LiveActive security incident?Get immediate response
CVE archive

August 2004

Browse CVE records published in August 2004, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 253 matching CVEs · Page 1 of 6.

Medium · CVSS 5.3

CVE-2004-2320: The default configuration of BEA WebLogic Server and Express 8.1 SP2 and earlier, 7.0 SP4 and earlier, 6.1...

The default configuration of BEA WebLogic Server and Express 8.1 SP2 and earlier, 7.0 SP4 and earlier, 6.1 through SP6, and 5.1 through SP13 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting.

Published Aug 16, 2005 · Updated May 28, 2026

High · CVSS 8.4

CVE-2004-2339: Microsoft Windows 2000, XP, and possibly 2003 allows local users with the SeDebugPrivilege privilege to exe...

Microsoft Windows 2000, XP, and possibly 2003 allows local users with the SeDebugPrivilege privilege to execute arbitrary code as kernel and read or write kernel memory via the NtSystemDebugControl function, which does not verify its pointer arguments. Note: this issue has been disputed, since Administrator privileges are typically required to exploit this issue, thus privilege boundaries are not crossed

Published Aug 16, 2005 · Updated Jan 16, 2025

Unknown · CVSS Not scored

CVE-2004-2294: Canonicalize-before-filter error in the send_review function in the Reviews module for PHP-Nuke 6.0 to 7.3...

Canonicalize-before-filter error in the send_review function in the Reviews module for PHP-Nuke 6.0 to 7.3 allows remote attackers to inject arbitrary web script or HTML via hex-encoded XSS sequences in the text parameter, which is checked for dangerous sequences before it is canonicalized, leading to a cross-site scripting (XSS) vulnerability.

Published Aug 4, 2005 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2004-2777: GE Healthcare Centricity Image Vault 3.x has a password of (1) gemnet for the administrator account, (2) we...

GE Healthcare Centricity Image Vault 3.x has a password of (1) gemnet for the administrator account, (2) webadmin for the webadmin administrator account of the ASACA DVD library, (3) an empty value for the gemsservice account of the Ultrasound Database, and possibly (4) gemnet2002 for the gemnet2002 account of the GEMNet license server, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.

Published Aug 4, 2015 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2004-2760: sshd in OpenSSH 3.5p1, when PermitRootLogin is disabled, immediately closes the TCP connection after a root...

sshd in OpenSSH 3.5p1, when PermitRootLogin is disabled, immediately closes the TCP connection after a root login attempt with the correct password, but leaves the connection open after an attempt with an incorrect password, which makes it easier for remote attackers to guess the password by observing the connection state, a different vulnerability than CVE-2003-0190. NOTE: it could be argued that in most environments, this does not cross privilege boundaries without requiring leverage of a separate vulnerability.

Published Aug 4, 2008 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2004-2429: Multiple stack-based and heap-based buffer overflows in EnderUNIX spamGuard before 1.7-BETA allow remote at...

Multiple stack-based and heap-based buffer overflows in EnderUNIX spamGuard before 1.7-BETA allow remote attackers to execute arbitrary code via the (1) qmail_parseline and (2) sendmail_parseline functions in parser.c, (3) loadconfig and (4) removespaces functions in loadconfig.c, and possibly (5) unspecified functions in functions.c.

Published Aug 18, 2005 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2004-2475: Cross-site scripting (XSS) vulnerability in Google Toolbar 2.0.114.1 allows remote attackers to inject arbi...

Cross-site scripting (XSS) vulnerability in Google Toolbar 2.0.114.1 allows remote attackers to inject arbitrary web script via about.html in the About section. NOTE: some followup posts suggest that the demonstration code's use of the res:// protocol does not cross privilege boundaries, since it is not allowed in the Internet Zone. Thus this might not be a vulnerability.

Published Aug 20, 2005 · Updated Aug 8, 2024