|
313511
|
- |
|
phpmyfaq
|
phpmyfaq
|
phpMyFAQ 1.4.0 allows remote attackers to access the Image Manager to upload or delete images without authorization via a direct request.
|
CWE-425
Direct Request ('Forced Browsing')
|
CVE-2004-2257
|
2024-01-26 06:11 |
2004-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313512
|
7.5 |
HIGH
Network
|
sun
|
solaris_pc_netlink
|
Sun PC NetLink 1.0 through 1.2 does not properly set the access control list (ACL) for files and directories that use symbolic links and have been restored from backup, which could allow local or rem…
|
CWE-59
CWE-281
Link Following
Improper Preservation of Permissions
|
CVE-2002-2323
|
2024-01-26 06:11 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313513
|
7.5 |
HIGH
Network
|
microsoft
|
windows_2000
|
Macintosh clients, when using NT file system volumes on Windows 2000 SP1, create subdirectories and automatically modify the inherited NTFS permissions, which may cause the directories to have less r…
|
CWE-281
Improper Preservation of Permissions
|
CVE-2001-1515
|
2024-01-26 06:11 |
2001-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313514
|
7.8 |
HIGH
Local
|
debian
|
debian_linux
|
sash before 3.4-4 in Debian GNU/Linux does not properly clone /etc/shadow, which makes it world-readable and could allow local users to gain privileges via password cracking.
|
CWE-281
Improper Preservation of Permissions
|
CVE-2001-0195
|
2024-01-26 06:11 |
2001-03-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313515
|
- |
|
flatnuke
|
flatnuke
|
FlatNuke 2.5.3 allows remote attackers to cause a denial of service or obtain sensitive information via (1) a direct request to foot_news.php, which triggers an infinite loop, or (2) direct requests …
|
CWE-425
Direct Request ('Forced Browsing')
|
CVE-2005-1892
|
2024-01-26 06:10 |
2005-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313516
|
7.8 |
HIGH
Local
|
silvercity_project
|
silvercity
|
SilverCity before 0.9.5-r1 installs (1) cgi-styler-form.py, (2) cgi-styler.py, and (3) source2html.py with read and write world permissions, which allows local users to execute arbitrary code.
|
CWE-276
Incorrect Default Permissions
|
CVE-2005-1941
|
2024-01-26 06:09 |
2005-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313517
|
- |
|
dlink
|
dsl-504t_firmware
|
D-Link DSL-504T allows remote attackers to bypass authentication and gain privileges, such as upgrade firmware, restart the router or restore a saved configuration, via a direct request to firmwarecf…
|
CWE-425
Direct Request ('Forced Browsing')
|
CVE-2005-1827
|
2024-01-26 06:08 |
2005-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313518
|
- |
|
postnuke
|
postnuke
|
PostNuke 0.750 and 0.760RC3 allows remote attackers to obtain sensitive information via a direct request to (1) theme.php or (2) Xanthia.php in the Xanthia module, (3) user.php, (4) thelang.php, (5) …
|
CWE-425
Direct Request ('Forced Browsing')
|
CVE-2005-1698
|
2024-01-26 06:08 |
2005-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313519
|
- |
|
episodex
|
episodex_guestbook
|
episodex guestbook allows remote attackers to bypass authentication and edit scripts via a direct request to admin.asp.
|
CWE-425
Direct Request ('Forced Browsing')
|
CVE-2005-1685
|
2024-01-26 06:07 |
2005-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313520
|
9.1 |
CRITICAL
Network
|
midicart
|
midicart_php
midicart_php_plus
midicart_php_maxi
|
MidiCart PHP, PHP Plus, and PHP Maxi allows remote attackers to (1) upload arbitrary php files via a direct request to admin/upload.php or (2) access sensitive information via a direct request to adm…
|
CWE-425
Direct Request ('Forced Browsing')
|
CVE-2002-1798
|
2024-01-26 06:04 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
