Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-12-31 | CVE-2004-2474 | SQL Injection vulnerability in PHPnews 1.2.3 SQL injection vulnerability in PHPNews 1.2.3 allows remote attackers to execute arbitrary SQL commands via the mid parameter to sendtofriend.php. | 7.5 |
| 2004-12-31 | CVE-2004-2471 | Parameter Unspecified SQL Injection vulnerability in JamesOff Quoteengine 1.0/1.1 SQL injection vulnerability in the sloth TCL script in QuoteEngine before 1.2.0 allow remote attackers to execute arbitrary SQL commands via unknown vectors. | 7.5 |
| 2004-12-31 | CVE-2004-2461 | Remote POP3 Protocol vulnerability in gnubiff Buffer overflow in pop3.c in gnubiff before 2.0.0 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code. | 7.5 |
| 2004-12-31 | CVE-2004-2456 | Remote SQL Injection vulnerability in MiniBB SQL injection vulnerability in index.php in miniBB 1.7f and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter in a userinfo action. | 7.5 |
| 2004-12-31 | CVE-2004-2455 | Unspecified vulnerability in Sweex Wireless Broadband Router Accesspoint 802.11G Lc000060 Sweex Wireless Broadband Router/Accesspoint 802.11g (LC000060) allows remote attackers to obtain sensitive information and gain privileges by using TFTP to download the nvram file, then extracting the username, password, and other data from the file. | 7.5 |
| 2004-12-31 | CVE-2004-2443 | Input Validation vulnerability in Jaws 0.2/0.3 Jaws 0.3 allows remote attackers to bypass authentication and via an HTTP request to admin.php with the logged cookie set to the MD5 hash of a null password, which is compared against the logged session variable by the logged_on function in application.php. | 7.5 |
| 2004-12-31 | CVE-2004-2437 | SQL and HTML Injection vulnerability in PHP Fusion PHP Fusion 4.01 SQL injection vulnerability in PHP-Fusion 4.01 allows remote attackers to execute arbitrary SQL commands via the rowstart parameter to (1) index.php or (2) members.php, or (3) the comment_id parameter to comments.php. | 7.5 |
| 2004-12-31 | CVE-2004-2433 | Remote Buffer Overflow vulnerability in Altnet ADM ActiveX Control Buffer overflow in the IsValidFile function in the ADM ActiveX control for Altnet Download Manager 4.0.0.4 and earlier, as used in Kazaa Media Desktop 1.3 through 2.6.4 and Grokkster 1.3 through 2.6, allows remote attackers to execute arbitrary code via a long bstrFilepath parameter. | 7.5 |
| 2004-12-31 | CVE-2004-2431 | Authentication Bypass vulnerability in ignitionServer Server Link Service Unknown vulnerability in The Ignition Project ignitionServer 0.1.2 through 0.3.1, with the linking service enabled, allows remote attackers to bypass authentication. | 7.5 |
| 2004-12-31 | CVE-2004-2430 | Local Privilege Escalation vulnerability in Trend Micro OfficeScan Trend OfficeScan Corporate Edition 5.58 and possibly earler does not drop privileges when opening a help window from a virus detection pop-up window, which allows local users to gain SYSTEM privileges. | 7.2 |