Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.0

    HIGH
    CVE-2004-2700

    Unrestricted file upload vulnerability in AspDotNetStorefront 3.3 allows remote authenticated administrators to upload arbitrary files with executable extensions via admin/images.aspx.... Read more

    Affected Products : aspdotnetstorefront
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-2703

    Clearswift MIMEsweeper 5.0.5, when it has been upgraded from MAILsweeper for SMTP version 4.3 or MAILsweeper Business Suite I or II, allows remote attackers to bypass scanning by including encrypted data in a mail message, which causes the message to be m... Read more

    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-2725

    Multiple cross-site scripting (XSS) vulnerabilities in Aztek Forum 4.0 allow remote attackers to inject arbitrary web script or HTML via (1) the search parameter in (a) search.php, (2) the email parameter in (b) subscribe.php, and (3) the return and (4) t... Read more

    Affected Products : aztek_forum
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2004-2675

    ArGoSoft FTP Server before 1.4.1.6 allows remote authenticated users to cause a denial of service (crash) via a SITE PASS command with a long password parameter, which causes the database to be corrupted.... Read more

    Affected Products : ftp_server
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-2711

    Multiple buffer overflows in Gyach Enhanced (Gyach-E) before 1.0.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to "avatar retrieval."... Read more

    Affected Products : gyach_enhanced
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.1

    HIGH
    CVE-2004-2724

    LionMax Software Chat Anywhere 2.72a allows remote attackers to cause a denial of service (server crash and client CPU consumption) via a username beginning with percent (%) followed by a null character.... Read more

    Affected Products : chat_anywhere
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.9

    MEDIUM
    CVE-2004-2660

    Memory leak in direct-io.c in Linux kernel 2.6.x before 2.6.10 allows local users to cause a denial of service (memory consumption) via certain O_DIRECT (direct IO) write requests.... Read more

    Affected Products : linux_kernel enterprise_linux
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-2688

    Cross-site scripting (XSS) vulnerability in index.php in NewsPHP allows remote attackers to inject arbitrary web script or HTML via the cat_id parameter. NOTE: this issue might overlap vector 3 in CVE-2006-3358.... Read more

    Affected Products : newsphp
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2004-1150

    Stack-based buffer overflow in the in_cdda.dll plugin for Winamp 5.0 through 5.08c allows attackers to execute arbitrary code via a cda:// URL with a long (1) device name or (2) sound track number, as demonstrated with a .m3u or .pls playlist file.... Read more

    Affected Products : winamp
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1546

    Multiple buffer overflows in MDaemon 6.5.1 allow remote attackers to cause a denial of service (application crash) via a long (1) SAML, SOML, SEND, or MAIL command to the SMTP server or (2) LIST command to the IMAP server.... Read more

    Affected Products : mdaemon
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1043

    Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to execute arbitrary code by using the "Related Topics" command in the Help ActiveX Control (hhctrl.ocx) to open a Help popup window containing the PCHealth tools.htm file in the local zone a... Read more

    Affected Products : internet_explorer windows_xp
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0985

    Internet Explorer 6.x on Windows XP SP2 allows remote attackers to execute arbitrary code, as demonstrated using a document with a draggable file type such as .xml, .doc, .py, .cdf, .css, .pdf, or .ppt, and using ADODB.Connection and ADODB.recordset to wr... Read more

    Affected Products : ie
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1406

    SQL injection vulnerability in ikonboard.cgi in Ikonboard 3.1.0 through 3.1.3 allows remote attackers to inject arbitrary SQL commands via the (1) st or (2) keywords parameter.... Read more

    Affected Products : ikonboard
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2004-0979

    Internet Explorer on Windows XP does not properly modify the "Drag and Drop or copy and paste files" setting when the user sets it to "Disable" or "Prompt," which may enable security-sensitive operations that are inconsistent with the user's intended conf... Read more

    Affected Products : internet_explorer windows_xp ie
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0561

    Format string vulnerability in the log routine for gopher daemon (gopherd) 3.0.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code.... Read more

    Affected Products : gopherd
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0498

    The H.323 protocol agent in StoneSoft firewall engine 2.2.8 and earlier allows remote attackers to cause a denial of service (crash) via crafted H.323 packets.... Read more

    Affected Products : firewall_engine
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1143

    The password generation in mailman before 2.1.5 generates only 5 million unique passwords, which makes it easier for remote attackers to guess passwords via a brute force attack.... Read more

    Affected Products : enterprise_linux mailman
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2004-0999

    zgv 5.5.3 allows remote attackers to cause a denial of service (application crash via segmentation fault) via crafted multiple-image (animated) GIF images.... Read more

    Affected Products : zgv_image_viewer
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-2139

    Unknown vulnerability in Adminedit.pl YaBB 1 Gold before 1.3.2 allows attackers to execute arbitrary code via settings.pl.... Read more

    Affected Products : yabb
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-2153

    Multiple unknown vulnerabilities in Real Estate Management Software 1.0 have unknown impact and attack vectors.... Read more

    Affected Products : real_estate_management_software
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025
Showing 20 of 293681 Results