|
299701
|
- |
|
newsphp
|
newsphp
|
Unrestricted file upload vulnerability in the Administration Panel for NewsPHP allows remote authenticated administrators to upload and execute arbitrary code instead of video files.
|
NVD-CWE-Other
|
CVE-2004-2690
|
2017-07-29 10:29 |
2004-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299702
|
- |
|
3com
|
3c17205-us
3c17210-us
superstack_3_switch
|
Unspecified vulnerability in 3Com SuperStack 3 4400 switches with firmware version before 3.31 allows remote attackers to cause a denial of service (device reset) via a crafted request to the web man…
|
NVD-CWE-Other
|
CVE-2004-2691
|
2017-07-29 10:29 |
2004-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299703
|
- |
|
kyberdigi_labs
|
php-exec-dir
|
The exec_dir PHP patch (php-exec-dir) 4.3.2 through 4.3.7 with safe mode disabled allows remote attackers to bypass restrictions and execute arbitrary commands via a backtick operator, which is not h…
|
CWE-16
CWE-264
Configuration
Permissions, Privileges, and Access Controls
|
CVE-2004-2692
|
2017-07-29 10:29 |
2004-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299704
|
- |
|
bea
|
weblogic_server
|
BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, when using Remote Method Invocation (RMI) over Internet Inter-ORB Protocol (IIOP), does not properly handle when multiple logins for differ…
|
CWE-255
Credentials Management
|
CVE-2004-2696
|
2017-07-29 10:29 |
2004-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299705
|
- |
|
ibm
|
aix
|
The Inventory Scout daemon (invscoutd) 1.3.0.0 and 2.0.2 for AIX 4.3.3 and 5.1 allows local users to gain privileges via a symlink attack on a command line argument (log file). NOTE: this might be r…
|
CWE-362
Race Condition
|
CVE-2004-2697
|
2017-07-29 10:29 |
2004-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299706
|
- |
|
imwheel
|
imwheel
|
Race condition in IMWheel 1.0.0pre11 and earlier, when running with the -k option, allows local users to cause a denial of service (IMWheel crash) and possibly modify arbitrary files via a symlink at…
|
CWE-362
Race Condition
|
CVE-2004-2698
|
2017-07-29 10:29 |
2004-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299707
|
- |
|
aspdotnetstorefront
|
aspdotnetstorefront
|
deleteicon.aspx in AspDotNetStorefront 3.3 allows remote attackers to delete arbitrary product images via a modified ProductID parameter.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2004-2699
|
2017-07-29 10:29 |
2004-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299708
|
- |
|
aspdotnetstorefront
|
aspdotnetstorefront
|
Cross-site scripting (XSS) vulnerability in signin.aspx for AspDotNetStorefront 3.3 allows remote attackers to inject arbitrary web script or HTML via the returnurl parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2004-2701
|
2017-07-29 10:29 |
2004-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299709
|
- |
|
swsoft
|
plesk
|
Cross-site scripting (XSS) vulnerability in login_up.php3 in Plesk 7.0 and 7.1 Reloaded allows remote attackers to inject arbitrary web script or HTML via the login_name parameter. NOTE: this might …
|
CWE-79
Cross-site Scripting
|
CVE-2004-2702
|
2017-07-29 10:29 |
2004-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299710
|
- |
|
clearswift
|
mailsweeper_business_suite_i
mailsweeper_business_suite_ii
mailsweeper_for_smtp
mimesweeper_for_web
|
Clearswift MIMEsweeper 5.0.5, when it has been upgraded from MAILsweeper for SMTP version 4.3 or MAILsweeper Business Suite I or II, allows remote attackers to bypass scanning by including encrypted …
|
CWE-310
Cryptographic Issues
|
CVE-2004-2703
|
2017-07-29 10:29 |
2004-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
