Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-12-31 | CVE-2004-1765 | Buffer Overflow vulnerability in MOD Security MOD Security 1.7.4 Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests. | 7.5 |
| 2004-12-31 | CVE-2004-1762 | Remote Security vulnerability in F-Secure Anti-Virus Unknown vulnerability in F-Secure Anti-Virus (FSAV) 4.52 for Linux before Hotfix 3 allows the Sober.D worm to bypass FASV. | 7.5 |
| 2004-12-31 | CVE-2004-1755 | Privilege Escalation vulnerability in BEA WebLogic Server and Express SSL Client The Web Services fat client for BEA WebLogic Server and Express 7.0 SP4 and earlier, when using 2-way SSL and multiple certificates to connect to the same URL, may use the incorrect identity after the first connection, which could allow users to gain privileges. | 7.5 |
| 2004-12-31 | CVE-2004-1734 | Remote Server-Side Script Execution vulnerability in Mantis 0.19.0A PHP remote file inclusion vulnerability in Mantis 0.19.0a allows remote attackers to execute arbitrary PHP code by modifying the (1) t_core_path parameter to bug_api.php or (2) t_core_dir parameter to relationship_api.php to reference a URL on a remote web server that contains the code. | 7.5 |
| 2004-12-31 | CVE-2004-1725 | Buffer Overflow and Integer Handling vulnerability in John Bradley XV 3.10A Stack-based buffer overflow in xvbmp.c in XV allows remote attackers to execute arbitrary code via a crafted image file. | 7.5 |
| 2004-12-31 | CVE-2004-1666 | Remote Buffer Overflow vulnerability in Cerulean Studios Trillian 0.74I Buffer overflow in the MSN module in Trillian 0.74i allows remote MSN servers to execute arbitrary code via a long string that ends in a newline character. | 7.5 |
| 2004-12-31 | CVE-2004-1592 | Remote File Include vulnerability in Ocportal 1.0.3 PHP remote file inclusion vulnerability in index.php in ocPortal 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the req_path parameter to reference a URL on a remote web server that contains a malicious funcs.php script. | 7.5 |
| 2004-12-31 | CVE-2004-1591 | Remote Security vulnerability in Micronet Sp916Bm 1.9 The web interface for Micronet Wireless Broadband Router SP916BM running firmware before 1.9 08/04/2004 resets the password to the default password when the router is shut off, which could allow remote attackers to gain access. | 7.5 |
| 2004-12-31 | CVE-2004-1588 | Input Validation vulnerability in Go Smart Inc GoSmart Message Board SQL injection vulnerability in GoSmart Message Board allows remote attackers to execute arbitrary SQL code via the (1) QuestionNumber and Category parameters to Forum.asp or (2) Username and Password parameter to Login_Exec.asp. | 7.5 |
| 2004-12-31 | CVE-2004-1580 | SQL Injection vulnerability in Devellion Cubecart 2.0.1 SQL injection vulnerability in index.php in CubeCart 2.0.1 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. | 7.5 |