LiveActive security incident?Get immediate response
CVE archive

2004 CVE Archive

Browse CVE records published in 2004 CVE Archive, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 2644 matching CVEs · Page 2 of 53.

Unknown · CVSS Not scored

CVE-2004-2180: Multiple cross-site scripting (XSS) vulnerabilities in WowBB Forum 1.61 allow remote attackers to inject ar...

Multiple cross-site scripting (XSS) vulnerabilities in WowBB Forum 1.61 allow remote attackers to inject arbitrary web script or HTML via the (1) country parameter to view_user.php, (2) show parameter to view_forum.php, (3) letter parameter to view_user.php, (4) highlight parameter to view_topic.php, (5) show parameter to index.php, (6) q parameter to search.php, (7) Referer header to admin.php, or the (8) user_email parameter to login.php.

Published Jul 10, 2005 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2004-2629: Multiple vulnerabilities in the H.323 protocol implementation for First Virtual Communications Click to Mee...

Multiple vulnerabilities in the H.323 protocol implementation for First Virtual Communications Click to Meet Express (when used with H.323 conferencing endpoints), Click to Meet Premier, Conference Server, and V-Gate allow remote attackers to cause a denial of service, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.

Published Dec 4, 2005 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2004-2598: Quake II server before R1Q2, as used in multiple products, allows remote attackers to corrupt the server's...

Quake II server before R1Q2, as used in multiple products, allows remote attackers to corrupt the server's client state data structure by exiting a session without a valid disconnect command, then reconnecting, which prevents a mod from being notified of changes in the client state. NOTE: the impact of this issue will vary depending on which mod is being used.

Published Nov 29, 2005 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2004-2682: PeerSec MatrixSSL before 1.1 does not implement RSA blinding, which allows context-dependent attackers to o...

PeerSec MatrixSSL before 1.1 does not implement RSA blinding, which allows context-dependent attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal), a related issue to CVE-2003-0147.

Published Jul 5, 2007 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2004-2210: Multiple cross-site scripting (XSS) vulnerabilities in Express-Web Content Management System (CMS) allow re...

Multiple cross-site scripting (XSS) vulnerabilities in Express-Web Content Management System (CMS) allow remote attackers to steal cookie-based authentication information and possibly perform other exploits via the (1) n, (2) b, (3) e, or (4) a parameters to default.asp, (5) the Referer header in an HTTP request to login.asp, or (6) the email parameter to subscribe/default.asp.

Published Jul 10, 2005 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2004-2765: Cross-site scripting (XSS) vulnerability in Webmail in Sun ONE Messaging Server 6.1 and iPlanet Messaging S...

Cross-site scripting (XSS) vulnerability in Webmail in Sun ONE Messaging Server 6.1 and iPlanet Messaging Server 5.2 before 5.2hf2.02, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via a crafted e-mail message, a different vulnerability than CVE-2005-2022 and CVE-2006-5486.

Published Jan 28, 2010 · Updated Sep 16, 2024