Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-12-31 | CVE-2004-2429 | Buffer Overflow vulnerability in Spamguard Multiple stack-based and heap-based buffer overflows in EnderUNIX spamGuard before 1.7-BETA allow remote attackers to execute arbitrary code via the (1) qmail_parseline and (2) sendmail_parseline functions in parser.c, (3) loadconfig and (4) removespaces functions in loadconfig.c, and possibly (5) unspecified functions in functions.c. | 7.5 |
| 2004-12-31 | CVE-2004-2425 | Multiple vulnerability in Axis Network Camera And Video Server Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to execute arbitrary commands via accent (`) and possibly other shell metacharacters in the query string to virtualinput.cgi. | 7.5 |
| 2004-12-31 | CVE-2004-2417 | Remote Format String vulnerability in Smtp.Proxy 1.1.3 Format string vulnerability in smtp.c for smtp.proxy 1.1.3 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the (1) client hostname or (2) message-id, which are injected into a syslog message. | 7.5 |
| 2004-12-31 | CVE-2004-2416 | Remote Buffer Overflow vulnerability in Youngzsoft Ccproxy 6.0 Buffer overflow in the logging component of CCProxy allows remote attackers to execute arbitrary code via a long HTTP GET request. | 7.5 |
| 2004-12-31 | CVE-2004-2413 | SQL Injection vulnerability in Virtual Programming VP-ASP Shopproductselect Script SQL injection vulnerability in VP-ASP Shopping Cart 4.0 through 5.0 allows remote attackers to execute arbitrary SQL commands via the (1) Processed0 and (2) Processed1 parameters in a POST request to shopproductselect.asp. | 7.5 |
| 2004-12-31 | CVE-2004-2412 | SQL Injection vulnerability in Virtual Programming VP-ASP Shopping Cart CatalogID Multiple SQL injection vulnerabilities in VP-ASP Shopping Cart 4.0 through 5.0 allow remote attackers to execute arbitrary SQL commands via the catalogid parameter in (1) shopreviewlist.asp and (2) shopreviewadd.asp. | 7.5 |
| 2004-12-31 | CVE-2004-2409 | Local Heap Overflow vulnerability in Samhain Labs Samhain Database Update Buffer overflow in the sh_hash_compdata function for Samhain 1.8.9 through 2.0.1, when running in update mode ("-t update"), might allow attackers to execute arbitrary code. | 7.2 |
| 2004-12-31 | CVE-2004-2401 | Buffer Overrun vulnerability in Ipswitch Imail Express 8.03 Stack-based buffer overflow in Ipswitch IMail Express Web Messaging before 8.05 might allow remote attackers to execute arbitrary code via an HTML message with long "tag text." | 7.5 |
| 2004-12-31 | CVE-2004-2397 | Cleartext Storage of Sensitive Information vulnerability in Broadcom Bluecoat Security Gateway The web-based Management Console in Blue Coat Security Gateway OS 3.0 through 3.1.3.13 and 3.2.1, when importing a private key, stores the key and its passphrase in plaintext in a log file, which allows attackers to steal digital certificates. | 7.5 |
| 2004-12-31 | CVE-2004-2396 | passwd 0.68 does not check the return code for the pam_start function, which has unknown impact and attack vectors that may prevent "safe and proper operation" of PAM. | 7.2 |