|
264531
|
- |
|
netbilling
|
netbilling
|
nbmember.cgi in Netbilling 2.0 allows remote attackers to obtain sensitive information via the cmd=test option, which can be leveraged to determine the access key.
|
CWE-78
OS Command
|
CVE-2004-2732
|
2017-07-29 10:29 |
2004-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264532
|
- |
|
webwiz
|
web_wiz_forums
|
Web Wiz Forums 7.7a uses invalid logic to determine user privileges, which allows remote attackers to (1) block arbitrary IP addresses via pop_up_ip_blocking.asp or (2) modify topics via pop_up_topic…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2004-2733
|
2017-07-29 10:29 |
2004-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264533
|
- |
|
novell
|
netware
|
webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access …
|
CWE-287
Improper Authentication
|
CVE-2004-2734
|
2017-07-29 10:29 |
2004-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264534
|
- |
|
fredric_fredricson
|
p4db
|
Cross-site scripting (XSS) vulnerability in P4DB 2.01 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) SET_PREFERENCES parameter in SetPreferences.cgi; (2) BRANCH pa…
|
CWE-79
Cross-site Scripting
|
CVE-2004-2735
|
2017-07-29 10:29 |
2004-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264535
|
- |
|
polar_software
|
helpdesk
|
Polar HelpDesk 3.0 allows remote attackers to bypass authentication by setting the UserId and UserType values in a cookie.
|
CWE-287
Improper Authentication
|
CVE-2004-2736
|
2017-07-29 10:29 |
2004-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264536
|
- |
|
netsupport
|
dna_helpdesk
|
SQL injection vulnerability in problist.asp in NetSupport DNA HelpDesk 1.01 allows remote attackers to execute arbitrary SQL commands via the where parameter.
|
CWE-89
SQL Injection
|
CVE-2004-2737
|
2017-07-29 10:29 |
2004-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264537
|
- |
|
zeroboard
|
zeroboard
|
Cross-site scripting (XSS) vulnerability in check_user_id.php in ZeroBoard 4.1pl4 and earlier allows remote attackers to inject arbitrary web script or HTML via the user_id parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2004-2738
|
2017-07-29 10:29 |
2004-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264538
|
- |
|
phprojekt
|
phprojekt
|
The setup routine (setup.php) in PHProjekt 4.2.1 and earlier allows remote attackers to modify system configuration via unknown attack vectors.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2004-2739
|
2017-07-29 10:29 |
2004-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264539
|
- |
|
phprojekt
|
phprojekt
|
PHP remote file inclusion vulnerability in authform.inc.php in PHProjekt 4.2.3 and earlier allows remote attackers to include arbitrary PHP code via a URL in the path_pre parameter.
|
CWE-94
Code Injection
|
CVE-2004-2740
|
2017-07-29 10:29 |
2004-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264540
|
- |
|
horde
|
application_framework
|
Cross-site scripting (XSS) vulnerability in the "help window" (help.php) in Horde Application Framework 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) module, (2) to…
|
CWE-79
Cross-site Scripting
|
CVE-2004-2741
|
2017-07-29 10:29 |
2004-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
