CyberSec.Space Logo
Back to CVE Browser

CVE-2004-0621

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0300%
EPSS Percentile26.22th
PublishedDec 6, 2004
Last ModifiedApr 16, 2026

Vulnerability Description

admin.php in Newsletter ZWS allows remote attackers to gain administrative privileges via a list_user operation with the ulevel parameter set to 1 (administrator level), which lists all users and their passwords.

Affected Platforms (CPE)

πŸ“¦
Zaireweb Solutions

Newsletter Zws

All versions

References & Advisories

πŸ”— http://marc.info/?l=bugtraq&m=108811585025216&w=2
πŸ”— http://www.securityfocus.com/bid/10605
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/16507
πŸ”— http://marc.info/?l=bugtraq&m=108811585025216&w=2
πŸ”— http://www.securityfocus.com/bid/10605
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/16507

Related Vulnerabilities

CVE-2004-101210.0

The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlier allows remote authenticated users to execute arb...

CVE-2004-100610.0

Format string vulnerability in the log functions in dhcpd for dhcp 2.x allows remote DNS servers to execute arbitrary code via cer...

CVE-2004-090410.0

Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird...

CVE-2004-106710.0

Off-by-one error in the mysasl_canon_user function in Cyrus IMAP Server 2.2.9 and earlier leads to a buffer overflow, which may al...