LiveActive security incident?Get immediate response
CVE archive

August 2004

Browse CVE records published in August 2004, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 253 matching CVEs · Page 4 of 6.

Unknown · CVSS Not scored

CVE-2004-2347: blog.cgi in Leif M.

blog.cgi in Leif M. Wright Web Blog 1.1 and 1.1.5 allows remote attackers to execute arbitrary commands via shell metacharacters such as '|' in the file parameter of ViewFile requests.

Published Aug 16, 2005 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2004-2372: Buffer overflow in Bochs before 2.1.1, if installed setuid, allows local users to execute arbitrary code vi...

Buffer overflow in Bochs before 2.1.1, if installed setuid, allows local users to execute arbitrary code via a long HOME environment variable, which is used if the .bochsrc, bochsrc, and bochsrc.txt cannot be found in a known path. NOTE: some external documents recommend that Bochs be installed setuid root, so this should be treated as a vulnerability.

Published Aug 16, 2005 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2004-2363: Validate-Before-Canonicalize vulnerability in the checkURI function in functions.inc.php in PHPX 3.0 throug...

Validate-Before-Canonicalize vulnerability in the checkURI function in functions.inc.php in PHPX 3.0 through 3.2.6 allows remote attackers to conduct cross-site scripting (XSS) attacks via hex-encoded tags, which bypass the check for literal "<", ">", "(", and ")" characters, as demonstrated using the limit parameter to forums.php and a variety of other vectors.

Published Aug 16, 2005 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2004-2340: ** UNVERIFIABLE ** SQL injection vulnerability in PunkBuster Screenshot Database (PB-DB) Alpha 6 allows re...

** UNVERIFIABLE ** SQL injection vulnerability in PunkBuster Screenshot Database (PB-DB) Alpha 6 allows remote attackers to execute arbitrary SQL commands via the username and password fields of the login form. NOTE: the original vulnerability report contains several significant inconsistencies that make it unclear whether the report is accurate, including (1) PB-DB is really the "PunkBuster Screenshot Database" and not "PunkBuster" itself; (2) there is no apparent association between PunkBuster and "Punky Brewster"; (3) the claimed source code is not anywhere in Alpha 6.

Published Aug 16, 2005 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2004-2343: Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specifie...

Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument

Published Aug 16, 2005 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2004-2364: Cross-site request forgery (CSRF) vulnerability in PHPX 3.0 through 3.2.6 allows remote attackers to execut...

Cross-site request forgery (CSRF) vulnerability in PHPX 3.0 through 3.2.6 allows remote attackers to execute arbitrary commands via URLs that are automatically executed on behalf of the administrator, as demonstrated using (1) admin/page.php, (2) admin/news.php, (3) admin/user.php, (4) admin/images.php, (5) admin/page.php, or (6) admin/forums.php.

Published Aug 16, 2005 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2004-2334: Multiple cross-site scripting (XSS) vulnerabilities in EMU Webmail 5.2.7 allow remote attackers to inject a...

Multiple cross-site scripting (XSS) vulnerabilities in EMU Webmail 5.2.7 allow remote attackers to inject arbitrary web script or HTML via (1) a hex-encoded value to the variable parameter in emumail.fcgi, (2) the folder parameter in emumail.fcgi, or Javascript in the (3) username or (4) password field in the login page.

Published Aug 16, 2005 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2004-2293: Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.0 to 7.3 allow remote attackers to inject...

Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.0 to 7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) eid parameter or (2) query parameter to the Encyclopedia module, (3) preview_review function in the Reviews module as demonstrated by the url, cover, rlanguage, and hits parameters, or (4) savecomment function in the Reviews module, as demonstrated using the uname parameter. NOTE: the Faq/categories and Encyclopedia/ltr issues are already covered by CVE-2005-1023.

Published Aug 4, 2005 · Updated Aug 8, 2024