|
267091
|
- |
|
kyberdigi_labs
|
php-exec-dir
|
The exec_dir PHP patch (php-exec-dir) 4.3.2 through 4.3.7 with safe mode disabled allows remote attackers to bypass restrictions and execute arbitrary commands via a backtick operator, which is not h…
|
CWE-16
CWE-264
Configuration
Permissions, Privileges, and Access Controls
|
CVE-2004-2692
|
2017-07-29 10:29 |
2004-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267092
|
- |
|
bea
|
weblogic_server
|
BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, when using Remote Method Invocation (RMI) over Internet Inter-ORB Protocol (IIOP), does not properly handle when multiple logins for differ…
|
CWE-255
Credentials Management
|
CVE-2004-2696
|
2017-07-29 10:29 |
2004-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267093
|
- |
|
ibm
|
aix
|
The Inventory Scout daemon (invscoutd) 1.3.0.0 and 2.0.2 for AIX 4.3.3 and 5.1 allows local users to gain privileges via a symlink attack on a command line argument (log file). NOTE: this might be r…
|
CWE-362
Race Condition
|
CVE-2004-2697
|
2017-07-29 10:29 |
2004-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267094
|
- |
|
imwheel
|
imwheel
|
Race condition in IMWheel 1.0.0pre11 and earlier, when running with the -k option, allows local users to cause a denial of service (IMWheel crash) and possibly modify arbitrary files via a symlink at…
|
CWE-362
Race Condition
|
CVE-2004-2698
|
2017-07-29 10:29 |
2004-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267095
|
- |
|
aspdotnetstorefront
|
aspdotnetstorefront
|
deleteicon.aspx in AspDotNetStorefront 3.3 allows remote attackers to delete arbitrary product images via a modified ProductID parameter.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2004-2699
|
2017-07-29 10:29 |
2004-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267096
|
- |
|
aspdotnetstorefront
|
aspdotnetstorefront
|
Cross-site scripting (XSS) vulnerability in signin.aspx for AspDotNetStorefront 3.3 allows remote attackers to inject arbitrary web script or HTML via the returnurl parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2004-2701
|
2017-07-29 10:29 |
2004-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267097
|
- |
|
swsoft
|
plesk
|
Cross-site scripting (XSS) vulnerability in login_up.php3 in Plesk 7.0 and 7.1 Reloaded allows remote attackers to inject arbitrary web script or HTML via the login_name parameter. NOTE: this might …
|
CWE-79
Cross-site Scripting
|
CVE-2004-2702
|
2017-07-29 10:29 |
2004-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267098
|
- |
|
clearswift
|
mailsweeper_business_suite_i
mailsweeper_business_suite_ii
mailsweeper_for_smtp
mimesweeper_for_web
|
Clearswift MIMEsweeper 5.0.5, when it has been upgraded from MAILsweeper for SMTP version 4.3 or MAILsweeper Business Suite I or II, allows remote attackers to bypass scanning by including encrypted …
|
CWE-310
Cryptographic Issues
|
CVE-2004-2703
|
2017-07-29 10:29 |
2004-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267099
|
- |
|
phrozensmoke
|
gyach_enhanced
|
Multiple unspecified vulnerabilities in Gyach Enhanced (Gyach-E) before 1.0.5 have unknown impact and attack vectors related to "several security flaws," probably related to buffer overflows in HTTP …
|
NVD-CWE-noinfo
|
CVE-2004-2707
|
2017-07-29 10:29 |
2004-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267100
|
- |
|
windowmaker
|
windowmaker
|
Unspecified vulnerability in Window Maker 0.80.2 and earlier allows attackers to perform unknown actions via format string specifiers in a font specification in WMGLOBAL, probably a format string vul…
|
CWE-134
Use of Externally-Controlled Format String
|
CVE-2004-2714
|
2017-07-29 10:29 |
2004-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
