PHP remote file inclusion vulnerability in theme.php in Coppermine Photo Gallery 1.2.2b allows remote attackers to execute arbitrary PHP code by modifying the THEME_DIR parameter to reference a URL on a remote web server that contains user_list_info_box.inc.
Max CVSS
7.5
EPSS Score
9.08%
Published
2004-04-30
Updated
2017-07-11
PHP remote file inclusion vulnerability in init.inc.php in Coppermine Photo Gallery 1.2.0 RC4 allows remote attackers to execute arbitrary PHP code by modifying the CPG_M_DIR to reference a URL on a remote web server that contains functions.inc.php.
Max CVSS
7.5
EPSS Score
9.08%
Published
2004-04-30
Updated
2017-07-11
picmgmtbatch.inc.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers with administrative privileges to execute arbitrary commands via shell metacharacters in the (1) $CONFIG['impath'] or (2) $CONFIG['jpeg_qual'] parameters.
Max CVSS
7.5
EPSS Score
1.32%
Published
2004-04-30
Updated
2017-07-11
SMC Barricade broadband router 7008ABR and 7004VBR enable remote administration by default, which allows remote attackers to gain access by connecting to port 1900.
Max CVSS
7.5
EPSS Score
1.46%
Published
2004-04-28
Updated
2017-07-11
SQL injection vulnerability in modules.php in PHP-Nuke Video Gallery Module 0.1 Beta 5 allows remote attackers to execute arbitrary SQL code via the (1) clipid or (2) catid parameters in a viewclip, viewcat, or voteclip action.
Max CVSS
7.5
EPSS Score
0.26%
Published
2004-04-26
Updated
2017-07-11
Samsung SmartEther SS6215S switch, and possibly other Samsung switches, allows remote attackers and local users to gain administrative access by providing the admin username followed by a password that is the maximum allowed length, then pressing the enter key after the resulting error message.
Max CVSS
7.5
EPSS Score
0.42%
Published
2004-04-26
Updated
2017-07-11
The avatar upload capability in Open Bulletin Board (OpenBB) 1.0.6 and earlier allows remote attackers to execute arbitrary script by uploading files that include scripting code such as Javascript.
Max CVSS
7.5
EPSS Score
1.57%
Published
2004-04-25
Updated
2017-07-11
Cross-site request forgery (CSRF) vulnerabilities in (1) cp_forums.php, (2) cp_usergroup.php, (3) cp_ipbans.php, (4) myhome.php, (5) post.php, or (6) moderator.php in Open Bulletin Board (OpenBB) 1.0.6 and earlier allow remote attackers to execute arbitrary code by including the code in an image tag or a link.
Max CVSS
8.8
EPSS Score
0.86%
Published
2004-04-25
Updated
2024-02-08
blocker.php in Protector System 1.15b1 allows remote attackers to bypass SQL injection protection and execute limited SQL commands via URL-encoded "'" characters ("%27").
Max CVSS
7.5
EPSS Score
0.22%
Published
2004-04-23
Updated
2016-12-20
SQL injection vulnerability in Advanced Guestbook 2.2 allows remote attackers to execute arbitrary SQL commands and gain privileges via the password.
Max CVSS
7.5
EPSS Score
0.26%
Published
2004-04-23
Updated
2017-07-11
Buffer overflow in Kinesphere eXchange POP3 allows remote attackers to execute arbitrary code via a long MAIL FROM field.
Max CVSS
7.5
EPSS Score
30.24%
Published
2004-04-20
Updated
2017-07-11
PHP remote file inclusion vulnerability in album_portal.php in phpBB modified by Przemo 1.8 allows remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter.
Max CVSS
7.5
EPSS Score
5.82%
Published
2004-04-19
Updated
2017-07-11
The Solaris 9 patches 113579-02 through 113579-05, and 114342-02 through 114342-05, prevent ypserv and ypxfrd from properly restricting access to secure NIS maps, which allows local users to use ypcat or ypmatch to extract the contents of a secure map such as passwd.adjunct.byname.
Max CVSS
7.5
EPSS Score
0.28%
Published
2004-04-19
Updated
2017-07-11
SQL injection vulnerability in userlogin.php in Phorum 3.4.7 allows remote attackers to execute arbitrary SQL commands via doubly hex-encoded characters such as "%2527", which is translated to "'", as demonstrated using the phorum_uriauth parameter to list.php.
Max CVSS
7.5
EPSS Score
0.45%
Published
2004-04-19
Updated
2017-07-11
ZoneAlarm Pro 4.5.538.001 and possibly other versions allows remote attackers to bypass e-mail protection via attachments whose names contain certain non-English characters.
Max CVSS
7.5
EPSS Score
0.95%
Published
2004-04-14
Updated
2017-07-11
PHP remote file inclusion vulnerability in affich.php in Gemitel 3.50 allows remote attackers to execute arbitrary PHP code via the base parameter.
Max CVSS
7.5
EPSS Score
11.45%
Published
2004-04-15
Updated
2017-07-11
SQL injection vulnerability in (1) auth.php and (2) admin.php in PHP-Nuke 6.x through 7.2 allows remote attackers to execute arbitrary SQL code and create an administrator account via base64-encoded SQL in the admin parameter.
Max CVSS
7.5
EPSS Score
0.26%
Published
2004-04-12
Updated
2017-07-11
SQL injection vulnerability in the bblogin function in functions.php in PHP-Nuke 6.x through 7.2 allows remote attackers to bypass authentication and gain access by injecting base64-encoded SQL code into the user parameter.
Max CVSS
7.5
EPSS Score
0.25%
Published
2004-04-13
Updated
2017-07-11
The image upload feature in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to upload and possibly execute arbitrary files via the img/wiki_up URL.
Max CVSS
7.5
EPSS Score
3.07%
Published
2004-04-12
Updated
2017-07-11
Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to inject arbitrary code via the (1) Theme, (2) Country, (3) Real Name, or (4) Displayed time zone fields in a User Profile, or the (5) Name, (6) Description, (7) URL, or (8) Country fields in a Directory/Add Site operation.
Max CVSS
7.5
EPSS Score
2.85%
Published
2004-04-11
Updated
2016-10-18
Multiple SQL injection vulnerabilities in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allow remote attackers to execute arbitrary SQL commands via the sort_mode parameter in (1) tiki-usermenu.php, (2) tiki-list_file_gallery.php, (3) tiki-directory_ranking.php, (4) tiki-browse_categories.php, (5) tiki-index.php, (6) tiki-user_tasks.php, (7) tiki-directory_ranking.php, (8) tiki-directory_search.php, (9) tiki-file_galleries.php, (10) tiki-list_faqs.php, (11) tiki-list_trackers.php, (12) tiki-list_blogs.php, or via the offset parameter in (13) tiki-usermenu.php, (14) tiki-browse_categories.php, (15) tiki-index.php, (16) tiki-user_tasks.php, (17) tiki-list_faqs.php, (18) tiki-list_trackers.php, or (19) tiki-list_blogs.php.
Max CVSS
7.5
EPSS Score
0.32%
Published
2004-04-12
Updated
2017-07-11
X-Micro WLAN 11b Broadband Router 1.6.0.1 has a hardcoded "1502" username and password, which could allow remote attackers to gain access.
Max CVSS
7.5
EPSS Score
1.57%
Published
2004-04-10
Updated
2017-07-11
X-Micro WLAN 11b Broadband Router 1.2.2, 1.2.2.3, 1.2.2.4, and 1.6.0.0 has a hardcoded "super" username and password, which could allow remote attackers to gain access.
Max CVSS
7.5
EPSS Score
1.11%
Published
2004-04-10
Updated
2017-07-11
Format string vulnerability in test_func_func in LCDProc 0.4.1 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the str variable.
Max CVSS
7.5
EPSS Score
37.07%
Published
2004-04-08
Updated
2017-07-11
Multiple buffer overflows in LCDProc 0.4.1, and possibly other 0.4.x versions up to 0.4.4, allows remote attackers to execute arbitrary code via (1) a long invalid command to parse_all_client_messages function, or (2) long argv command to test_func_func function.
Max CVSS
7.5
EPSS Score
47.30%
Published
2004-04-08
Updated
2017-07-11
52 vulnerabilities found
1 2 3
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!