Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-12-31 | CVE-2004-1552 | SQL Injection vulnerability in Full Revolution Aspwebcalendar 4.5 SQL injection vulnerability in aspWebCalendar allows remote attackers to execute arbitrary SQL statements via (1) the username field on the login page or (2) the eventid parameter to calendar.asp. | 7.5 |
| 2004-12-31 | CVE-2004-1550 | Remote Authentication Bypass vulnerability in Motorola Wr850G 4.0.3Firmware Motorola Wireless Router WR850G running firmware 4.03 allows remote attackers to bypass authentication, log on as an administrator, and obtain sensitive information by repeatedly making an HTTP request for ver.asp until an administrator logs on. | 7.5 |
| 2004-12-31 | CVE-2004-1541 | Remote Command Execution vulnerability in Van Dyke SecureCRT SecureCRT 4.0, 4.1, and possibly other versions, allows remote attackers to execute arbitrary commands via a telnet:// URL that uses the /F option to specify a configuration file on a samba share. | 7.5 |
| 2004-12-31 | CVE-2004-1538 | Input Validation vulnerability in PHPkit 1.6.02/1.6.03/1.6.1 SQL injection vulnerability in include.php in PHPKIT 1.6.03 through 1.6.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2004-12-31 | CVE-2004-1536 | Remote SQL Injection vulnerability in IPBProArcade SQL injection vulnerability in index.php in the ibProArcade module for Invision Power Board (IPB) 1.x and 2.x allows remote attackers to execute arbitrary SQL commands via the cat parameter. | 7.5 |
| 2004-12-31 | CVE-2004-1535 | Remote Security vulnerability in phpBB PHP remote file inclusion vulnerability in admin_cash.php for the Cash Mod module for phpBB allows remote attackers to execute arbitrary PHP code by modifying the phpbb_root_path parameter to reference a URL on a remote web server that contains the code. | 7.5 |
| 2004-12-31 | CVE-2004-1532 | Remote Insecure Default Password vulnerability in AppServ Open Project AppServ 2.5.x and earlier installs a default username and password, which allows remote attackers to gain access. | 7.5 |
| 2004-12-31 | CVE-2004-1531 | SQL Injection vulnerability in Invision Power Board Index.PHP Post Action SQL injection vulnerability in post.php in Invision Power Board (IPB) 2.0.0 through 2.0.2 allows remote attackers to execute arbitrary SQL commands via the qpid parameter. | 7.5 |
| 2004-12-31 | CVE-2004-1530 | Remote vulnerability in Event Calendar SQL injection vulnerability in the Event Calendar module 2.13 for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the (1) eid or (2) cid parameters. | 7.5 |
| 2004-12-31 | CVE-2004-1526 | Remote Security vulnerability in NEW Media Generation Hired Team Trial 2.1/2.2 Hired Team: Trial 2.0 and earlier and 2.200 does not limit how game players can kick other players off the server, including the administrator. | 7.5 |