Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2004-0330

    Buffer overflow in Serv-U ftp before 5.0.0.4 allows remote authenticated users to execute arbitrary code via a long time zone argument to the MDTM command.... Read more

    Affected Products : serv-u_file_server
    • EPSS Score: %83.14
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0239

    SQL injection vulnerability in showphoto.php in PhotoPost PHP Pro 4.6 and earlier allows remote attackers to gain unauthorized access via the photo variable.... Read more

    Affected Products : photopost_php_pro
    • EPSS Score: %0.38
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0268

    Multiple buffer overflows in EvolutionX 3921 and 3935 allow remote attackers to cause a denial of service (hang) via (1) a long cd command to the FTP server, or (2) a long dir command to the telnet server.... Read more

    Affected Products : evolutionx
    • EPSS Score: %4.82
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0277

    Format string vulnerability in Dream FTP 1.02 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the username.... Read more

    Affected Products : dream_ftp_server
    • EPSS Score: %8.07
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 9.8

    CRITICAL
    CVE-2004-0285

    PHP remote file inclusion vulnerabilities in include/footer.inc.php in (1) AllMyVisitors, (2) AllMyLinks, and (3) AllMyGuests allow remote attackers to execute arbitrary PHP code via a URL in the _AMVconfig[cfg_serverpath] parameter.... Read more

    Affected Products : allmyguests allmylinks allmyvisitors
    • EPSS Score: %29.93
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0243

    AIX 4.3.3 through AIX 5.1, when direct remote login is disabled, displays a different message if the password is correct, which allows remote attackers to guess the password via brute force methods.... Read more

    Affected Products : aix
    • EPSS Score: %0.68
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2004-0248

    Cross-site scripting vulnerability (XSS) in PHPX 3.2.3 allows remote attackers to execute arbitrary script as other users by injecting arbitrary HTML or script into (1) keywords argument of main.inc.php, (2) body argument of help.inc.php, or (3) the subje... Read more

    Affected Products : phpx
    • EPSS Score: %1.26
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2004-0360

    Unknown vulnerability in passwd(1) in Solaris 8.0 and 9.0 allows local users to gain privileges via unknown attack vectors.... Read more

    Affected Products : solaris sunos
    • EPSS Score: %0.26
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0290

    Buffer overflow in Purge Jihad 2.0.1 and earlier allows remote game servers to execute arbitrary code via an information packet that contains large (1) battle type and (2) map name fields.... Read more

    Affected Products : purge purge_jihad
    • EPSS Score: %5.73
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2004-0344

    Directory traversal vulnerability in ModifyMessage.php in YaBB SE 1.5.4 through 1.5.5b allows remote attackers to delete arbitrary files via a .. (dot dot) in the attachOld parameter.... Read more

    Affected Products : yabb
    • EPSS Score: %2.86
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0317

    Buffer overflow in eauth in Load Sharing Facility 4.x, 5.x, and 6.x allows local users or remote attackers within the LSF cluster to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a long LSF_From_PC parameter.... Read more

    Affected Products : lsf
    • EPSS Score: %2.84
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0329

    FreeChat 1.1.1a allows remote attackers to cause a denial of service (crash) via certain unexpected strings, as demonstrated using "aaaaa".... Read more

    Affected Products : freechat
    • EPSS Score: %0.89
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2004-0238

    Multiple buffer overflows in Overkill (0verkill) 0.15pre3 might allow local users to execute arbitrary code in the client via a long HOME environment variable in the (1) load_cfg and (2) save_cfg functions; possibly allow remote attackers to execute arbit... Read more

    Affected Products : 0verkill
    • EPSS Score: %0.29
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0240

    Directory traversal vulnerability in X-Cart 3.4.3 allows remote attackers to view arbitrary files via a .. (dot dot) in the shop_closed_file argument to auth.php.... Read more

    Affected Products : x-cart
    • EPSS Score: %0.41
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0250

    SQL injection vulnerability in PhotoPost PHP Pro 4.6 and earlier allows remote attackers to gain privileges via (1) the product parameter in showproduct.php or (2) the cat parameter in showcat.php.... Read more

    Affected Products : photopost_php_pro
    • EPSS Score: %1.44
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0334

    InnoMedia VideoPhone allows remote attackers to bypass Basic Authorization via an HTTP request to (1) videophone_admindetail.asp, (2) videophone_syscfg.asp, (3) videophone_upgrade.asp, or (4) videophone_sysctrl.asp that contains a trailing / (slash). NOT... Read more

    Affected Products : innomedia_videophone
    • EPSS Score: %0.30
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 7.8

    HIGH
    CVE-2004-0346

    Off-by-one buffer overflow in _xlate_ascii_write() in ProFTPD 1.2.7 through 1.2.9rc2p allows local users to gain privileges via a 1024 byte RETR command.... Read more

    Affected Products : proftpd
    • EPSS Score: %0.08
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0313

    Buffer overflow in PSOProxy 0.91 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long HTTP request, as demonstrated using a long (1) GET argument or (2) method name.... Read more

    Affected Products : psoproxy_server
    • EPSS Score: %77.84
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0343

    Multiple SQL injection vulnerabilities in YaBB SE 1.5.4 through 1.5.5b allow remote attackers to execute arbitrary SQL via (1) the msg parameter in ModifyMessage.php or (2) the postid parameter in ModifyMessage.php.... Read more

    Affected Products : yabb
    • EPSS Score: %0.32
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0336

    LAN SUITE Web Mail 602Pro allows remote attackers to gain sensitive information via the mail login form, which contains the path to the mail directory.... Read more

    Affected Products : 602pro_lan_suite
    • EPSS Score: %0.42
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025
Showing 20 of 291741 Results