LiveActive security incident?Get immediate response
CVE archive

October 2004

Browse CVE records published in October 2004, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 191 matching CVEs · Page 2 of 4.

Unknown · CVSS Not scored

CVE-2004-2696: BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, when using Remote Method Invocation (RMI) over...

BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, when using Remote Method Invocation (RMI) over Internet Inter-ORB Protocol (IIOP), does not properly handle when multiple logins for different users coming from the same client, which could cause an "unexpected user identity" to be used in an RMI call.

Published Oct 6, 2007 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2004-2691: Unspecified vulnerability in 3Com SuperStack 3 4400 switches with firmware version before 3.31 allows remot...

Unspecified vulnerability in 3Com SuperStack 3 4400 switches with firmware version before 3.31 allows remote attackers to cause a denial of service (device reset) via a crafted request to the web management interface. NOTE: the provenance of this information is unknown; details are obtained from third party reports.

Published Oct 6, 2007 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2004-2515: Format string vulnerability in VMware Workstation 4.5.2 build-8848, if running with elevated privileges, mi...

Format string vulnerability in VMware Workstation 4.5.2 build-8848, if running with elevated privileges, might allow local users to execute arbitrary code via format string specifiers in command line arguments. NOTE: it is not clear if there are any default or typical circumstances under which VMware would be running with privileges beyond those already available to the attackers, so this might not be a vulnerability.

Published Oct 25, 2005 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2004-2527: The local and remote desktop login screens in Microsoft Windows XP before SP2 and 2003 allow remote attacke...

The local and remote desktop login screens in Microsoft Windows XP before SP2 and 2003 allow remote attackers to cause a denial of service (CPU and memory consumption) by repeatedly using the WinKey+"U" key combination, which causes multiple copies of Windows Utility Manager to be loaded more quickly than they can be closed when the copies detect that another instance is running.

Published Oct 25, 2005 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2004-2511: Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3.2 and earlier allow remote attackers...

Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the year, (2) month, and (3) day parameters in calendar.php; (4) the cid and (5) url parameters in index.php; (6) the cid parameter in annoucement.php; (7) the cid parameter in news.php; (8) the cid parameter in contents.php; (9) the q parameter in search.php; and (10) the country parameter in register.php.

Published Oct 25, 2005 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2004-2536: The exit_thread function (process.c) in Linux kernel 2.6 through 2.6.5 does not invalidate the per-TSS io_b...

The exit_thread function (process.c) in Linux kernel 2.6 through 2.6.5 does not invalidate the per-TSS io_bitmap pointers if a process obtains IO access permissions from the ioperm function but does not drop those permissions when it exits, which allows other processes to access the per-TSS pointers, access restricted memory locations, and possibly gain privileges.

Published Oct 25, 2005 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2004-2485: Unspecified vulnerability in PHP Live!

Unspecified vulnerability in PHP Live! before 2.8.2, due to a "major security problem," allows remote attackers to include arbitrary files and directories via unspecified attack vectors.

Published Oct 25, 2005 · Updated Aug 8, 2024