|
316381
|
- |
|
flatnuke
|
flatnuke
|
FlatNuke 2.5.3 allows remote attackers to cause a denial of service or obtain sensitive information via (1) a direct request to foot_news.php, which triggers an infinite loop, or (2) direct requests …
|
CWE-425
Direct Request ('Forced Browsing')
|
CVE-2005-1892
|
2024-01-26 06:10 |
2005-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316382
|
7.8 |
HIGH
Local
|
silvercity_project
|
silvercity
|
SilverCity before 0.9.5-r1 installs (1) cgi-styler-form.py, (2) cgi-styler.py, and (3) source2html.py with read and write world permissions, which allows local users to execute arbitrary code.
|
CWE-276
Incorrect Default Permissions
|
CVE-2005-1941
|
2024-01-26 06:09 |
2005-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316383
|
- |
|
dlink
|
dsl-504t_firmware
|
D-Link DSL-504T allows remote attackers to bypass authentication and gain privileges, such as upgrade firmware, restart the router or restore a saved configuration, via a direct request to firmwarecf…
|
CWE-425
Direct Request ('Forced Browsing')
|
CVE-2005-1827
|
2024-01-26 06:08 |
2005-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316384
|
- |
|
postnuke
|
postnuke
|
PostNuke 0.750 and 0.760RC3 allows remote attackers to obtain sensitive information via a direct request to (1) theme.php or (2) Xanthia.php in the Xanthia module, (3) user.php, (4) thelang.php, (5) …
|
CWE-425
Direct Request ('Forced Browsing')
|
CVE-2005-1698
|
2024-01-26 06:08 |
2005-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316385
|
- |
|
episodex
|
episodex_guestbook
|
episodex guestbook allows remote attackers to bypass authentication and edit scripts via a direct request to admin.asp.
|
CWE-425
Direct Request ('Forced Browsing')
|
CVE-2005-1685
|
2024-01-26 06:07 |
2005-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316386
|
9.1 |
CRITICAL
Network
|
midicart
|
midicart_php
midicart_php_plus
midicart_php_maxi
|
MidiCart PHP, PHP Plus, and PHP Maxi allows remote attackers to (1) upload arbitrary php files via a direct request to admin/upload.php or (2) access sensitive information via a direct request to adm…
|
CWE-425
Direct Request ('Forced Browsing')
|
CVE-2002-1798
|
2024-01-26 06:04 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316387
|
- |
|
hostingcontroller
|
hosting_controller
|
Hosting Controller 6.1 Hotfix 1.9 and earlier allows remote attackers to register arbitrary users via a direct request to addsubsite.asp with the loginname and password parameters set.
|
CWE-425
Direct Request ('Forced Browsing')
|
CVE-2005-1654
|
2024-01-26 06:03 |
2005-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316388
|
- |
|
yusasp
|
web_asset_manager
|
YusASP Web Asset Manager 1.0 allows remote attackers to gain privileges via a direct request to assetmanager.asp.
|
CWE-425
Direct Request ('Forced Browsing')
|
CVE-2005-1668
|
2024-01-26 06:03 |
2005-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316389
|
7.5 |
HIGH
Network
|
iomega
|
nas_a300u_firmware
|
The Network Attached Storage (NAS) Administration Web Page for Iomega NAS A300U transmits passwords in cleartext, which allows remote attackers to sniff the administrative password.
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2002-1949
|
2024-01-26 06:00 |
2002-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
316390
|
7.5 |
HIGH
Network
|
procom
|
netforce_800_firmware
|
Procom NetFORCE 800 4.02 M10 Build 20 and possibly other versions sends the NIS password map (passwd.nis) as a file attachment in diagnostic e-mail messages, which allows remote attackers to obtain t…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2005-3140
|
2024-01-26 05:58 |
2005-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
