Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.0

    MEDIUM
    CVE-2004-2617

    Directory traversal vulnerability in Pegasi Web Server (PWS) 0.2.2 allows remote attackers to read files outside of the web root via a .. (dot dot) directly after the initial '/' (slash) in the URI.... Read more

    Affected Products : pegasi_web_server
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-1790

    Cross-site scripting (XSS) vulnerability in the web management interface in Edimax AR-6004 ADSL Routers allows remote attackers to inject arbitrary web script or HTML via the URL.... Read more

    Affected Products : full_rate_adsl_router
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2004-2616

    The file server in ActivePost Standard 3.1 and earlier allows remote authenticated users to obtain sensitive information by uploading a file, which reveals the path in a success message.... Read more

    Affected Products : activepost_standard
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2121

    Multiple directory traversal vulnerabilities in Borland Web Server (BWS) 1.0b3 and earlier allow remote attackers to read and download arbitrary files via (1) multi-dot "......" sequences, or (2) "%5c%2e%2e" (encoded "\..") sequences, in the URL.... Read more

    Affected Products : web_server_for_corel_paradox
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2004-2615

    The documentation for CuteNews 1.3.6 and possibly other versions specifies that files under cutenews/data must be manually given world-writable permissions, which allows local users to insert false news, delete news, and possibly gain privileges or have o... Read more

    Affected Products : cutenews
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2216

    Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and earlier and 6.1 SP1 and earlier, and Application Server 7 Update 4 and earlier, allows remote attackers to cause a denial of service (crash) via a malformed client certificate.... Read more

    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2004-2011

    msxml3.dll in Internet Explorer 6.0.2600.0 allows remote attackers to cause a denial of service (crash) via a single & (ampersand) in a <Ref href> link, which triggers a parsing error, possibly due to missing portions of the URI.... Read more

    Affected Products : internet_explorer
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.8

    HIGH
    CVE-2004-2013

    Integer overflow in the SCTP_SOCKOPT_DEBUG_NAME SCTP socket option in socket.c in the Linux kernel 2.4.25 and earlier allows local users to execute arbitrary code via an optlen value of -1, which causes kmalloc to allocate 0 bytes of memory.... Read more

    Affected Products : linux_kernel
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1521

    Eudora 6.2.0.14 does not issue a warning when a user forwards an e-mail message that contains base64 or quoted-printable encoded attachments, which makes it easier for remote attackers to read arbitrary files via spoofed "Converted" headers.... Read more

    Affected Products : eudora
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2146

    CRLF injection vulnerability in PD9 Software MegaBBS 2 and 2.1 allows attackers to conduct HTTP response splitting attacks via the fid parameter in a writenew action to thread-post.asp.... Read more

    Affected Products : megabbs
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2222

    Directory traversal vulnerability in index.php in FsPHPGallery before 1.2 allows remote attackers to list arbitrary directories via the dir parameter.... Read more

    Affected Products : fsphpgallery
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2706

    Unspecified vulnerability in Gyach Enhanced (Gyach-E) before 1.0.4 allows remote attackers to cause a denial of service (crash) via conference packets with error messages.... Read more

    Affected Products : gyach_enhanced
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-2248

    Unknown vulnerability in RemoteEditor before 0.1.1 has unknown impact and attack vectors, related to "oversize submissions."... Read more

    Affected Products : remoteeditor
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-2152

    Cross-site scripting (XSS) vulnerability in 'raw' page output mode for MediaWiki 1.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML.... Read more

    Affected Products : mediawiki
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1796

    PHP remote file inclusion vulnerability in HotNews 0.7.2 and earlier allows remote attackers to execute arbitrary PHP code via the (1) config[header] parameter to hotnews-engine.inc.php3 or (2) config[incdir] parameter to hnmain.inc.php3.... Read more

    Affected Products : hotnews
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2004-1757

    BEA WebLogic Server and Express 8.1, SP1 and earlier, stores the administrator password in cleartext in config.xml, which allows local users to gain privileges.... Read more

    Affected Products : weblogic_server
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1561

    Buffer overflow in Icecast 2.0.1 and earlier allows remote attackers to execute arbitrary code via an HTTP request with a large number of headers.... Read more

    Affected Products : icecast
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1951

    xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui 0.9.21 to 0.9.23 allows remote attackers to overwrite arbitrary files via the (1) audio.sun_audio_device or (2) dxr3.devicename options in an MRL link.... Read more

    Affected Products : xine-lib xine xine-ui
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1332

    Stack-based buffer overflow in the FTP daemon in HP-UX 11.11i, with the -v (debug) option enabled, allows remote attackers to execute arbitrary code via a long command request.... Read more

    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-2209

    SQL injection vulnerability in Ideal Science IdealBB 1.4.9 through 1.5.3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.... Read more

    Affected Products : idealbb
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025
Showing 20 of 293513 Results