|
345801
|
- |
|
newsphp
|
newsphp
|
NewsPHP allows remote attackers to gain unauthorized administrative access by setting a cookie to the "autorized=admin; root=admin" value.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2004-2689
|
2017-07-29 10:29 |
2004-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
345802
|
- |
|
newsphp
|
newsphp
|
Unrestricted file upload vulnerability in the Administration Panel for NewsPHP allows remote authenticated administrators to upload and execute arbitrary code instead of video files.
|
NVD-CWE-Other
|
CVE-2004-2690
|
2017-07-29 10:29 |
2004-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
345803
|
- |
|
3com
|
3c17205-us
3c17210-us
superstack_3_switch
|
Unspecified vulnerability in 3Com SuperStack 3 4400 switches with firmware version before 3.31 allows remote attackers to cause a denial of service (device reset) via a crafted request to the web man…
|
NVD-CWE-Other
|
CVE-2004-2691
|
2017-07-29 10:29 |
2004-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
345804
|
- |
|
kyberdigi_labs
|
php-exec-dir
|
The exec_dir PHP patch (php-exec-dir) 4.3.2 through 4.3.7 with safe mode disabled allows remote attackers to bypass restrictions and execute arbitrary commands via a backtick operator, which is not h…
|
CWE-16
CWE-264
Configuration
Permissions, Privileges, and Access Controls
|
CVE-2004-2692
|
2017-07-29 10:29 |
2004-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
345805
|
- |
|
bea
|
weblogic_server
|
BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, when using Remote Method Invocation (RMI) over Internet Inter-ORB Protocol (IIOP), does not properly handle when multiple logins for differ…
|
CWE-255
Credentials Management
|
CVE-2004-2696
|
2017-07-29 10:29 |
2004-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
345806
|
- |
|
ibm
|
aix
|
The Inventory Scout daemon (invscoutd) 1.3.0.0 and 2.0.2 for AIX 4.3.3 and 5.1 allows local users to gain privileges via a symlink attack on a command line argument (log file). NOTE: this might be r…
|
CWE-362
Race Condition
|
CVE-2004-2697
|
2017-07-29 10:29 |
2004-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
345807
|
- |
|
imwheel
|
imwheel
|
Race condition in IMWheel 1.0.0pre11 and earlier, when running with the -k option, allows local users to cause a denial of service (IMWheel crash) and possibly modify arbitrary files via a symlink at…
|
CWE-362
Race Condition
|
CVE-2004-2698
|
2017-07-29 10:29 |
2004-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
345808
|
- |
|
aspdotnetstorefront
|
aspdotnetstorefront
|
deleteicon.aspx in AspDotNetStorefront 3.3 allows remote attackers to delete arbitrary product images via a modified ProductID parameter.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2004-2699
|
2017-07-29 10:29 |
2004-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
345809
|
- |
|
aspdotnetstorefront
|
aspdotnetstorefront
|
Cross-site scripting (XSS) vulnerability in signin.aspx for AspDotNetStorefront 3.3 allows remote attackers to inject arbitrary web script or HTML via the returnurl parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2004-2701
|
2017-07-29 10:29 |
2004-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
345810
|
- |
|
swsoft
|
plesk
|
Cross-site scripting (XSS) vulnerability in login_up.php3 in Plesk 7.0 and 7.1 Reloaded allows remote attackers to inject arbitrary web script or HTML via the login_name parameter. NOTE: this might …
|
CWE-79
Cross-site Scripting
|
CVE-2004-2702
|
2017-07-29 10:29 |
2004-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
