Total
5458 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-2700 | 1 Aspdotnetstorefront | 1 Aspdotnetstorefront | 2024-11-20 | N/A |
| Unrestricted file upload vulnerability in AspDotNetStorefront 3.3 allows remote authenticated administrators to upload arbitrary files with executable extensions via admin/images.aspx. | ||||
| CVE-2004-2699 | 1 Aspdotnetstorefront | 1 Aspdotnetstorefront | 2024-11-20 | N/A |
| deleteicon.aspx in AspDotNetStorefront 3.3 allows remote attackers to delete arbitrary product images via a modified ProductID parameter. | ||||
| CVE-2004-2694 | 1 Microsoft | 1 Outlook Express | 2024-11-20 | N/A |
| Microsoft Outlook Express 6.0 allows remote attackers to bypass intended access restrictions, load content from arbitrary sources into the Outlook context, and facilitate phishing attacks via a "BASE HREF" with the target set to "_top". | ||||
| CVE-2004-2693 | 1 Hp | 1 Hp-ux | 2024-11-20 | N/A |
| HP-UX B.11.00 and B.11.11 with B6848AB GTK+ Support Libraries installed uses insecure directory permissions, which allows local users to gain privileges via files in /opt/gnome/src/GLib/. | ||||
| CVE-2004-2692 | 1 Kyberdigi Labs | 1 Php-exec-dir | 2024-11-20 | N/A |
| The exec_dir PHP patch (php-exec-dir) 4.3.2 through 4.3.7 with safe mode disabled allows remote attackers to bypass restrictions and execute arbitrary commands via a backtick operator, which is not handled using the php_escape_shell_cmd function. | ||||
| CVE-2004-2689 | 1 Newsphp | 1 Newsphp | 2024-11-20 | N/A |
| NewsPHP allows remote attackers to gain unauthorized administrative access by setting a cookie to the "autorized=admin; root=admin" value. | ||||
| CVE-2004-2608 | 1 Smartwebby | 1 Smart Guest Book | 2024-11-20 | N/A |
| SmartWebby Smart Guest Book stores SmartGuestBook.mdb (aka the "news database") under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as the unencrypted username and password of the administrator's account. | ||||
| CVE-2004-1767 | 1 Sun | 2 Solaris, Sunos | 2024-11-20 | N/A |
| The kernel in Solaris 2.6, 7, 8, and 9 allows local users to gain privileges by loading arbitrary loadable kernel modules (LKM), possibly involving the modload function. | ||||
| CVE-2004-1338 | 1 Oracle | 2 Database Server, Oracle9i | 2024-11-20 | N/A |
| The triggers in Oracle 9i and 10g allow local users to gain privileges by using a sequence of partially privileged actions: using CCBKAPPLROWTRIG or EXEC_CBK_FN_DML to add arbitrary functions to the SDO_CMT_DBK_FN_TABLE and SDO_CMT_CBK_DML_TABLE, then performing a DELETE on the SDO_TXN_IDX_INSERTS table, which causes the SDO_CMT_CBK_TRIG trigger to execute the user-supplied functions. | ||||
| CVE-2004-1193 | 1 Prevx | 1 Prevx Home | 2024-11-20 | N/A |
| Prevx Home 1.0 allows local users with administrator privileges to bypass the intrusion prevention features by directly writing to \device\physicalmemory, which restores the running kernel's original SDT ServiceTable. | ||||
| CVE-2004-1029 | 5 Conectiva, Gentoo, Hp and 2 more | 8 Linux, Linux, Hp-ux and 5 more | 2024-11-20 | N/A |
| The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using the reflection API to access private Java packages. | ||||
| CVE-2004-0867 | 4 Kde, Microsoft, Mozilla and 1 more | 5 Konqueror, Ie, Internet Explorer and 2 more | 2024-11-20 | N/A |
| Mozilla Firefox 0.9.2 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. NOTE: it was later reported that 2.x is also affected. | ||||
| CVE-2004-0793 | 1 Debian | 1 Bsdmainutils | 2024-11-20 | N/A |
| The calendar program in bsdmainutils 6.0 through 6.0.14 does not drop root privileges when executed with the -a flag, which allows attackers to execute arbitrary commands via a calendar event file. | ||||
| CVE-2004-0041 | 1 Mod Auth Shadow | 1 Mod Auth Shadow | 2024-11-20 | N/A |
| The mod_auth_shadow module 1.4 and earlier does not properly enforce the expiration of a user account and password, which could allow remote authenticated users to bypass intended access restrictions. | ||||
| CVE-2003-1596 | 1 Novell | 2 Netware, Netware Ftp Server | 2024-11-20 | N/A |
| NWFTPD.nlm before 5.03.12 in the FTP server in Novell NetWare does not properly restrict filesystem use by anonymous users with NFS Gateway home directories, which allows remote attackers to bypass intended access restrictions via an FTP session. | ||||
| CVE-2003-1595 | 1 Novell | 2 Netware, Netware Ftp Server | 2024-11-20 | N/A |
| NWFTPD.nlm before 5.04.05 in the FTP server in Novell NetWare 6.5 does not properly perform "intruder detection," which has unspecified impact and attack vectors. | ||||
| CVE-2003-1594 | 1 Novell | 2 Netware, Netware Ftp Server | 2024-11-20 | N/A |
| NWFTPD.nlm before 5.04.05 in the FTP server in Novell NetWare 6.5 does not properly enforce FTPREST.TXT settings, which allows remote attackers to bypass intended access restrictions via an FTP session. | ||||
| CVE-2003-1593 | 1 Novell | 2 Netware, Netware Ftp Server | 2024-11-20 | N/A |
| NWFTPD.nlm in the FTP server in Novell NetWare 6.0 before SP4 and 6.5 before SP1 does not enforce domain-name login restrictions, which allows remote attackers to bypass intended access control via an FTP connection. | ||||
| CVE-2003-1575 | 2 Sun, Symantec | 2 Solaris, Vxfs | 2024-11-20 | N/A |
| VERITAS File System (VxFS) 3.3.3, 3.4, and 3.5 before MP1 Rolling Patch 02 for Sun Solaris 2.5.1 through 9 does not properly implement inheritance of default ACLs in certain circumstances related to the characteristics of a directory inode, which allows local users to bypass intended file permissions by accessing a file on a VxFS filesystem. | ||||
| CVE-2003-1571 | 1 Webwizguide | 1 Web Wiz Guestbook | 2024-11-20 | N/A |
| Web Wiz Guestbook 6.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database and obtain sensitive information via a direct request for database/WWGguestbook.mdb. NOTE: it was later reported that 8.21 is also affected. | ||||