LiveActive security incident?Get immediate response
CVE archive

February 2004

Browse CVE records published in February 2004, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 413 matching CVEs · Page 2 of 9.

Unknown · CVSS Not scored

CVE-2004-1670: Multiple directory traversal vulnerabilities Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7, and possi...

Multiple directory traversal vulnerabilities Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7, and possibly other versions, allow remote attackers to (1) create arbitrary directories via a .. (dot dot) in the user parameter to viewaction.html or (2) rename arbitrary files via a ....// (doubled dot dot) in the folderold or folder parameters to folders.html.

Published Feb 20, 2005 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2004-1730: Cross-site scripting (XSS) vulnerability in Mantis bugtracker allows remote attackers to inject arbitrary w...

Cross-site scripting (XSS) vulnerability in Mantis bugtracker allows remote attackers to inject arbitrary web script or HTML via (1) the return parameter to login_page.php, (2) e-mail field in signup.php, (3) action parameter to login_select_proj_page.php, or (4) hide_status parameter to view_all_set.php.

Published Feb 26, 2005 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2004-1678: Directory traversal vulnerability in pdesk.cgi in PerlDesk allows remote attackers to read portions of arbi...

Directory traversal vulnerability in pdesk.cgi in PerlDesk allows remote attackers to read portions of arbitrary files and possibly execute arbitrary Perl modules via ".." sequences terminated by a %00 (null) character in the lang parameter, which can leak portions of the requested files if a compilation error message occurs.

Published Feb 20, 2005 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2004-1635: Bugzilla 2.17.1 through 2.18rc2 and 2.19 from cvs, when using the insidergroup feature, does not sufficient...

Bugzilla 2.17.1 through 2.18rc2 and 2.19 from cvs, when using the insidergroup feature, does not sufficiently protect private attachments when there are changes to the metadata, such as filename, description, MIME type, or review flags, which allows remote authenticated users to obtain sensitive information when (1) viewing the bug activity log or (2) receiving bug change notification mails.

Published Feb 20, 2005 · Updated Aug 8, 2024