Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-12-31 | CVE-2004-2695 | SQL Injection vulnerability in multiple products SQL injection vulnerability in the Authorize.net callback code (subscriptions/authorize.php) in Jelsoft vBulletin 3.0 through 3.0.3 allows remote attackers to execute arbitrary SQL statements via the x_invoice_num parameter. | 7.5 |
| 2004-12-31 | CVE-2004-2693 | Permissions, Privileges, and Access Controls vulnerability in HP Hp-Ux 11.00/11.04/11.11 HP-UX B.11.00 and B.11.11 with B6848AB GTK+ Support Libraries installed uses insecure directory permissions, which allows local users to gain privileges via files in /opt/gnome/src/GLib/. | 7.2 |
| 2004-12-31 | CVE-2004-2691 | Denial-Of-Service vulnerability in 3Com 3C17205-Us, 3C17210-Us and Superstack 3 Switch Unspecified vulnerability in 3Com SuperStack 3 4400 switches with firmware version before 3.31 allows remote attackers to cause a denial of service (device reset) via a crafted request to the web management interface. network 3com | 7.1 |
| 2004-12-31 | CVE-2004-2690 | File-Upload vulnerability in newsPHP Unrestricted file upload vulnerability in the Administration Panel for NewsPHP allows remote authenticated administrators to upload and execute arbitrary code instead of video files. network newsphp | 8.5 |
| 2004-12-31 | CVE-2004-2686 | Path Traversal vulnerability in SUN Solaris and Sunos Directory traversal vulnerability in the vfs_getvfssw function in Solaris 2.6, 7, 8, and 9 allows local users to load arbitrary kernel modules via crafted (1) mount or (2) sysfs system calls. | 7.2 |
| 2004-12-31 | CVE-2004-2685 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Youngzsoft Ccproxy Buffer overflow in YoungZSoft CCProxy 6.2 and earlier allows remote attackers to execute arbitrary code via a long address in a ping (p) command to the Telnet proxy service, a different vector than CVE-2004-2416. | 7.5 |
| 2004-12-31 | CVE-2004-2681 | Cross-Site Scripting vulnerability in MatrixSSL PeerSec MatrixSSL before 1.1 caches session keys for an indefinitely long time, which might make it easier for remote attackers to hijack a session. | 7.5 |
| 2004-12-31 | CVE-2004-2679 | Information Disclosure vulnerability in Checkpoint Firewall-1 4.0/4.1/R55 Check Point Firewall-1 4.1 up to NG AI R55 allows remote attackers to obtain potentially sensitive information by sending an Internet Key Exchange (IKE) with a certain Vendor ID payload that causes Firewall-1 to return a response containing version and other information. | 7.8 |
| 2004-12-31 | CVE-2004-2677 | Remote Format String vulnerability in Qwikmail Smtp 0.3 Format string vulnerability in qwik-smtpd.c in QwikMail SMTP (qwik-smtpd) 0.3 and earlier allows remote attackers to execute arbitrary code via format specifiers in the (1) clientRcptTo array, and the (2) Received and (3) messageID variables, possibly involving HELO and hostname arguments. | 7.5 |
| 2004-12-31 | CVE-2004-2676 | Local Security vulnerability in Webroot Software SPY Sweeper Enterprise 1.5.1Build3698 The Spy Sweeper Enterprise Client (SpySweeperTray.exe) in WebRoot Spy Sweeper before 2.0 does not drop privileges when using the help functionality, which allows local users to gain privileges. | 7.2 |