Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2004-2403

    Cross-site request forgery (CSRF) vulnerability in YaBB 1 GOLD SP 1.3.2 allows remote attackers to perform unauthorized actions as the administrative user via a link or IMG tag to YaBB.pl that specifies the desired action, id, and moda parameters.... Read more

    Affected Products : yabb
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2004-2719

    Buffer overflow in the UrlToLocal function in PunyLib.dll of Foxmail 5.0.300 allows remote attackers to execute arbitrary code via a mail message with a long From field, a different issue than CVE-2005-0339.... Read more

    Affected Products : foxmail
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-2716

    Multiple SQL injection vulnerabilities in usersL.php3 in PHPMyChat 0.14.5 allow remote attackers to execute arbitrary SQL commands via the (1) sortBy, (2) sortOrder, (3) startReg, (4) U, (5) LastCheck , and (6) R parameters.... Read more

    Affected Products : phpmychat
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2708

    Gyach Enhanced (Gyach-E) before 1.0.0 stores passwords in plaintext, which allows attackers to obtain user passwords by reading the configuration file.... Read more

    Affected Products : gyach_enhanced
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1519

    SQL injection vulnerability in bug.php in phpBugTracker 0.9.1 allows remote attackers to execute arbitrary SQL commands via (1) the bug_id parameter in a viewvotes operation or (2) the project parameter in an add operation.... Read more

    Affected Products : phpbugtracker
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1404

    Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.... Read more

    Affected Products : attachment_mod
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-2414

    Novell NetWare 6.5 SP 1.1, when installing or upgrading using the Overlay CDs and performing a custom installation with OpenSSH, includes sensitive password information in the (1) NIOUTPUT.TXT and (2) NI.LOG log files, which might allow local users to obt... Read more

    Affected Products : netware
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2004-2128

    Cross-site scripting (XSS) vulnerability in BRS WebWeaver 1.07 allows remote attackers to execute arbitrary script as other users via the query string to ISAPISkeleton.dll.... Read more

    Affected Products : webweaver
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2004-2678

    Unspecified vulnerability in HP Tru64 UNIX 5.1B PK2(BL22) and PK3(BL24), and 5.1A PK6(BL24), when using IPsec/IKE (Internet Key Exchange) with Certificates, allows remote attackers to gain privileges via unknown attack vectors.... Read more

    Affected Products : tru64
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-2707

    Multiple unspecified vulnerabilities in Gyach Enhanced (Gyach-E) before 1.0.5 have unknown impact and attack vectors related to "several security flaws," probably related to buffer overflows in HTTP server responses.... Read more

    Affected Products : gyach_enhanced
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-2470

    Unspecified vulnerability in MadBMS before 1.1.5 has unknown impact and attack vectors, related to logins.... Read more

    Affected Products : madbms
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-2402

    Cross-site scripting (XSS) vulnerability in YaBB.pl in YaBB 1 GOLD SP 1.3.2 allows remote attackers to inject arbitrary web script or HTML via a hex-encoded to parameter. NOTE: some sources say that the board parameter is affected, but this is incorrect.... Read more

    Affected Products : yabb
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1528

    The Event Calendar module 2.13 for PHP-Nuke allows remote attackers to gain sensitive information via an HTTP request to (1) config.php, (2) index.php, or (3) submit.php, which reveal the full path in an error message.... Read more

    Affected Products : php-nuke_event_calendar
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2004-2667

    Cross-site scripting (XSS) vulnerability in Lotus Domino 6.0.x before 6.0.4 and 6.5.x before 6.5.2 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.... Read more

    Affected Products : lotus_domino
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-2180

    Multiple cross-site scripting (XSS) vulnerabilities in WowBB Forum 1.61 allow remote attackers to inject arbitrary web script or HTML via the (1) country parameter to view_user.php, (2) show parameter to view_forum.php, (3) letter parameter to view_user.p... Read more

    Affected Products : wowbb_web_forum
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2004-2396

    passwd 0.68 does not check the return code for the pam_start function, which has unknown impact and attack vectors that may prevent "safe and proper operation" of PAM.... Read more

    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-2510

    Cross-site scripting (XSS) vulnerability in showflat.php in Infopop UBB.Threads before 6.5 allows remote attackers to inject arbitrary web script or HTML via the Cat parameter.... Read more

    Affected Products : ubb.threads
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-2710

    Multiple buffer overflows in Gyach Enhanced (Gyach-E) before 1.0.3 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to (1) sending certain typing statuses or (2) setting the chat room stat... Read more

    Affected Products : gyach_enhanced
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2705

    Unspecified vulnerability in Player vs. Player Gaming Network (PvPGN) before 1.6.4 allows remote attackers to obtain attributes of arbitrary accounts, including the password hash, via certain statsreq packets.... Read more

    Affected Products : pvpgn
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-2388

    rexecd for AIX 4.3.3 does not properly use a local copy of the pwd structure when calling getpwnam, which may cause the structure to be overwritten by the authenticate function and assign privileges to the wrong user.... Read more

    Affected Products : aix
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025
Showing 20 of 293304 Results