Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2004-1080

    The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replica... Read more

    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-1170

    a2ps 4.13 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename.... Read more

    Affected Products : suse_linux a2ps java_desktop_system
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2004-1130

    Cross-site scripting (XSS) vulnerability in admin.asp in CMailServer 5.2 allows remote attackers to execute arbitrary web script or HTML via personal information fields, such as (1) username, (2) name, or (3) comments.... Read more

    Affected Products : cmailserver
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-1108

    qpkg in Gentoolkit 0.2.0_pre10 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary directory.... Read more

    Affected Products : linux
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1169

    MaxDB WebTools 7.5.00.18 and earlier allows remote attackers to cause a denial of service (application crash) via an HTTP GET request for a file that does not exist, followed by two carriage returns, which causes a NULL dereference.... Read more

    Affected Products : maxdb
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1201

    Opera 7.54 allows remote attackers to cause a denial of service (application crash from memory exhaustion), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays.... Read more

    Affected Products : opera_browser
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-1113

    SQL injection vulnerability in SQLgrey Postfix greylisting service before 1.2.0 allows remote attackers to execute arbitrary SQL commands via the (1) sender or (2) recipient e-mail addresses.... Read more

    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2004-1100

    Cross-site scripting (XSS) vulnerability in mailpost.exe in MailPost 5.1.1sv, and possibly earlier versions, when debug mode is enabled, allows remote attackers to execute arbitrary web script or HTML via the append parameter.... Read more

    Affected Products : mailpost
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2004-1149

    Computer Associates eTrust EZ Antivirus 7.0.0 to 7.0.4, including 7.0.1.4, installs its files with insecure permissions (ACLs), which allows local users to gain privileges by replacing critical programs with malicious ones, as demonstrated using VetMsg.ex... Read more

    Affected Products : etrust_ez_antivirus
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-1222

    weblibs.pl in WebLibs 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the TextFile parameter.... Read more

    Affected Products : weblibs
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2004-1313

    The Smc.exe process in My Firewall Plus 5.0 build 1117, and possibly other versions, does not drop privileges before invoking help, which allows local users to gain privileges.... Read more

    Affected Products : my_firewall_plus
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1218

    Remote Execute 2.30 allows remote attackers to cause a denial of service (application crash) by making 7 simultaneous connections.... Read more

    Affected Products : remote_execute
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-1279

    Buffer overflow in the get_file_list_stdin function in jpegtoavi 1.5 allows remote attackers to execute arbitrary code via a crafted set of JPEG files and filenames.... Read more

    Affected Products : jpegtoavi
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-1266

    Buffer overflow in the get_field_headers function in csv2xml.cpp for csv2xml 0.5.1 allows remote attackers to execute arbitrary code via a crafted CSV file.... Read more

    Affected Products : csv2xml
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-1262

    Buffer overflow in the bsb_open_header function in libbsb for bsb2ppm 0.0.6 allows remote attackers to execute arbitrary code via crafted BSB pictures.... Read more

    Affected Products : bsb2ppm
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-1293

    Buffer overflow in the ReadFontTbl function in reader.c for rtf2latex2e 1.0fc2 allows remote attackers to execute arbitrary code via a crafted RTF file.... Read more

    Affected Products : rtf2latex2e
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-1225

    SQL injection vulnerability in SugarCRM Sugar Sales before 2.0.1a allows remote attackers to execute arbitrary SQL commands and gain privileges via the record parameter in a DetailView action to index.php, and record parameters in other functionality.... Read more

    Affected Products : sugarcrm
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1157

    Opera 7.x up to 7.54, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window ... Read more

    Affected Products : opera_browser
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1136

    Buffer overflow in CuteFTP Professional 6.0, and possibly other versions, allows remote FTP servers to cause a denial of service (application crash) via large replies to FTP commands.... Read more

    Affected Products : cuteftp
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-1274

    The DownloadLoop function in main.c for greed 0.81p allows remote attackers to execute arbitrary code via a GRX file containing a filename with shell metacharacters.... Read more

    Affected Products : greed
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 293641 Results