|
346611
|
- |
|
smartwebby
|
smart_guest_book
|
SmartWebby Smart Guest Book stores SmartGuestBook.mdb (aka the "news database") under the web document root with insufficient access control, which allows remote attackers to obtain sensitive informa…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2004-2608
|
2017-07-20 10:29 |
2004-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
346612
|
- |
|
symantec
|
powerquest_deploycenter
|
The stuffit.com executable on Symantec PowerQuest DeployCenter 5.5 boot disks allows local users to obtain sensitive information (an unencrypted password for a Windows domain account) via four "stuff…
|
NVD-CWE-Other
|
CVE-2004-2609
|
2017-07-20 10:29 |
2004-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
346613
|
- |
|
stefan_bambach
|
mntd
|
mntd_mount.c in mntd before 0.4.2 might allow local users to gain privileges via shell metacharacters in a remount option in the configuration file. NOTE: It is not clear whether this is a vulnerabi…
|
NVD-CWE-Other
|
CVE-2004-2610
|
2017-07-20 10:29 |
2004-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
346614
|
- |
|
steven_schaefer
|
sophster
|
The Change Permissions function in the Sophster suite before 0.9.6 28 May 2004 (aka 0.9.6-r5), possibly including Sophster, FreeSophster, and FreeSophsterPAM, removes the (1) setuid, (2) setgid, and …
|
NVD-CWE-Other
|
CVE-2004-2611
|
2017-07-20 10:29 |
2004-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
346615
|
- |
|
bnc
|
bnc
|
BNC 2.9.0 only grants access when an incorrect password is provided, which allows remote attackers to use the functionality intended for authorized users.
|
NVD-CWE-Other
|
CVE-2004-2612
|
2017-07-20 10:29 |
2004-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
346616
|
- |
|
cutephp
|
cutenews
|
The documentation for CuteNews 1.3.6 and possibly other versions specifies that files under cutenews/data must be manually given world-writable permissions, which allows local users to insert false n…
|
NVD-CWE-Other
|
CVE-2004-2615
|
2017-07-20 10:29 |
2004-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
346617
|
- |
|
pegasi_web_server
|
pegasi_web_server
|
Directory traversal vulnerability in Pegasi Web Server (PWS) 0.2.2 allows remote attackers to read files outside of the web root via a .. (dot dot) directly after the initial '/' (slash) in the URI.
|
NVD-CWE-Other
|
CVE-2004-2617
|
2017-07-20 10:29 |
2004-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
346618
|
- |
|
pegasi_web_server
|
pegasi_web_server
|
Cross-site scripting (XSS) vulnerability in Pegasi Web Server (PWS) 0.2.2 allows remote attackers to inject arbitrary web script or HTML via the URI, directly after the initial '/' (slash).
|
NVD-CWE-Other
|
CVE-2004-2618
|
2017-07-20 10:29 |
2004-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
346619
|
- |
|
paul_l_daniels
|
ripmime
|
ripMIME 1.3.2.3 and earlier allows remote attackers to bypass e-mail protection via a base64 MIME encoded attachment containing invalid characters that are not properly extracted.
|
NVD-CWE-Other
|
CVE-2004-2619
|
2017-07-20 10:29 |
2004-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
346620
|
- |
|
nortel
|
contivity
|
Nortel Contivity VPN Client 2.1.7, 3.00, 3.01, 4.91, and 5.01, when opening a VPN tunnel, does not check the gateway certificate until after a dialog box has been displayed to the user, which creates…
|
NVD-CWE-Other
|
CVE-2004-2621
|
2017-07-20 10:29 |
2004-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
