.5 |
| 2004-04-08 | CVE-2004-1915 | Remote vulnerability in LCDproc LCDd Buffer overflow in the parse_all_client_messages function in LCDproc 0.4.x up to 0.4.4 allows remote attackers to execute arbitrary code via a large number of arguments. | 7.5 |
| 2004-03-29 | CVE-2004-1870 | Input Validation vulnerability in All Enthusiast Photopost PHP Pro Multiple SQL injection vulnerabilities in PhotoPost PHP Pro 4.6.x and earlier allow remote attackers to gain users' passwords via the (1) photo parameter to addfav.php, (2) photo parameter to comments.php, (3) credit parameter to comments.php, (4) cat parameter to index.php, (5) ppuser parameter to showgallery.php, (6) cat parameter to showgallery.php, (7) cat parameter to uploadphoto.php, (8) albumid parameter to useralbums.php, or (9) albumid parameter to useralbums.php. | 7.5 |
| 2004-03-29 | CVE-2004-0194 | Buffer Overflow vulnerability in Adobe Acrobat Reader 5.1 Stack-based buffer overflow in the OutputDebugString function for Adobe Acrobat Reader 5.1 allows remote attackers to execute arbitrary code via a PDF document with XML Forms Data Format (XFDF) data. | 7.5 |