Filtered by CWE-264
Total 5449 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2004-1193 1 Prevx 1 Prevx Home 2024-11-20 N/A
Prevx Home 1.0 allows local users with administrator privileges to bypass the intrusion prevention features by directly writing to \device\physicalmemory, which restores the running kernel's original SDT ServiceTable.
CVE-2004-1029 5 Conectiva, Gentoo, Hp and 2 more 8 Linux, Linux, Hp-ux and 5 more 2024-11-20 N/A
The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using the reflection API to access private Java packages.
CVE-2004-0867 4 Kde, Microsoft, Mozilla and 1 more 5 Konqueror, Ie, Internet Explorer and 2 more 2024-11-20 N/A
Mozilla Firefox 0.9.2 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. NOTE: it was later reported that 2.x is also affected.
CVE-2004-0793 1 Debian 1 Bsdmainutils 2024-11-20 N/A
The calendar program in bsdmainutils 6.0 through 6.0.14 does not drop root privileges when executed with the -a flag, which allows attackers to execute arbitrary commands via a calendar event file.
CVE-2004-0041 1 Mod Auth Shadow 1 Mod Auth Shadow 2024-11-20 N/A
The mod_auth_shadow module 1.4 and earlier does not properly enforce the expiration of a user account and password, which could allow remote authenticated users to bypass intended access restrictions.
CVE-2003-1596 1 Novell 2 Netware, Netware Ftp Server 2024-11-20 N/A
NWFTPD.nlm before 5.03.12 in the FTP server in Novell NetWare does not properly restrict filesystem use by anonymous users with NFS Gateway home directories, which allows remote attackers to bypass intended access restrictions via an FTP session.
CVE-2003-1595 1 Novell 2 Netware, Netware Ftp Server 2024-11-20 N/A
NWFTPD.nlm before 5.04.05 in the FTP server in Novell NetWare 6.5 does not properly perform "intruder detection," which has unspecified impact and attack vectors.
CVE-2003-1594 1 Novell 2 Netware, Netware Ftp Server 2024-11-20 N/A
NWFTPD.nlm before 5.04.05 in the FTP server in Novell NetWare 6.5 does not properly enforce FTPREST.TXT settings, which allows remote attackers to bypass intended access restrictions via an FTP session.
CVE-2003-1593 1 Novell 2 Netware, Netware Ftp Server 2024-11-20 N/A
NWFTPD.nlm in the FTP server in Novell NetWare 6.0 before SP4 and 6.5 before SP1 does not enforce domain-name login restrictions, which allows remote attackers to bypass intended access control via an FTP connection.
CVE-2003-1575 2 Sun, Symantec 2 Solaris, Vxfs 2024-11-20 N/A
VERITAS File System (VxFS) 3.3.3, 3.4, and 3.5 before MP1 Rolling Patch 02 for Sun Solaris 2.5.1 through 9 does not properly implement inheritance of default ACLs in certain circumstances related to the characteristics of a directory inode, which allows local users to bypass intended file permissions by accessing a file on a VxFS filesystem.
CVE-2003-1571 1 Webwizguide 1 Web Wiz Guestbook 2024-11-20 N/A
Web Wiz Guestbook 6.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database and obtain sensitive information via a direct request for database/WWGguestbook.mdb. NOTE: it was later reported that 8.21 is also affected.
CVE-2003-1552 1 Graeme 1 Uploader 2024-11-20 N/A
Unrestricted file upload vulnerability in uploader.php in Uploader 1.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/.
CVE-2003-1541 1 Planetmoon 1 Guestbook 2024-11-20 N/A
PlanetMoon Guestbook tr3.a stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the admin script password, and other passwords, via a direct request to files/passwd.txt.
CVE-2003-1524 1 Pgpi 1 Pgpdisk 2024-11-20 N/A
PGPi PGPDisk 6.0.2i does not unmount a PGP partition when the switch user function in Windows XP is used, which could allow local users to access data on another user's PGP partition.
CVE-2003-1515 1 Origo 2 Asr-8100, Asr-8400 2024-11-20 N/A
Origo ASR-8100 ADSL Router 3.21 has an administration service running on port 254 that does not require a password, which allows remote attackers to cause a denial of service by restoring the factory defaults.
CVE-2003-1495 1 Hp 3 Insight Management Suite, Insight Manager, Remote Diagnostics Enabling Agent 2024-11-20 N/A
Unspecified vulnerability in the non-SSL web agent in various HP Management Agent products allows local users or remote attackers to gain privileges or cause a denial of service via unknown attack vectors.
CVE-2003-1474 1 Freebsd 1 Slashem-tty 2024-11-20 N/A
slashem-tty in the FreeBSD Ports Collection is installed with write permissions for the games group, which allows local users with group games privileges to modify slashem-tty and execute arbitrary code as other users, as demonstrated using a separate vulnerability in LTris.
CVE-2003-1460 1 Ralf Hoffmann 1 Worker Filemanager 2024-11-20 N/A
Worker Filemanager 1.0 through 2.7 sets the permissions on the destination directory to world-readable and executable while copying data, which could allow local users to obtain sensitive information.
CVE-2003-1423 4 Linux, Microsoft, Petitforum and 1 more 4 Linux Kernel, All Windows, Petitforum and 1 more 2024-11-20 N/A
Petitforum stores the liste.txt data file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as e-mail addresses and encrypted passwords.
CVE-2003-1386 1 Axis 2 2400 Video Server, 2401 Video Server 2024-11-20 N/A
AXIS 2400 Video Server 2.00 through 2.33 allows remote attackers to obtain sensitive information via an HTTP request to /support/messages, which displays the server's /var/log/messages file.