Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2004-12-31 CVE-2004-2347 Remote Command Execution vulnerability in Leif M. Wright web Blog 1.1/1.1.5
blog.cgi in Leif M.
network
low complexity
leif-m-wright
7.5
2004-12-31 CVE-2004-2341 Remote Security vulnerability in iSearch
PHP file include injection vulnerability in isearch.inc.php for iSearch allows remote attackers to execute arbitrary code via the isearch_path parameter.
network
low complexity
isearch
7.5
2004-12-31 CVE-2004-2340 Remote SQL Injection vulnerability in PunkBuster Database
** UNVERIFIABLE ** SQL injection vulnerability in PunkBuster Screenshot Database (PB-DB) Alpha 6 allows remote attackers to execute arbitrary SQL commands via the username and password fields of the login form.
network
low complexity
even-balance
7.5
2004-12-31 CVE-2004-2338 Unspecified vulnerability in Openbsd 3.3/3.4
OpenBSD 3.3 and 3.4 does not properly parse Accept and Deny rules without netmasks on big-endian 64-bit platforms such as SPARC64, which may allow remote attackers to bypass access restrictions.
network
low complexity
openbsd
7.5
2004-12-31 CVE-2004-2335 Local Privilege Escalation vulnerability in Macromedia Contribute and Studio
The Macromedia installers and e-licensing client on Mac OS X, as used for Macromedia Contribute 2, Director, Dreamweaver, Fireworks, Flash, and Studio, install the AuthenticationService setuid and writable by other users, which allows local users to gain privileges by modifying the program.
local
low complexity
macromedia
7.2
2004-12-31 CVE-2004-2329 Local Privilege Escalation vulnerability in Kerio Personal Firewall 2.1.5
Kerio Personal Firewall (KPF) 2.1.5 allows local users to execute arbitrary code with SYSTEM privileges via the Load button in the Firewall Configuration Files option, which does not drop privileges before opening the file loading dialog box.
local
low complexity
kerio
7.2
2004-12-31 CVE-2004-2326 SQL Injection vulnerability in IP3 Networks products
SQL injection vulnerability in IP3 Networks NetAccess Appliance before firmware 3.1.18b13 allows remote attackers to bypass authentication via the (1) login or (2) password.
network
low complexity
ip3-networks
7.5
2004-12-31 CVE-2004-2324 Multiple vulnerability in DotNetNuke
SQL injection vulnerability in DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d allows remote attackers to modify the backend database via the (1) table and (2) field parameters in LinkClick.aspx.
network
low complexity
dotnetnuke
7.5
2004-12-31 CVE-2004-2322 SQL-Injection vulnerability in Phpwebsite
SQL injection vulnerability in the (1) announce and (2) notes modules of phpWebSite before 0.9.3-2 allows remote attackers to execute arbitrary SQL queries, as demonstrated using the ANN_id parameter to the announce module.
network
low complexity
phpwebsite
7.5
2004-12-31 CVE-2004-2314 Remote Security vulnerability in Novell Ichain 2.1/2.2
The Telnet listener for Novell iChain Server before 2.2 Field Patch 3b 2.2.116 does not have a password by default, which allows remote attackers to gain access.
network
low complexity
novell
7.5