Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-12-31 | CVE-2004-1574 | Remote Buffer Overflow vulnerability in VyPRESS Messenger Buffer overflow in Vypress Messenger 3.5.1 and earlier allows remote attackers to execute arbitrary code via a message with a long first field. | 7.5 |
| 2004-12-31 | CVE-2004-1573 | The documentation for AJ-Fork 167 implies that users should set permissions for users.db.php to 777, which allows local users to execute arbitrary PHP code and gain privileges as the administrator. | 7.2 |
| 2004-12-31 | CVE-2004-1570 | SQL Injection vulnerability in Eaden Mckee Bblog 0.7.2/0.7.3 SQL injection vulnerability in bBlog 0.7.2 and 0.7.3 allows remote attackers to execute arbitrary SQL commands via the p parameter. | 7.5 |
| 2004-12-31 | CVE-2004-1567 | Input Validation vulnerability in Silent-Storm Portal profile.php in Silent Storm Portal 2.1 and 2.2 allows remote attackers to gain privileges by setting the mail parameter to 1, which is the value for an administrator. | 7.5 |
| 2004-12-31 | CVE-2004-1562 | Remote Input Validation vulnerability in W-Agora 4.1.6A SQL injection vulnerability in redir_url.php in w-Agora 4.1.6a allows remote attackers to execute arbitrary SQL commands via the key parameter. | 7.5 |
| 2004-12-31 | CVE-2004-1561 | Buffer Overflow vulnerability in Icecast Server HTTP Header Buffer overflow in Icecast 2.0.1 and earlier allows remote attackers to execute arbitrary code via an HTTP request with a large number of headers. | 7.5 |
| 2004-12-31 | CVE-2004-1558 | Remote Buffer Overflow vulnerability in YahooPOPS! Multiple stack-based buffer overflows in YPOPs! (aka YahooPOPS) 0.4 through 0.6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) POP3 USER command or (2) SMTP request. | 7.5 |
| 2004-12-31 | CVE-2004-1555 | SQL Injection vulnerability in BroadBoard Message Board Multiple SQL injection vulnerabilities in BroadBoard Instant ASP Message Board allow remote attackers to run arbitrary SQL commands via the (1) keywords parameter to search.asp, (2) handle parameter to profile.asp, (3) txtUserHandle parameter to reg2.asp or (4) txtUserEmail parameter to forgot.asp. | 7.5 |
| 2004-12-31 | CVE-2004-1554 | Remote PHP File Include vulnerability in Alexphpteam Alex Guestbook 3.12 PHP remote file inclusion vulnerability in livre_include.php in @lex Guestbook allows remote attackers to execute arbitrary PHP code by modifying the chem_absolu parameter to reference a URL on a remote web server that contains the code. | 7.5 |
| 2004-12-31 | CVE-2004-1553 | SQL Injection vulnerability in Fullrevolution Aspwebalbum 3.2 SQL injection vulnerability in aspWebAlbum allows remote attackers to execute arbitrary SQL statements via (1) the username field on the login page or (2) the cat parameter to album.asp. | 7.5 |