Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-12-31 | CVE-2004-2175 | SQL Injection vulnerability in All Enthusiast ReviewPost PHP PRO 2.5/2.5.1 Multiple SQL injection vulnerabilities in ReviewPost PHP Pro allow remote attackers to execute arbitrary SQL commands via the (1) product parameter to showproduct.php or (2) cat parameter to showcat.php. | 7.5 |
| 2004-12-31 | CVE-2004-2173 | Multiple vulnerability in EarlyImpact ProductCart SQL injection vulnerability in advSearch_h.asp in EarlyImpact ProductCart allows remote attackers to execute arbitrary SQL commands via the priceUntil parameter. | 7.5 |
| 2004-12-31 | CVE-2004-2172 | Inadequate Encryption Strength vulnerability in Netsourcecommerce Productcart EarlyImpact ProductCart uses a weak encryption scheme to encrypt passwords, which allows remote attackers to obtain the password via a chosen plaintext attack. | 7.5 |
| 2004-12-31 | CVE-2004-2167 | Remote Buffer Overflow vulnerability in Latex2Rtf 1.9.15 Multiple buffer overflows in LaTeX2rtf 1.9.15, and possibly other versions, allow remote attackers to execute arbitrary code via (1) the expandmacro function, and possibly (2) Environments and (3) TranslateCommand. | 7.5 |
| 2004-12-31 | CVE-2004-2166 | Unspecified vulnerability in Canon Imagerunner 5000I and Imagerunner C3200 The print-from-email feature in the Canon ImageRUNNER (iR) 5000i and C3200 digital printer, when not using IP address range filtering, allows remote attackers to print arbitrary text without authentication via a text/plain email to TCP port 25. | 7.5 |
| 2004-12-31 | CVE-2004-2163 | Authentication Bypass vulnerability in Openbsd 3.2/3.4/3.5 login_radius on OpenBSD 3.2, 3.5, and possibly other versions does not verify the shared secret in a response packet from a RADIUS server, which allows remote attackers to bypass authentication by spoofing server replies. | 7.5 |
| 2004-12-31 | CVE-2004-2161 | Remote Input Validation vulnerability in Tutos 1.120040414 SQL injection vulnerability in file_overview.php in TUTOS 1.1 allows remote attackers to execute arbitrary SQL commands via the link_id parameter. | 7.5 |
| 2004-12-31 | CVE-2004-2158 | Input Validation vulnerability in S9Y Serendipity 0.7Beta1 SQL injection vulnerability in Serendipity 0.7-beta1 allows remote attackers to execute arbitrary SQL commands via the entry_id parameter to (1) exit.php or (2) comment.php. | 7.5 |
| 2004-12-31 | CVE-2004-2155 | Authentication Bypass vulnerability in Online-Bookmarks Online-bookmarks before 0.4.6 allows remote attackers to bypass its authentication mechanism via a direct request to (1) config/*, (2) bookmarks.php, (3) footer.php, (4) main.php, (5) tree.php, or (6) functions.php. | 7.5 |
| 2004-12-31 | CVE-2004-2148 | Local vulnerability in Slava Astashonok Fprobe Unknown local vulnerability in the "change user" feature of Slava Astashonok Fprobe 1.0.5 and earlier has unknown impact and attack vectors. | 7.2 |