Security Vulnerabilities, CVEs, Published In May 2004 CVSS score >= 7
Multiple SQL injection vulnerabilities in e107 0.615 allow remote attackers to inject arbitrary SQL code and gain sensitive information via (1) content parameter to content.php, (2) content_id parameter to content.php, or (3) list parameter to news.php.
Max CVSS
7.5
EPSS Score
1.24%
Published
2004-05-29
Updated
2017-07-11
PHP remote file inclusion vulnerability in secure_img_render.php in e107 0.615 allows remote attackers to execute arbitrary PHP code by modifying the p parameter to reference a URL on a remote web server that contains the code.
Max CVSS
7.5
EPSS Score
2.34%
Published
2004-05-29
Updated
2017-07-11
SQL injection vulnerability in the art_print function in print.inc.php in unknown versions of jPortal before 2.3.1 allows remote attackers to inject arbitrary SQL commands via the id parameter.
Max CVSS
7.5
EPSS Score
0.88%
Published
2004-05-28
Updated
2017-07-11
Netgear RP114 allows remote attackers to bypass the keyword based URL filtering by requesting a long URL, as demonstrated using a large number of %20 (hex-encoded space) sequences.
Max CVSS
7.5
EPSS Score
2.18%
Published
2004-05-24
Updated
2017-07-11
The Live CD in SUSE LINUX 9.1 Personal edition is configured without a password for root, which allows remote attackers to gain privileges via SSH.
Max CVSS
10.0
EPSS Score
0.88%
Published
2004-05-06
Updated
2017-07-11
Buffer overflow in the ssl_prcert function in the SSLway filter (sslway.c) for DeleGate 8.9.2 and earlier allows remote attackers to execute arbitrary code via a certificate with a long (1) subject or (2) issuer name field.
Max CVSS
7.5
EPSS Score
14.28%
Published
2004-05-06
Updated
2017-07-11
SQL injection vulnerability in the Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to execute arbitrary SQL via the (1) orderby or (2) sid parameters to modules.php.
Max CVSS
7.5
EPSS Score
1.02%
Published
2004-05-05
Updated
2018-10-19
The patch to the checklogin function in omail.pl for omail webmail 0.98.5 is incomplete, which allows remote attackers to execute arbitrary commands via shell metacharacters such as "`" (backticks) in the password.
Max CVSS
10.0
EPSS Score
18.31%
Published
2004-05-04
Updated
2017-07-11
Buffer overflow in the HTTP parser for MPlayer 1.0pre3 and earlier, 0.90, and 0.91 allows remote attackers to execute arbitrary code via a long Location header.
Max CVSS
10.0
EPSS Score
28.71%
Published
2004-05-04
Updated
2017-07-11
Unknown vulnerability in Mail for Mac OS X 10.3.3 and 10.2.8, with unknown impact, related to "the handling of HTML-formatted email."
Max CVSS
7.2
EPSS Score
0.05%
Published
2004-05-04
Updated
2017-07-11
Unknown vulnerability in the CUPS printing system in Mac OS X 10.3.3 and Mac OS X 10.2.8 with unknown impact, possibly related to a configuration file setting.
Max CVSS
7.2
EPSS Score
0.05%
Published
2004-05-04
Updated
2017-07-11
The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 through Outlook Express 6 SP1 allows remote attackers to bypass domain restrictions and execute arbitrary code, as demonstrated on Internet Explorer using script in a compiled help (CHM) file that references the InfoTech Storage (ITS) protocol handlers such as (1) ms-its, (2) ms-itss, (3) its, or (4) mk:@MSITStore, aka the "MHTML URL Processing Vulnerability."
Max CVSS
10.0
EPSS Score
96.59%
Published
2004-05-04
Updated
2018-10-12
Buffer overflow in the win32_stat function for (1) ActiveState's ActivePerl and (2) Larry Wall's Perl before 5.8.3 allows local or remote attackers to execute arbitrary commands via filenames that end in a backslash character.
Max CVSS
10.0
EPSS Score
3.49%
Published
2004-05-04
Updated
2017-07-11
Double free vulnerability in dtlogin in CDE on Solaris, HP-UX, and other operating systems allows remote attackers to execute arbitrary code via a crafted XDMCP packet.
Max CVSS
10.0
EPSS Score
85.17%
Published
2004-05-04
Updated
2017-10-11
SQL injection vulnerability in the libpam-pgsql library before 0.5.2 allows attackers to execute arbitrary SQL statements.
Max CVSS
7.5
EPSS Score
0.43%
Published
2004-05-04
Updated
2024-02-09
The dissect_attribute_value_pairs function in packet-radius.c for Ethereal 0.8.13 to 0.10.2 allows remote attackers to cause a denial of service (crash) via a malformed RADIUS packet that triggers a null dereference.
Max CVSS
7.5
EPSS Score
28.12%
Published
2004-05-04
Updated
2023-12-28
isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service via an ISAKMP packet with a malformed Cert Request payload, which causes an integer underflow that is used in a malloc operation that is not properly handled, as demonstrated by the Striker ISAKMP Protocol Test Suite.
Max CVSS
10.0
EPSS Score
1.76%
Published
2004-05-04
Updated
2017-07-11
Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket."
Max CVSS
7.5
EPSS Score
42.89%
Published
2004-05-04
Updated
2024-02-15
Multiple buffer overflows in ecartis before 1.0.0 allow attackers to cause a denial of service and possibly execute arbitrary code.
Max CVSS
10.0
EPSS Score
0.32%
Published
2004-05-04
Updated
2017-07-11
Unknown vulnerability in ecartis before 1.0.0 does not properly validate user input, which allows attackers to obtain mailing list passwords.
Max CVSS
10.0
EPSS Score
0.23%
Published
2004-05-04
Updated
2017-07-11
Multiple buffer overflows in vfte, based on FTE, before 0.50, allow local users to execute arbitrary code.
Max CVSS
10.0
EPSS Score
0.23%
Published
2004-05-04
Updated
2017-07-11
21 vulnerabilities found