CVE-2004-1856

devices_update_printer_fw_upload.hts in HP Web JetAdmin 7.5.2546, when no password is set, allows remote attackers to upload arbitrary files to the printer directory.

Publication date: Wed, 24 Mar 2004 11:00:00 +0000

Cyber News related to CVE-2004-1856

CVE-2004-1856 - devices_update_printer_fw_upload.hts in HP Web JetAdmin 7.5.2546, when no password is set, allows remote attackers to upload arbitrary files to the printer directory. ...
7 years ago

CVE-2012-1856 - The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office 2003 SP3, Office 2003 Web Components SP3, Office 2007 SP2 and SP3, Office 2010 SP1, SQL Server 2000 SP4, SQL Server 2005 SP4, SQL Server 2008 SP2, SP3, R2, R2 ...
5 years ago

CVE-2004-1159 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2004-1122, CVE-2004-1314. Reason: this was an out-of-band assignment duplicate intended for one issue, but the description and references inadvertently combined multiple issues. ...
54 years ago Tenable.com

CVE-2004-0868 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2004-0866. Reason: This candidate is a duplicate of CVE-2004-0866. Notes: The description for CVE-2004-0866 was inadvertently attached to this issue instead. All CVE users should ...
54 years ago Tenable.com

CVE-2016-1857 - WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than ...
5 years ago

CVE-2016-1856 - WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than ...
5 years ago

CVE-2016-1855 - WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than ...
5 years ago

CVE-2016-1854 - WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than ...
5 years ago

CVE-2002-1856 - HP Application Server 8.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ...
16 years ago

CVE-2005-1856 - The CD-burning feature in backup-manager 0.5.8 and earlier uses a fixed filename in a world-writable directory for logging, which allows local users to overwrite files via a symlink attack. ...
16 years ago

CVE-2010-1856 - Cross-site scripting (XSS) vulnerability in index.php in RepairShop2 1.9.023 Trial, when magic_quotes_gpc is disabled, allows remote attackers to inject arbitrary web script or HTML via the prod parameter in a products.details action. ...
14 years ago

CVE-2011-1856 - Cross-site scripting (XSS) vulnerability in HP Business Availability Center (BAC) 8.06 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. ...
13 years ago

CVE-2009-1856 - Integer overflow in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 allows attackers to cause a denial of service or possibly execute arbitrary code via a PDF file ...
7 years ago

CVE-2008-1856 - plugins/maps/db_handler.php in LinPHA 1.3.3 and earlier does not require authentication for a settings action that modifies the configuration file, which allows remote attackers to conduct directory traversal attacks and execute arbitrary local files ...
7 years ago

CVE-2006-1856 - Certain modifications to the Linux kernel 2.6.16 and earlier do not add the appropriate Linux Security Modules (LSM) file_permission hooks to the (1) readv and (2) writev functions, which might allow attackers to bypass intended access restrictions. ...
7 years ago

CVE-2007-1856 - Vixie Cron before 4.1-r10 on Gentoo Linux is installed with insecure permissions, which allows local users to cause a denial of service (cron failure) by creating hard links, which results in a failed st_nlink check in database.c. ...
7 years ago

CVE-2015-1856 - OpenStack Object Storage (Swift) before 2.3.0, when allow_version is configured, allows remote authenticated users to delete the latest version of an object by leveraging listing access to the x-versions-location container. ...
6 years ago

CVE-2019-1856 - A vulnerability in the web-based management interface of Cisco Prime Collaboration Assurance (PCA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of ...
5 years ago

CVE-2013-1856 - The ActiveSupport::XmlMini_JDOM backend in lib/active_support/xml_mini/jdom.rb in the Active Support component in Ruby on Rails 3.0.x and 3.1.x before 3.1.12 and 3.2.x before 3.2.13, when JRuby is used, does not properly restrict the capabilities of ...
5 years ago

CVE-2020-1856 - Huawei NGFW Module, NIP6300, NIP6600, Secospace USG6500, Secospace USG6600, and USG9500 versions V500R001C30, V500R001C60, and V500R005C00 have an information leakage vulnerability. An attacker can exploit this vulnerability by sending specific ...
3 years ago

CVE-2022-1856 - Use after free in User Education in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension or specific user interaction. ...
2 years ago

CVE-2023-1856 - A vulnerability has been found in SourceCodester Air Cargo Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/transactions/track_shipment.php of the component GET Parameter ...
1 year ago

CVE-2017-1856 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none ...
54 years ago Tenable.com

CVE-2024-1856 - ...
7 months ago

CVE-2024-26804 - In the Linux kernel, the following vulnerability has been resolved: net: ip_tunnel: prevent perpetual headroom growth syzkaller triggered following kasan splat: BUG: KASAN: use-after-free in __skb_flow_dissect+0x19d1/0x7a50 ...
7 months ago Tenable.com

Latest Cyber News

CVE-2024-10914 - 1 day ago
CVE-2024-10915 - 1 day ago
CVE-2020-11859 - 1 day ago
CVE-2024-10186 - 1 day ago
CVE-2024-10168 - 1 day ago
CVE-2024-8323 - 1 day ago
CVE-2024-10715 - 1 day ago
CVE-2024-9902 - 1 day ago
CVE-2024-8614 - 1 day ago
CVE-2024-8615 - 1 day ago
CVE-2024-52043 - 1 day ago
CVE-2024-9681 - 1 day ago
CVE-2024-10543 - 1 day ago
CVE-2024-6626 - 1 day ago
CVE-2024-9307 - 1 day ago
CVE-2024-9946 - 1 day ago
CVE-2024-10020 - 1 day ago
CVE-2024-10535 - 1 day ago
CVE-2024-7879 - 1 day ago
CVE-2024-9934 - 1 day ago

Cyber Trends (last 7 days)

Okta - 11 months ago
23andMe - 11 months ago
Kimsuky - 11 months ago
LogoFAIL - 10 months ago
Gh0st rat - 11 months ago

Trending Cyber News (last 7 days)

CVE-2024-10826 - 2 days ago
CVE-2024-10827 - 2 days ago
CVE-2024-9657 - 2 days ago
CVE-2024-10263 - 2 days ago
CVE-2024-7059 - 2 days ago
CVE-2024-10842 - 2 days ago
CVE-2024-10859 - 2 days ago
CVE-2023-29114 - 2 days ago
CVE-2023-29115 - 2 days ago
CVE-2024-10844 - 2 days ago
CVE-2024-10845 - 2 days ago
CVE-2024-50993 - 2 days ago
CVE-2024-50994 - 2 days ago
CVE-2024-50995 - 2 days ago
CVE-2024-50996 - 2 days ago
CVE-2024-50997 - 2 days ago
CVE-2024-50998 - 2 days ago
CVE-2024-50999 - 2 days ago
CVE-2024-51000 - 2 days ago
CVE-2024-51001 - 2 days ago