|
350131
|
- |
|
debian
gentoo
|
tetex-bin
linux
|
The xdvizilla script in tetex-bin 2.0.2 creates temporary files with predictable file names, which allows local users to overwrite arbitrary files via a symlink attack.
|
NVD-CWE-Other
|
CVE-2004-1336
|
2017-07-11 10:30 |
2004-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
350132
|
- |
|
gnu
conectiva
ubuntu
|
realtime_linux_security_module
linux
ubuntu_linux
|
The POSIX Capability Linux Security Module (LSM) for Linux kernel 2.6 does not properly handle the credentials of a process that is launched before the module is loaded, which allows local users to g…
|
NVD-CWE-Other
|
CVE-2004-1337
|
2017-07-11 10:30 |
2004-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
350133
|
- |
|
oracle
|
database_server
oracle9i
|
The triggers in Oracle 9i and 10g allow local users to gain privileges by using a sequence of partially privileged actions: using CCBKAPPLROWTRIG or EXEC_CBK_FN_DML to add arbitrary functions to the …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2004-1338
|
2017-07-11 10:30 |
2004-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
350134
|
- |
|
oracle
|
database_server
oracle9i
|
SQL injection vulnerability in the (1) MDSYS.SDO_GEOM_TRIG_INS1 and (2) MDSYS.SDO_LRS_TRIG_INS default triggers in Oracle 9i and 10g allows remote attackers to execute arbitrary SQL commands via the …
|
CWE-89
SQL Injection
|
CVE-2004-1339
|
2017-07-11 10:30 |
2004-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
350135
|
- |
|
debian
|
debian_linux
|
Debian GNU/Linux 3.0 installs the libpam-radius-auth package with the pam_radius_auth.conf set to be world-readable, which allows local users to obtain sensitive information.
|
NVD-CWE-Other
|
CVE-2004-1340
|
2017-07-11 10:30 |
2005-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
350136
|
- |
|
roar_smith
|
info2www
|
Cross-site scripting (XSS) vulnerability in info2www before 1.2.2.9 allows remote attackers to inject arbitrary web script or HTML via the arguments to info2www.
|
NVD-CWE-Other
|
CVE-2004-1341
|
2017-07-11 10:30 |
2005-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
350137
|
- |
|
sun
|
java_system_web_proxy_server
|
Multiple buffer overflows in Sun Java System Web Proxy Server (formerly Sun ONE Proxy Server) 3.6 through 3.6 SP4 allow remote attackers to execute arbitrary code via unknown vectors, possibly CONNEC…
|
NVD-CWE-Other
|
CVE-2004-1350
|
2017-07-11 10:30 |
2004-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
350138
|
- |
|
oracle
|
application_server
collaboration_suite
e-business_suite
enterprise_manager
enterprise_manager_database_control
enterprise_manager_grid_control
oracle10g
oracle8i
oracle9i
|
The PL/SQL module for the Oracle HTTP Server in Oracle Application Server 10g, when using the WE8ISO8859P1 character set, does not perform character conversions properly, which allows remote attacker…
|
NVD-CWE-Other
|
CVE-2004-1362
|
2017-07-11 10:30 |
2004-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
350139
|
- |
|
oracle
|
application_server
collaboration_suite
e-business_suite
enterprise_manager
enterprise_manager_database_control
enterprise_manager_grid_control
oracle10g
oracle8i
oracle9i
|
Extproc in Oracle 9i and 10g does not require authentication to load a library or execute a function, which allows local users to execute arbitrary commands as the Oracle user.
|
NVD-CWE-Other
|
CVE-2004-1365
|
2017-07-11 10:30 |
2004-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
350140
|
- |
|
oracle
|
application_server
collaboration_suite
e-business_suite
enterprise_manager
enterprise_manager_database_control
enterprise_manager_grid_control
oracle10g
oracle8i
oracle9i
|
Oracle 10g Database Server stores the password for the SYSMAN account in cleartext in the world-readable emoms.properties file, which could allow local users to gain DBA privileges.
|
CWE-255
Credentials Management
|
CVE-2004-1366
|
2017-07-11 10:30 |
2004-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
