LiveActive security incident?Get immediate response
CVE archive

July 2004

Browse CVE records published in July 2004, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 262 matching CVEs · Page 4 of 6.

Unknown · CVSS Not scored

CVE-2004-0735: Buffer overflow in Medal of Honor (1) Allied Assault 1.11v9 and earlier, (2) Breakthrough 2.40b and earlier...

Buffer overflow in Medal of Honor (1) Allied Assault 1.11v9 and earlier, (2) Breakthrough 2.40b and earlier, and (3) Spearhead 2.15 and earlier, when playing on a Local Area Network (LAN), allows remote attackers to execute arbitrary code via vectors such as (1) the getinfo query, (2) the connect packet, and other unknown vectors.

Published Jul 23, 2004 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2004-0730: Multiple cross-site scripting (XSS) vulnerabilities in PhpBB 2.0.8 allow remote attackers to inject arbitra...

Multiple cross-site scripting (XSS) vulnerabilities in PhpBB 2.0.8 allow remote attackers to inject arbitrary web script or HTML via (1) the cat_title parameter in index.php, (2) the faq[0][0] parameter in lang_faq.php as accessible from faq.php, or (3) the faq[0][0] parameter in lang_bbcode.php as accessible from faq.php.

Published Jul 23, 2004 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2004-0727: Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 an...

Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as demonstrated by SimilarMethodNameRedir, aka the "Similar Method Name Redirection Cross Domain Vulnerability."

Published Jul 23, 2004 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2004-0715: The WebLogic Authentication provider for BEA WebLogic Server and WebLogic Express 8.1 through SP2 and 7.0 t...

The WebLogic Authentication provider for BEA WebLogic Server and WebLogic Express 8.1 through SP2 and 7.0 through SP4 does not properly clear member relationships when a group is deleted, which can cause a new group with the same name to have the members of the old group, which allows group members to gain privileges.

Published Jul 21, 2004 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2004-0705: Multiple cross-site scripting (XSS) vulnerabilities in (1) editcomponents.cgi, (2) editgroups.cgi, (3) edit...

Multiple cross-site scripting (XSS) vulnerabilities in (1) editcomponents.cgi, (2) editgroups.cgi, (3) editmilestones.cgi, (4) editproducts.cgi, (5) editusers.cgi, and (6) editversions.cgi in Bugzilla 2.16.x before 2.16.6, and 2.18 before 2.18rc1, allow remote attackers to execute arbitrary JavaScript as other users via a URL parameter.

Published Jul 21, 2004 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2004-0713: The remove method in a stateful Enterprise JavaBean (EJB) in BEA WebLogic Server and WebLogic Express versi...

The remove method in a stateful Enterprise JavaBean (EJB) in BEA WebLogic Server and WebLogic Express version 8.1 through SP2, 7.0 through SP4, and 6.1 through SP6, does not properly check EJB permissions before unexporting a bean, which allows remote authenticated users to remove EJB objects from remote views before the security exception is thrown.

Published Jul 21, 2004 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2004-0710: IP Security VPN Services Module (VPNSM) in Cisco Catalyst 6500 Series Switch and the Cisco 7600 Series Inte...

IP Security VPN Services Module (VPNSM) in Cisco Catalyst 6500 Series Switch and the Cisco 7600 Series Internet Routers running IOS before 12.2(17b)SXA, before 12.2(17d)SXB, or before 12.2(14)SY03 could allow remote attackers to cause a denial of service (device crash and reload) via a malformed Internet Key Exchange (IKE) packet.

Published Jul 21, 2004 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2004-0719: Internet Explorer for Mac 5.2.3, Internet Explorer 6 on Windows XP, and possibly other versions, does not p...

Internet Explorer for Mac 5.2.3, Internet Explorer 6 on Windows XP, and possibly other versions, does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.

Published Jul 23, 2004 · Updated Aug 8, 2024