Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2004-2261

    Cross-site scripting (XSS) vulnerability in e107 allows remote attackers to inject arbitrary script or HTML via the "login name/author" field in the (1) news submit or (2) article submit functions.... Read more

    Affected Products : e107
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-2562

    SQL injection vulnerability in jobedit.asp in Leigh Business Enterprises (LBE) Web Helpdesk before 4.0.0.81 allows remote attackers to execute arbitrary SQL commands via the id parameter.... Read more

    Affected Products : web_helpdesk
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-2619

    ripMIME 1.3.2.3 and earlier allows remote attackers to bypass e-mail protection via a base64 MIME encoded attachment containing invalid characters that are not properly extracted.... Read more

    Affected Products : ripmime
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2586

    Directory traversal vulnerability in frmGetAttachment.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote attackers to read arbitrary files via the filename parameter.... Read more

    Affected Products : smartermail
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-2566

    Multiple cross-site scripting (XSS) vulnerabilities in LiveWorld products, possibly including (1) LiveForum, (2) LiveQ&A, (3) LiveChat, and (4) LiveFocusGroup, allow remote attackers to inject arbitrary web script or HTML via the q parameter in (a) search... Read more

    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2004-2633

    Unspecified vulnerability in Sesamie 1.0 allows remote anonymous attackers to gain access to repositories of other users via unknown vectors.... Read more

    Affected Products : sesame_rdf_container
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-2613

    Unspecified vulnerability in procfs in the Linux-VServer stable branch for the 2.4 kernel before 1.23 and Linux-VServer development branch for the 2.4 kernel before 1.3.5 has unspecified impact and attack vectors, related to "write access to specific proc... Read more

    Affected Products : linux-vserver
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-2651

    Multiple cross-site scripting (XSS) vulnerabilities in YaCy before 0.32 allow remote attackers to inject arbitrary web script or HTML via the (1) urlmaskfilter parameter to index.html or the (2) page parameter to Wiki.html.... Read more

    Affected Products : yacy
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2664

    John Lim ADOdb Library for PHP before 4.23 allows remote attackers to obtain sensitive information via direct requests to certain scripts that result in an undefined value of ADODB_DIR, which reveals the installation path in an error message.... Read more

    Affected Products : adodb
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2588

    Intentional information leak in phpinfo.php in XMB (aka extreme message board) 1.9 beta (aka Nexus beta) allows remote attackers to obtain sensitive information such as the configuration of the web server and the PHP application.... Read more

    Affected Products : xmb_forum
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-2635

    An ActiveX control for McAfee Security Installer Control System 4.0.0.81 allows remote attackers to access the Windows registry via web pages that use the control's RegQueryValue() method.... Read more

    Affected Products : security_installer_control_system
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-2239

    Buffer overflow in vsybase.c in vpopmail 5.4.2 and earlier might allow attackers to cause a denial of service or execute arbitrary code.... Read more

    Affected Products : vpopmail_\(vchkpw\)
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2004-2176

    The Internet Connection Firewall (ICF) in Microsoft Windows XP SP2 is configured by default to trust sessmgr.exe, which allows local users to use sessmgr.exe to create a local listening port that bypasses the ICF access controls.... Read more

    Affected Products : windows_xp
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.8

    HIGH
    CVE-2004-2652

    The DecodeTCPOptions function in decode.c in Snort before 2.3.0, when printing TCP/IP options using FAST output or verbose mode, allows remote attackers to cause a denial of service (crash) via packets with invalid TCP/IP options, which trigger a null der... Read more

    Affected Products : snort
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2680

    mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.... Read more

    Affected Products : mod_python
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 6.9

    MEDIUM
    CVE-2004-2698

    Race condition in IMWheel 1.0.0pre11 and earlier, when running with the -k option, allows local users to cause a denial of service (IMWheel crash) and possibly modify arbitrary files via a symlink attack on the imwheel.pid file.... Read more

    Affected Products : imwheel
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2595

    Absolute path traversal vulnerability in Quake II server before R1Q2 on Linux, as used in multiple products, allows remote attackers to cause a denial of service (application crash) via a download command with a full pathname for a directory in the argume... Read more

    Affected Products : quake_ii_server_linux
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-2604

    Cross-site scripting (XSS) vulnerability in index.php in PHProxy allows remote attackers to inject arbitrary web script or HTML via the error parameter.... Read more

    Affected Products : phproxy
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2636

    TinyWeb 1.9 allows remote attackers to read source code of scripts via "/./" in the URL.... Read more

    Affected Products : tinyweb
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2654

    The clientAbortBody function in client_side.c in Squid Web Proxy Cache before 2.6 STABLE6 allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors that trigger a null dereference. NOTE: in a followup advisory, a r... Read more

    Affected Products : squid
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025
Showing 20 of 293352 Results