LiveActive security incident?Get immediate response
CVE archive

November 2004

Browse CVE records published in November 2004, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 131 matching CVEs · Page 1 of 3.

Unknown · CVSS Not scored

CVE-2004-2545: Secure Computing Corporation Sidewinder G2 6.1.0.01 allows remote attackers to cause a denial of service (S...

Secure Computing Corporation Sidewinder G2 6.1.0.01 allows remote attackers to cause a denial of service (SMTP proxy failure) via unknown attack vendors involving an "extremely busy network." NOTE: this might not be a vulnerability because the embedded monitoring sub-system automatically restarts after the failure.

Published Nov 20, 2005 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2004-2598: Quake II server before R1Q2, as used in multiple products, allows remote attackers to corrupt the server's...

Quake II server before R1Q2, as used in multiple products, allows remote attackers to corrupt the server's client state data structure by exiting a session without a valid disconnect command, then reconnecting, which prevents a mod from being notified of changes in the client state. NOTE: the impact of this issue will vary depending on which mod is being used.

Published Nov 29, 2005 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2004-2747: Directory traversal vulnerability in Pablo Software Solutions Quick 'n Easy FTP Server 1.77, and possibly e...

Directory traversal vulnerability in Pablo Software Solutions Quick 'n Easy FTP Server 1.77, and possibly earlier versions, allows remote authenticated users to determine the existence of arbitrary files via a .. (dot dot) in the DEL command, which triggers different error messages depending on whether the file exists or not.

Published Nov 8, 2007 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2004-2600: The firmware for Intelligent Platform Management Interface (IPMI) 1.5-based Intel Server Boards and Platfor...

The firmware for Intelligent Platform Management Interface (IPMI) 1.5-based Intel Server Boards and Platforms is shipped with an Authentication Type Enables parameter set to an invalid None parameter, which allows remote attackers to obtain sensitive information when LAN management functionality is enabled.

Published Nov 29, 2005 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2004-2571: Multiple buffer overflows in EnderUNIX isoqlog 2.1.1 allow remote attackers to execute arbitrary code via t...

Multiple buffer overflows in EnderUNIX isoqlog 2.1.1 allow remote attackers to execute arbitrary code via the (1) parseQmailFromBytesLine, (2) parseQmailToRemoteLine, (3) parseQmailToLocalLine, (4) parseSendmailFromBytesLine, (5) parseSendmailToLine, (6) parseEximFromBytesLine, and (7) parseEximToLine functions in Parser.c; allow local users to execute arbitrary code via the (8) lowercase and (9) check_syslog_date functions in Parser.c, and (10) unspecified functions in Dir.c; and allow unspecified attackers to execute arbitrary code via the (11) loadconfig and (12) removespaces functions in loadconfig.c, the (13) loadLang function in LangCfg.c, and (14) unspecified functions in Html.c.

Published Nov 22, 2005 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2004-2597: Quake II server before R1Q2, as used in multiple products, allows remote attackers to bypass IP-based acces...

Quake II server before R1Q2, as used in multiple products, allows remote attackers to bypass IP-based access control rules via a userinfo string that already contains an "ip" key/value pair but is also long enough to cause a new key/value pair to be truncated, which interferes with the server's ability to find the client's IP address.

Published Nov 29, 2005 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2004-2595: Absolute path traversal vulnerability in Quake II server before R1Q2 on Linux, as used in multiple products...

Absolute path traversal vulnerability in Quake II server before R1Q2 on Linux, as used in multiple products, allows remote attackers to cause a denial of service (application crash) via a download command with a full pathname for a directory in the argument, which causes the server to crash when it cannot read data.

Published Nov 29, 2005 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2004-2572: AMAX Magic Winmail Server 3.6 allows remote attackers to obtain sensitive information by entering (1) inval...

AMAX Magic Winmail Server 3.6 allows remote attackers to obtain sensitive information by entering (1) invalid characters such as "()" or (2) a large number of characters in the Lookup field on the netaddressbook.php web form, which reveals the path in an ldaplib.php error message when the ldap_search function fails, due to improper processing of the $keyword variable.

Published Nov 22, 2005 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2004-2566: Multiple cross-site scripting (XSS) vulnerabilities in LiveWorld products, possibly including (1) LiveForum...

Multiple cross-site scripting (XSS) vulnerabilities in LiveWorld products, possibly including (1) LiveForum, (2) LiveQ&A, (3) LiveChat, and (4) LiveFocusGroup, allow remote attackers to inject arbitrary web script or HTML via the q parameter in (a) search.jsp, (b) findclub!execute.jspa, and (c) search!execute.jspa.

Published Nov 22, 2005 · Updated Aug 8, 2024