LiveActive security incident?Get immediate response
CVE archive

February 2004

Browse CVE records published in February 2004, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 413 matching CVEs · Page 3 of 9.

Unknown · CVSS Not scored

CVE-2004-1686: Internet Explorer 6.0 in Windows XP SP2 allows remote attackers to bypass the Information Bar prompt for Ac...

Internet Explorer 6.0 in Windows XP SP2 allows remote attackers to bypass the Information Bar prompt for ActiveX and Javascript via an XHTML page that contains an Internet Explorer formatted comment between the DOCTYPE tag and the HTML tag, as demonstrated using the DesignScience MathPlayer ActiveX plugin.

Published Feb 20, 2005 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2004-1719: Multiple cross-site scripting (XSS) vulnerabilities in Merak Webmail Server 5.2.7 allow remote attackers to...

Multiple cross-site scripting (XSS) vulnerabilities in Merak Webmail Server 5.2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) category, (2) cserver, (3) ext, (4) global, (5) showgroups, (6) or showlite parameters to address.html, or the (7) spage or (8) autoresponder parameters to settings.html, the (9) folder parameter to readmail.html, or the (10) attachmentpage_text_error parameter to attachment.html, (11) folder, (12) ct, or (13) cv parameters to calendar.html, (14) an <img> tag, or (15) the subject of an e-mail message.

Published Feb 26, 2005 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2004-1617: Lynx, lynx-ssl, and lynx-cur before 2.8.6dev.8 allow remote attackers to cause a denial of service (infinit...

Lynx, lynx-ssl, and lynx-cur before 2.8.6dev.8 allow remote attackers to cause a denial of service (infinite loop) via a web page or HTML email that contains invalid HTML including (1) a TEXTAREA tag with a large COLS value and (2) a large tag name in an element that is not terminated, as demonstrated by mangleme. NOTE: a followup suggests that the relevant trigger for this issue is the large COLS value.

Published Feb 20, 2005 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2004-1611: SalesLogix 6.1 does not verify if a user is authenticated before performing sensitive operations, which cou...

SalesLogix 6.1 does not verify if a user is authenticated before performing sensitive operations, which could allow remote attackers to (1) execute arbitrary SLX commands on the server or spoof the server via a man-in-the-middle (MITM) attack, or (2) obtain the database password via a GetConnection request to TCP port 1707.

Published Feb 20, 2005 · Updated Aug 8, 2024