|
347451
|
- |
|
cpanel
|
cpanel
|
cPanel 9.9.1-RELEASE-3 allows remote authenticated users to chmod arbitrary files via a symlink attack on the _private directory, which is created when Front Page extensions are enabled.
|
NVD-CWE-Other
|
CVE-2004-1604
|
2016-10-18 11:57 |
2004-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347452
|
- |
|
best_software
saleslogix_corporation
|
saleslogix
|
SalesLogix 6.1 uses client-specified pathnames for writing certain files, which might allow remote authenticated users to create arbitrary files and execute code via the (1) vMME.AttachmentPath or (2…
|
NVD-CWE-Other
|
CVE-2004-1610
|
2016-10-18 11:57 |
2004-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347453
|
- |
|
mozilla
|
mozilla
|
Mozilla allows remote attackers to cause a denial of service (application crash from invalid memory access) via an "unusual combination of visual elements," including several large MARQUEE tags with …
|
NVD-CWE-Other
|
CVE-2004-1614
|
2016-10-18 11:57 |
2004-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347454
|
- |
|
w-agora
|
w-agora
|
list.php in w-Agora 4.1.6a allows remote attackers to reveal the full path via a crafted HTTP request, possibly involving a malformed id parameter.
|
NVD-CWE-Other
|
CVE-2004-1565
|
2016-10-18 11:56 |
2004-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347455
|
- |
|
minihttpserver.net
|
web_forums_server
|
Directory traversal vulnerability in Web Forums Server 1.6 and 2.0 Power Pack allows remote attackers to read arbitrary files via a URL containing (1) "..\" (dot dot backslash), (2) "../" (dot dot sl…
|
NVD-CWE-Other
|
CVE-2004-1496
|
2016-10-18 11:55 |
2004-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347456
|
- |
|
-
|
-
|
Web Forums Server 1.6 and 2.0 Power Pack stores passwords in plaintext in the Username.ini file, which allows local users to gain privileges.
|
NVD-CWE-Other
|
CVE-2004-1497
|
2016-10-18 11:55 |
2004-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347457
|
- |
|
webhost_automation
|
helm_control_panel
|
SQL injection vulnerability in the compose message form in HELM 3.1.19 and earlier allows remote attackers to execute arbitrary SQL commands via the messageToUserAccNum parameter.
|
NVD-CWE-Other
|
CVE-2004-1498
|
2016-10-18 11:55 |
2004-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347458
|
- |
|
jelsoft
|
vbulletin
|
SQL injection vulnerability in (1) ttlast.php and (2) last10.php in vBulletin 3.0.x allows remote attackers to execute arbitrary SQL statements via the fsel parameter, as demonstrated using last.php.
|
NVD-CWE-Other
|
CVE-2004-1515
|
2016-10-18 11:55 |
2004-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347459
|
- |
|
new_media_generation
|
hired_team_trial
|
Hired Team: Trial 2.0 and earlier and 2.200 does not limit how game players can kick other players off the server, including the administrator.
|
NVD-CWE-Other
|
CVE-2004-1526
|
2016-10-18 11:55 |
2004-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347460
|
- |
|
mediawiki
|
mediawiki
|
MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary c…
|
NVD-CWE-Other
|
CVE-2004-1405
|
2016-10-18 11:54 |
2004-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
