Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2004-03-24 | CVE-2004-1854 | Remote Buffer Overflow vulnerability in Picophone Internet Telephone 1.63 Buffer overflow in the logging function in Picophone 1.63 and earlier allows remote attackers to execute arbitrary code via a large packet. | 7.5 |
2004-03-24 | CVE-2004-1851 | Weak Random Key Generation vulnerability in Dameware Development Mini Remote Control Server 4.1.0.0 Dameware Mini Remote Control 4.1.0.0 uses insufficiently random data to create the encryption key, which makes it easier for remote attackers to obtain sensitive information via brute force guessing. | 7.5 |
2004-03-20 | CVE-2004-1847 | Multiple vulnerability in Expinion.net News Manager Lite News Manager Lite 2.5 allows remote attackers to bypass authentication and gain administrator privileges by setting the ADMIN parameter in the NEWS_LOGIN cookie. | 7.5 |
2004-03-20 | CVE-2004-1846 | Multiple vulnerability in Expinion.Net News Manager Lite 2.5 Multiple SQL injection vulnerabilities in News Manager Lite 2.5 allow remote attackers to execute arbitrary SQL code via the (1) ID parameter to more.asp, (2) ID parameter to category_news.asp, or (3) filter parameter to news_sort.asp. | 7.5 |
2004-03-20 | CVE-2004-1843 | SQL Injection vulnerability in Expinion.net Member Management System ID Parameter SQL injection vulnerability in Member Management System 2.1 allows remote attackers to execute arbitrary SQL via the ID parameter to (1) resend.asp or (2) news_view.asp. | 7.5 |
2004-03-20 | CVE-2004-1833 | Privilege Escalation vulnerability in Borland Interbase Database User The admin.ib file in Borland Interbase 7.1 for Linux has default world writable permissions, which allows local users to gain database administrative privileges. | 7.5 |
2004-03-16 | CVE-2004-1826 | SQL Injection vulnerability in Mambo Open Source SQL injection vulnerability in index.php in Mambo Open Source 4.5 stable 1.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2004-03-15 | CVE-2004-1821 | Multiple vulnerability in Warpspeed 4Nalbum Module 0.92 SQL injection vulnerability in 4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to gain privileges or perform unauthorized database operations via the gid parameter. | 7.5 |
2004-03-15 | CVE-2004-1820 | Multiple vulnerability in Warpspeed 4Nalbum Module 0.92 PHP remote file inclusion vulnerability in displaycategory.php in 4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to execute arbitrary PHP code by modifying the basepath parameter to reference a URL on a remote web server that contains fileFunctions.php. | 7.5 |
2004-03-15 | CVE-2004-0193 | Heap Overflow vulnerability in Internet Security Systems Protocol Analysis Module SMB Parsing Heap-based buffer overflow in the ISS Protocol Analysis Module (PAM), as used in certain versions of RealSecure Network 7.0 and Server Sensor 7.0, Proventia A, G, and M Series, RealSecure Desktop 7.0 and 3.6, RealSecure Guard 3.6, RealSecure Sentry 3.6, BlackICE PC Protection 3.6, and BlackICE Server Protection 3.6, allows remote attackers to execute arbitrary code via an SMB packet containing an authentication request with a long username. | 7.5 |