Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2004-2239

    Buffer overflow in vsybase.c in vpopmail 5.4.2 and earlier might allow attackers to cause a denial of service or execute arbitrary code.... Read more

    Affected Products : vpopmail_\(vchkpw\)
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2004-2176

    The Internet Connection Firewall (ICF) in Microsoft Windows XP SP2 is configured by default to trust sessmgr.exe, which allows local users to use sessmgr.exe to create a local listening port that bypasses the ICF access controls.... Read more

    Affected Products : windows_xp
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-1911

    Cross-site scripting (XSS) vulnerability in AzDGDatingLite 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the (1) l parameter (aka language variable) to index.php or (2) id parameter to view.php.... Read more

    Affected Products : azdgdating
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-2218

    SQL injection vulnerability in pmwh.php in PHPMyWebHosting 0.3.4 and earlier allows remote attackers to modify SQL statements via the password parameter.... Read more

    Affected Products : phpmywebhosting
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2273

    efFingerD 0.2.12 allows remote attackers to cause a denial of service (daemon crash) via a packet with a single byte, which triggers a "Wrong protocol or connection state" error.... Read more

    Affected Products : effingerd
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-1879

    Cross-site scripting (XSS) vulnerability in PHPKIT 1.6.03 allows allows remote attackers to inject arbitrary web script or HTML via forum messages.... Read more

    Affected Products : phpkit
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.6

    HIGH
    CVE-2004-1896

    Heap-based buffer overflow in in_mod.dll in Nullsoft Winamp 2.91 through 5.02 allows remote attackers to execute arbitrary code via a Fasttracker 2 (.xm) mod media file.... Read more

    Affected Products : winamp
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-2295

    SQL injection vulnerability in the Reviews module in PHP-Nuke 6.0 to 7.3 allows remote attackers to execute arbitrary SQL commands via the order parameter.... Read more

    Affected Products : php-nuke
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2213

    Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to obtain the source code for scripts via a (1) trailing dot (".") or (2) trailing space in an HTTP request.... Read more

    Affected Products : mbedthis_appweb_http_server
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2004-2198

    account.asp in DUware DUclassmate 1.0 through 1.1 allows remote attackers to change the passwords for arbitrary users by modifying the MM_recordId parameter on the "My Account" page.... Read more

    Affected Products : duclassmate
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1869

    Etherlords I 1.07 and earlier and Etherlords II 1.03 and earlier allows remote attackers to cause a denial of service (crash) by sending a packet that specifies the size for the next packet, then sending a larger packet than specified, which causes Etherl... Read more

    Affected Products : etherlords etherlords_ii
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1904

    Buffer overflow in ascontrol.dll in Panda ActiveScan 5.0 allows remote attackers to execute arbitrary code via the Internacional property followed by a long string.... Read more

    Affected Products : activescan
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-2211

    Cross-site scripting (XSS) vulnerability in AliveSites Forums 2.0 allows remote attackers to inject arbitrary web script or HTML via the (1) forum_id, (2) method, or (3) forum_title parameters to post.asp, (4) the forum_title parameter to forum.asp, or (5... Read more

    Affected Products : alivesites_forum
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-2254

    SurgeLDAP 1.0g (Build 12), and possibly other versions before 1.0h, allows remote attackers to bypass authentication for the administration interface via a direct request to admin.cgi with a modified utoken parameter.... Read more

    Affected Products : surgeldap
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2004-2306

    Sun Solaris 7 through 9, when Basic Security Module (BSM) is enabled and the SUNWscpu package has been removed as a result of security hardening, disables mail alerts from the audit_warn script, which might allow attackers to escape detection.... Read more

    Affected Products : solaris sunos
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2004-2197

    kdocker.cpp in kdocker 0.1 through 0.8 does not properly check the ownership of files, which could allow local users to execute arbitrary programs.... Read more

    Affected Products : kdocker
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-2142

    Unknown vulnerability in the remote tape support (remote.c) in the RMT client for Jorg Schilling sdd 1.28 and 1.31 has unknown impact and attack vectors.... Read more

    Affected Products : sdd
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2277

    Buffer overflow in aGSM Half-Life client allows remote Half-Life servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server response.... Read more

    Affected Products : agsm
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1891

    The ftp_syslog function in ftpd in SGI IRIX 6.5.20 "doesn't work with anonymous FTP," which has an unknown impact, possibly preventing the actions of anonymous users from being logged.... Read more

    Affected Products : irix
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2004-2269

    Stack-based buffer overflow in pads.c in Passive Asset Detection System (Pads) might allow local users to execute arbitrary code via a long report file name argument. NOTE: since Pads is not normally installed setuid, this may not be a vulnerability.... Read more

    Affected Products : pads
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025
Showing 20 of 293530 Results