LiveActive security incident?Get immediate response
CVE archive

August 2004

Browse CVE records published in August 2004, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 253 matching CVEs · Page 2 of 6.

Unknown · CVSS Not scored

CVE-2004-2482: Microsoft Outlook 2000 and 2003, when configured to use Microsoft Word 2000 or 2003 as the e-mail editor an...

Microsoft Outlook 2000 and 2003, when configured to use Microsoft Word 2000 or 2003 as the e-mail editor and when forwarding e-mail, does not properly handle an opening OBJECT tag that does not have a closing OBJECT tag, which causes Outlook to automatically download the URI in the data property of the OBJECT tag and might allow remote attackers to execute arbitrary code.

Published Aug 21, 2005 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2004-2411: The CleanseMessage function in shop$db.asp for VP-ASP Shopping Cart 4.0 through 5.0 does not sufficiently c...

The CleanseMessage function in shop$db.asp for VP-ASP Shopping Cart 4.0 through 5.0 does not sufficiently cleanse inputs, which allows remote attackers to conduct cross-site scripting (XSS) attacks that do not use <script> tags, as demonstrated via javascript in IMG tags to (1) the cat parameter in shopdisplayproducts.asp or (2) the msg parameter in shoperror.asp, and possibly other vectors.

Published Aug 18, 2005 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2004-2442: Multiple interpretation error in various F-Secure Anti-Virus products, including Workstation 5.43 and earli...

Multiple interpretation error in various F-Secure Anti-Virus products, including Workstation 5.43 and earlier, Windows Servers 5.50 and earlier, MIMEsweeper 5.50 and earlier, Anti-Virus for Linux Servers and Gateways 4.61 and earlier, and other products, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on the target system.

Published Aug 20, 2005 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2004-2426: Directory traversal vulnerability in Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlie...

Directory traversal vulnerability in Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to bypass authentication via a .. (dot dot) in an HTTP POST request to ServerManager.srv, then use these privileges to conduct other activities, such as modifying files using editcgi.cgi.

Published Aug 18, 2005 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2004-2427: Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to obtain...

Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to obtain sensitive information via direct requests to (1) admin/getparam.cgi, (2) admin/systemlog.cgi, (3) admin/serverreport.cgi, and (4) admin/paramlist.cgi, modify system information via (5) setparam.cgi and (6) factorydefault.cgi, or (7) cause a denial of service (reboot) via restart.cgi.

Published Aug 18, 2005 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2004-2434: Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (browser crash) vi...

Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (browser crash) via a link with "::{" (colon colon left brace), which triggers a null dereference when the user attempts to save the link using "Save As" and Internet Explorer prepares an error message with an attacker-controlled format string.

Published Aug 18, 2005 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2004-2408: Linux VServer 1.27 and earlier, 1.3.9 and earlier, and 1.9.1 and earlier shares /proc permissions across al...

Linux VServer 1.27 and earlier, 1.3.9 and earlier, and 1.9.1 and earlier shares /proc permissions across all virtual and host servers, which allows local users with the ability to set permissions in /proc to obtain system information or cause a denial of service on other virtual servers or the host server.

Published Aug 18, 2005 · Updated Aug 8, 2024