Total
5449 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2004-2769 | 1 Cerberusftp | 1 Ftp Server | 2024-11-20 | N/A |
Cerberus FTP Server before 4.0.3.0 allows remote authenticated users to list hidden files, even when the "Display hidden files" option is enabled, via the (1) MLSD or (2) MLST commands. | ||||
CVE-2004-2768 | 1 Debian | 1 Dpkg | 2024-11-20 | N/A |
dpkg 1.9.21 does not properly reset the metadata of a file during replacement of the file in a package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid file, (2) setgid file, or (3) device, a related issue to CVE-2010-2059. | ||||
CVE-2004-2767 | 1 Novell | 2 Netware, Netware Ftp Server | 2024-11-20 | N/A |
NWFTPD.nlm before 5.04.25 in the FTP server in Novell NetWare does not promptly close DS sessions, which allows remote attackers to cause a denial of service (connection slot exhaustion) by establishing many FTP sessions that persist for the lifetime of a DS session. | ||||
CVE-2004-2764 | 1 Sun | 2 Jre, Sdk | 2024-11-20 | N/A |
Sun SDK and Java Runtime Environment (JRE) 1.4.2 through 1.4.2_04, 1.4.1 through 1.4.1_07, and 1.4.0 through 1.4.0_04 allows untrusted applets and unprivileged servlets to gain privileges and read data from other applets via unspecified vectors related to classes in the XSLT processor, aka "XML sniffing." | ||||
CVE-2004-2743 | 1 Raditha Dissanayake | 1 Mega Upload Progress Bar | 2024-11-20 | N/A |
upload.cgi in Mega Upload Progress Bar before 1.45 allows remote attackers to copy or overwrite arbitrary files via unspecified parameters related to names of uploaded files. | ||||
CVE-2004-2739 | 1 Phprojekt | 1 Phprojekt | 2024-11-20 | N/A |
The setup routine (setup.php) in PHProjekt 4.2.1 and earlier allows remote attackers to modify system configuration via unknown attack vectors. | ||||
CVE-2004-2733 | 1 Webwiz | 1 Web Wiz Forums | 2024-11-20 | N/A |
Web Wiz Forums 7.7a uses invalid logic to determine user privileges, which allows remote attackers to (1) block arbitrary IP addresses via pop_up_ip_blocking.asp or (2) modify topics via pop_up_topic_admin.asp. | ||||
CVE-2004-2730 | 1 Microsoft | 11 Psexec, Psgetsid, Psinfo and 8 more | 2024-11-20 | N/A |
Sysinternals PsTools before 2.05, including (1) PsExec before 1.54, (2) PsGetsid before 1.41, (3) PsInfo before 1.61, (4) PsKill before 1.03, (5) PsList before 1.26, (6) PsLoglist before 2.51, (7) PsPasswd before 1.21, (8) PsService before 2.12, (9) PsSuspend before 1.05, and (10) PsShutdown before 2.32, does not properly disconnect from remote IPC$ and ADMIN$ shares, which allows local users to access the shares with elevated privileges by using the existing share mapping. | ||||
CVE-2004-2729 | 1 Hummingbird | 1 Connectivity | 2024-11-20 | N/A |
Inetd32 Administration Tool of Hummingbird Connectivity 7.1 and 9.0 allows local users to execute arbitrary code by changing the program for handling incoming connections. | ||||
CVE-2004-2718 | 1 Php Heaven | 1 Phpmychat | 2024-11-20 | N/A |
PHPMyChat 0.14.5 does not remove or protect setup.php3 after installation, which allows attackers to obtain sensitive information including database passwords via a direct request. | ||||
CVE-2004-2713 | 1 Zonelabs | 1 Zonealarm | 2024-11-20 | N/A |
Zone Alarm Pro 1.0 through 5.1 gives full access to %windir%\Internet Logs\* to the EVERYONE group, which allows local users to cause a denial of service by modifying the folder contents or permissions. NOTE: this issue has been disputed by the vendor, who claims that it does not affect product functionality since the same information is also saved in a protected file | ||||
CVE-2004-2700 | 1 Aspdotnetstorefront | 1 Aspdotnetstorefront | 2024-11-20 | N/A |
Unrestricted file upload vulnerability in AspDotNetStorefront 3.3 allows remote authenticated administrators to upload arbitrary files with executable extensions via admin/images.aspx. | ||||
CVE-2004-2699 | 1 Aspdotnetstorefront | 1 Aspdotnetstorefront | 2024-11-20 | N/A |
deleteicon.aspx in AspDotNetStorefront 3.3 allows remote attackers to delete arbitrary product images via a modified ProductID parameter. | ||||
CVE-2004-2694 | 1 Microsoft | 1 Outlook Express | 2024-11-20 | N/A |
Microsoft Outlook Express 6.0 allows remote attackers to bypass intended access restrictions, load content from arbitrary sources into the Outlook context, and facilitate phishing attacks via a "BASE HREF" with the target set to "_top". | ||||
CVE-2004-2693 | 1 Hp | 1 Hp-ux | 2024-11-20 | N/A |
HP-UX B.11.00 and B.11.11 with B6848AB GTK+ Support Libraries installed uses insecure directory permissions, which allows local users to gain privileges via files in /opt/gnome/src/GLib/. | ||||
CVE-2004-2692 | 1 Kyberdigi Labs | 1 Php-exec-dir | 2024-11-20 | N/A |
The exec_dir PHP patch (php-exec-dir) 4.3.2 through 4.3.7 with safe mode disabled allows remote attackers to bypass restrictions and execute arbitrary commands via a backtick operator, which is not handled using the php_escape_shell_cmd function. | ||||
CVE-2004-2689 | 1 Newsphp | 1 Newsphp | 2024-11-20 | N/A |
NewsPHP allows remote attackers to gain unauthorized administrative access by setting a cookie to the "autorized=admin; root=admin" value. | ||||
CVE-2004-2608 | 1 Smartwebby | 1 Smart Guest Book | 2024-11-20 | N/A |
SmartWebby Smart Guest Book stores SmartGuestBook.mdb (aka the "news database") under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as the unencrypted username and password of the administrator's account. | ||||
CVE-2004-1767 | 1 Sun | 2 Solaris, Sunos | 2024-11-20 | N/A |
The kernel in Solaris 2.6, 7, 8, and 9 allows local users to gain privileges by loading arbitrary loadable kernel modules (LKM), possibly involving the modload function. | ||||
CVE-2004-1338 | 1 Oracle | 2 Database Server, Oracle9i | 2024-11-20 | N/A |
The triggers in Oracle 9i and 10g allow local users to gain privileges by using a sequence of partially privileged actions: using CCBKAPPLROWTRIG or EXEC_CBK_FN_DML to add arbitrary functions to the SDO_CMT_DBK_FN_TABLE and SDO_CMT_CBK_DML_TABLE, then performing a DELETE on the SDO_TXN_IDX_INSERTS table, which causes the SDO_CMT_CBK_TRIG trigger to execute the user-supplied functions. |