Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2004-0637

    Oracle Database Server 8.1.7.4 through 9.2.0.4 allows local users to execute commands with additional privileges via the ctxsys.driload package, which is publicly accessible.... Read more

    Affected Products : database_server oracle8i oracle9i
    • EPSS Score: %19.33
    • Published: Sep. 02, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-1659

    Cross-site scripting (XSS) vulnerability in index.php in CuteNews 1.3.6 and earlier allows remote attackers with Administrator, Editor, Journalist or Commenter privileges to inject arbitrary web script or HTML via the mod parameter.... Read more

    Affected Products : cutenews
    • EPSS Score: %0.66
    • Published: Sep. 02, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1661

    MailWorks Professional allows remote attackers to bypass authentication and gain privileges via a cookie that contains "auth=1" and "uId=1."... Read more

    Affected Products : mailworks_professional
    • EPSS Score: %4.15
    • Published: Sep. 02, 2004
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2004-1658

    Kerio Personal Firewall 4.0 (KPF4) allows local users with administrative privileges to bypass the Application Security feature and execute arbitrary processes by directly writing to \device\physicalmemory to restore the running kernel's SDT ServiceTable.... Read more

    Affected Products : personal_firewall
    • EPSS Score: %0.08
    • Published: Sep. 02, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1656

    CRLF injection vulnerability in Comersus Shopping Cart 5.0991 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the redirecturl parameter.... Read more

    Affected Products : comersus_cart
    • EPSS Score: %5.83
    • Published: Sep. 01, 2004
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2004-1372

    Multiple stack-based buffer overflows in IBM DB2 7.x and 8.1 allow local users to execute arbitrary code via (1) a long third argument to the rec2xml function or (2) a long filename argument to the generate_distfile procedure.... Read more

    Affected Products : db2_universal_database
    • EPSS Score: %0.05
    • Published: Sep. 01, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1654

    SQL injection vulnerability in the calendar module in phpWebsite 0.9.3-4 and earlier allows remote attackers to execute arbitrary SQL commands via cal_template.... Read more

    Affected Products : phpwebsite
    • EPSS Score: %1.14
    • Published: Sep. 01, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-1657

    Cross-site scripting (XSS) vulnerability in the Activity and Events Viewer for Newtelligence DasBlog allows remote attackers to inject arbitrary web script or HTML via the (1) User Agent or (2) Referrer HTTP headers.... Read more

    Affected Products : dasblog
    • EPSS Score: %0.71
    • Published: Sep. 01, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-1655

    Cross-site scripting (XSS) vulnerability in phpWebsite 0.9.3-4 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) CM_pid parameter in the comments module or (2) the subject or message fields in the notes module.... Read more

    Affected Products : phpwebsite
    • EPSS Score: %1.85
    • Published: Sep. 01, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1652

    phpScheduleIt 1.0.0 RC1 does not clear administrative privileges if the administrator logs in as a normal user, which allows users with physical access to gain administrative privileges.... Read more

    Affected Products : phpscheduleit
    • EPSS Score: %0.39
    • Published: Aug. 31, 2004
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2004-1653

    The default configuration for OpenSSH enables AllowTcpForwarding, which could allow remote authenticated users to perform a port bounce, when configured with an anonymous access program such as AnonCVS.... Read more

    Affected Products : openssh
    • EPSS Score: %0.51
    • Published: Aug. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1650

    D-Link DCS-900 Internet Camera listens on UDP port 62976 for an IP address, which allows remote attackers to change the IP address of the camera via a UDP broadcast packet.... Read more

    Affected Products : dcs-900_internet_camera
    • EPSS Score: %3.46
    • Published: Aug. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-1648

    Cross-site scripting (XSS) vulnerability in (1) index.asp, (2) ChangePassword.asp, (3) users_list.asp, (4) and users_add.asp in Password Protect allows remote attackers to inject arbitrary web script or HTML via the ShowMsg parameter.... Read more

    Affected Products : password_protect
    • EPSS Score: %0.56
    • Published: Aug. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2004-1649

    Buffer overflow in Microsoft Msinfo32.exe might allow local users to execute arbitrary code via a long filename in the msinfo_file command line parameter. NOTE: this issue might not cross security boundaries, so it may be REJECTED in the future.... Read more

    Affected Products : windows_2000
    • EPSS Score: %1.50
    • Published: Aug. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2004-1774

    Buffer overflow in the SDO_CODE_SIZE procedure of the MD2 package (MDSYS.MD2.SDO_CODE_SIZE) in Oracle 10g before 10.1.0.2 Patch 2 allows local users to execute arbitrary code via a long LAYER parameter.... Read more

    Affected Products : application_server oracle10g
    • EPSS Score: %7.66
    • Published: Aug. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-1651

    Multiple cross-site scripting (XSS) vulnerabilities in the registration page in phpScheduleIt 1.0.0 RC1 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Lastname fields during new user registration, or (3) the Schedule... Read more

    Affected Products : phpscheduleit
    • EPSS Score: %0.53
    • Published: Aug. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1660

    PHP remote file inclusion vulnerability in CuteNews 1.3.6 and earlier allows remote attackers to execute arbitrary PHP code via the cutepath parameter to (1) show_archives.php or (2) show_news.php.... Read more

    Affected Products : cutenews
    • EPSS Score: %0.89
    • Published: Aug. 30, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1646

    Directory traversal vulnerability in Xedus 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.... Read more

    Affected Products : xedus
    • EPSS Score: %4.25
    • Published: Aug. 30, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1644

    Xedus 1.0 allows remote attackers to cause a denial of service (refuse connections) by connecting multiple times from the same IP address.... Read more

    Affected Products : xedus
    • EPSS Score: %1.08
    • Published: Aug. 30, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-1645

    Cross-site scripting (XSS) vulnerability in Xedus 1.0 allows remote attackers to execute arbitrary web script or HTML via the (1) username parameter to test.x, (2) username parameter to TestServer.x, or (3) param parameter to testgetrequest.x.... Read more

    Affected Products : xedus
    • EPSS Score: %0.53
    • Published: Aug. 30, 2004
    • Modified: Apr. 03, 2025
Showing 20 of 291625 Results