|
347751
|
- |
|
minihttpserver.net
|
web_forums_server
|
Directory traversal vulnerability in Web Forums Server 1.6 and 2.0 Power Pack allows remote attackers to read arbitrary files via a URL containing (1) "..\" (dot dot backslash), (2) "../" (dot dot sl…
|
NVD-CWE-Other
|
CVE-2004-1496
|
2016-10-18 11:55 |
2004-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347752
|
- |
|
-
|
-
|
Web Forums Server 1.6 and 2.0 Power Pack stores passwords in plaintext in the Username.ini file, which allows local users to gain privileges.
|
NVD-CWE-Other
|
CVE-2004-1497
|
2016-10-18 11:55 |
2004-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347753
|
- |
|
webhost_automation
|
helm_control_panel
|
SQL injection vulnerability in the compose message form in HELM 3.1.19 and earlier allows remote attackers to execute arbitrary SQL commands via the messageToUserAccNum parameter.
|
NVD-CWE-Other
|
CVE-2004-1498
|
2016-10-18 11:55 |
2004-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347754
|
- |
|
jelsoft
|
vbulletin
|
SQL injection vulnerability in (1) ttlast.php and (2) last10.php in vBulletin 3.0.x allows remote attackers to execute arbitrary SQL statements via the fsel parameter, as demonstrated using last.php.
|
NVD-CWE-Other
|
CVE-2004-1515
|
2016-10-18 11:55 |
2004-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347755
|
- |
|
new_media_generation
|
hired_team_trial
|
Hired Team: Trial 2.0 and earlier and 2.200 does not limit how game players can kick other players off the server, including the administrator.
|
NVD-CWE-Other
|
CVE-2004-1526
|
2016-10-18 11:55 |
2004-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347756
|
- |
|
mediawiki
|
mediawiki
|
MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary c…
|
NVD-CWE-Other
|
CVE-2004-1405
|
2016-10-18 11:54 |
2004-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347757
|
- |
|
singapore
|
image_gallery_web_application
|
Multiple cross-site scripting vulnerabilities in Image Gallery Web Application 0.9.10 allow remote attackers to inject arbitrary web script or HTML.
|
NVD-CWE-Other
|
CVE-2004-1409
|
2016-10-18 11:54 |
2004-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347758
|
- |
|
gadu-gadu
|
gadu-gadu_instant_messenger
|
Cross-site scripting (XSS) vulnerability in Gadu-Gadu build 155 and earlier allows remote attackers to inject arbitrary web script via a URL, which is echoed in a popup window that displays a parsing…
|
NVD-CWE-Other
|
CVE-2004-1410
|
2016-10-18 11:54 |
2004-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347759
|
- |
|
gadu-gadu
|
gadu-gadu_instant_messenger
|
Gadu-Gadu 6.1 build 156 allows remote attackers to cause a denial of service (application hang) via a message that contains many special strings that are converted to images.
|
NVD-CWE-Other
|
CVE-2004-1414
|
2016-10-18 11:54 |
2004-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347760
|
- |
|
korweblog
|
korweblog
|
Directory traversal vulnerability in index.php in KorWeblog 1.6.2-cvs and earlier allows remote attackers to read arbitrary files and execute arbitrary PHP files via .. (dot dot) sequences in the lng…
|
NVD-CWE-Other
|
CVE-2004-1426
|
2016-10-18 11:54 |
2004-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
