Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-01-10 | CVE-2004-1054 | Unspecified vulnerability in IBM AIX Untrusted execution path vulnerability in invscout in IBM AIX 5.1.0, 5.2.0, and 5.3.0 allows local users to gain privileges by modifying the PATH environment variable to point to a malicious "uname" program, which is executed from lsvpd after lsvpd has been invoked by invscout. | 7.2 |
| 2005-01-10 | CVE-2004-1028 | Unspecified vulnerability in IBM AIX Untrusted execution path vulnerability in chcod on AIX IBM 5.1.0, 5.2.0, and 5.3.0 allows local users to execute arbitrary programs by modifying the PATH environment variable to point to a malicious "grep" program, which is executed from chcod. | 7.2 |
| 2005-01-10 | CVE-2004-0894 | Unspecified vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP LSASS (Local Security Authority Subsystem Service) of Windows 2000 Server and Windows Server 2003 does not properly validate connection information, which allows local users to gain privileges via a specially-designed program. | 7.2 |
| 2005-01-10 | CVE-2004-0893 | Unspecified vulnerability in Microsoft products The Local Procedure Call (LPC) interface of the Windows Kernel for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the lengths of messages sent to the LPC port, which allows local users to gain privileges, aka "Windows Kernel Vulnerability." | 7.2 |
| 2005-01-04 | CVE-2005-0280 | Remote vulnerability in Jowood Productions Soldner Secret Wars 30830 Format string vulnerability in Soldner Secret Wars 30830 and earlier allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via format string specifiers in a message. | 7.5 |
| 2005-01-03 | CVE-2005-0271 | SQL-Injection vulnerability in Photopost Reviewpost PHP PRO 1.0.2/2.5 Multiple SQL injection vulnerabilities in ReviewPost PHP Pro before 2.84 allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to showcat.php or (2) product parameter to addfav.php. | 7.5 |
| 2005-01-03 | CVE-2005-0268 | Unspecified vulnerability in Flatnuke 2.5.1 Direct code injection vulnerability in FlatNuke 2.5.1 allows remote attackers to execute arbitrary PHP code by placing the code into the url_avatar field. | 7.5 |
| 2004-12-31 | CVE-2004-2758 | Denial-Of-Service vulnerability in Sunforum 3.2/3D1.0 Multiple unspecified vulnerabilities in the H.323 protocol implementation for Sun SunForum 3.2 and 3D 1.0 allow remote attackers to cause a denial of service (segmentation fault and process crash), as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol. | 7.5 |
| 2004-12-31 | CVE-2004-2754 | SQL Injection vulnerability in Yabb SE SQL injection vulnerability in SSI.php in YaBB SE 1.5.4, 1.5.3, and possibly other versions before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the ID_MEMBER parameter to the (1) recentTopics and (2) welcome functions. | 7.5 |
| 2004-12-31 | CVE-2004-2746 | SQL Injection vulnerability in Pensacola web Designs Xtremeasp Photogallery 2.0 SQL injection vulnerability in adminlogin.asp in XTREME ASP Photo Gallery 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. | 7.5 |