CyberSecurityBoard
Sponsor Register Login

CVE-2004-2615

The documentation for CuteNews 1.3.6 and possibly other versions specifies that files under cutenews/data must be manually given world-writable permissions, which allows local users to insert false news, delete news, and possibly gain privileges or have other unknown impact.

Publication date: Fri, 31 Dec 2004 11:00:00 +0000


Cyber News related to CVE-2004-2615

CVE-2013-1876 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-2615. Reason: This candidate is a duplicate of CVE-2013-2615. Notes: All CVE users should reference CVE-2013-2615 instead of this candidate. All references and descriptions in ...
54 years ago Tenable.com
CVE-2004-2615 - The documentation for CuteNews 1.3.6 and possibly other versions specifies that files under cutenews/data must be manually given world-writable permissions, which allows local users to insert false news, delete news, and possibly gain privileges or ...
7 years ago
CVE-2004-1159 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2004-1122, CVE-2004-1314. Reason: this was an out-of-band assignment duplicate intended for one issue, but the description and references inadvertently combined multiple issues. ...
54 years ago Tenable.com
CVE-2004-0868 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2004-0866. Reason: This candidate is a duplicate of CVE-2004-0866. Notes: The description for CVE-2004-0866 was inadvertently attached to this issue instead. All CVE users should ...
54 years ago Tenable.com
CVE-2008-2617 - Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.17 and 8.49.11 has unknown impact and remote authenticated attack vectors, a different vulnerability than ...
7 years ago
CVE-2008-2615 - Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.17 and 8.49.11 has unknown impact and remote authenticated attack vectors, a different vulnerability than ...
7 years ago
CVE-2008-2621 - Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.17 and 8.49.11 has unknown impact and remote authenticated attack vectors, a different vulnerability than ...
7 years ago
CVE-2008-2622 - Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.17 and 8.49.11 has unknown impact and remote authenticated attack vectors, a different vulnerability than ...
7 years ago
CVE-2008-2616 - Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.17 and 8.49.11 has unknown impact and remote authenticated attack vectors, a different vulnerability than ...
7 years ago
CVE-2008-2618 - Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.17 and 8.49.11 has unknown impact and remote authenticated attack vectors, a different vulnerability than ...
7 years ago
CVE-2008-2620 - Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.17 and 8.49.11 has unknown impact and remote authenticated attack vectors, a different vulnerability than ...
7 years ago
CVE-2012-2615 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-5703. Reason: This candidate is a duplicate of CVE-2012-5703. Notes: All CVE users should reference CVE-2012-5703 instead of this candidate. All references and descriptions in ...
54 years ago Tenable.com
CVE-2005-2615 - Unknown vulnerability in session.php in EQdkp before 1.3.0 has unknown impact and attack vectors, possibly involving auto_login_id. ...
16 years ago
CVE-2009-2615 - Multiple cross-site scripting (XSS) vulnerabilities in DataCheck Solutions SitePal 1.x allow remote attackers to inject arbitrary web script or HTML via the page parameter to (1) z_admin_login.asp, (2) z_forgot.asp, and possibly unspecified other ...
15 years ago
CVE-2011-2615 - Unspecified vulnerability in Opera before 11.50 allows remote attackers to cause a denial of service (application hang) via unknown content on a web page, as demonstrated by domiteca.com. ...
13 years ago
CVE-2013-2615 - lib/entry_controller.rb in the fastreader Gem 1.0.8 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL. ...
11 years ago
CVE-2014-2615 - Unspecified vulnerability in HP Universal CMDB 10.01 and 10.10 allows remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors, aka ZDI-CAN-2083. ...
7 years ago
CVE-2015-2615 - Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 12.0.6, 12.1.3, and 12.2.3 allows remote attackers to affect confidentiality via unknown vectors related to Portal. ...
7 years ago
CVE-2007-2615 - Multiple PHP remote file inclusion vulnerabilities in Crie seu PHPLojaFacil 0.1.5 allow remote attackers to execute arbitrary PHP code via a URL in the path_local parameter to (1) ftp.php, (2) libs/db.php, and (3) libs/ftp.php. ...
7 years ago
CVE-2010-2615 - Multiple cross-site scripting (XSS) vulnerabilities in admin/admin.php in Grafik CMS 1.1.2, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) page_menu and (2) description parameters in an edit_page ...
6 years ago
CVE-2006-2615 - ping.php in Russcom.Ping allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter. ...
6 years ago
CVE-2018-2615 - Vulnerability in the OSS Support Tools component of Oracle Support Tools (subcomponent: Diagnostic Assistant). The supported version that is affected is Prior to 2.11.33. Easily exploitable vulnerability allows low privileged attacker with network ...
5 years ago
CVE-2019-2615 - Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows high ...
4 years ago
CVE-2020-2615 - Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Oracle Management Service). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high ...
2 years ago
CVE-2022-2615 - Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. ...
2 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)