Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.0

    MEDIUM
    CVE-2004-2164

    shoprestoreorder.asp in VP-ASP 5.0 does not close the database connection when a user restores a previous order, which allows remote attackers to cause a denial of service (connection consumption).... Read more

    Affected Products : vp-asp
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-2709

    Buffer overflow in the strip_html_tags method for Gyach Enhanced (Gyach-E) before 1.0.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via unknown vectors involving HTML tags.... Read more

    Affected Products : gyach_enhanced
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-1902

    The Citrix MetaFrame Password Manager 2.0, when a central credential store is not configured, does not encrypt passwords entered immediately after executing the First Time User Wizards, which allows local users to gain sensitive information.... Read more

    Affected Products : metaframe_password_manager
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2004-2719

    Buffer overflow in the UrlToLocal function in PunyLib.dll of Foxmail 5.0.300 allows remote attackers to execute arbitrary code via a mail message with a long From field, a different issue than CVE-2005-0339.... Read more

    Affected Products : foxmail
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-2716

    Multiple SQL injection vulnerabilities in usersL.php3 in PHPMyChat 0.14.5 allow remote attackers to execute arbitrary SQL commands via the (1) sortBy, (2) sortOrder, (3) startReg, (4) U, (5) LastCheck , and (6) R parameters.... Read more

    Affected Products : phpmychat
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2004-2109

    Multiple cross-site scripting (XSS) vulnerabilities in (1) imagezoom.asp or (2) recommend.asp in Q-Shop allow remote attackers to execute arbitrary script and steal the user session ID via Javascript in a URL.... Read more

    Affected Products : q-shop
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2004-2383

    Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to bypass cross-frame scripting restrictions and capture keyboard events from other domains via an HTML document with Javascript that is outside a frameset that includes the target domain... Read more

    Affected Products : internet_explorer ie
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2708

    Gyach Enhanced (Gyach-E) before 1.0.0 stores passwords in plaintext, which allows attackers to obtain user passwords by reading the configuration file.... Read more

    Affected Products : gyach_enhanced
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-2707

    Multiple unspecified vulnerabilities in Gyach Enhanced (Gyach-E) before 1.0.5 have unknown impact and attack vectors related to "several security flaws," probably related to buffer overflows in HTTP server responses.... Read more

    Affected Products : gyach_enhanced
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1666

    Buffer overflow in the MSN module in Trillian 0.74i allows remote MSN servers to execute arbitrary code via a long string that ends in a newline character.... Read more

    Affected Products : trillian
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-2710

    Multiple buffer overflows in Gyach Enhanced (Gyach-E) before 1.0.3 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to (1) sending certain typing statuses or (2) setting the chat room stat... Read more

    Affected Products : gyach_enhanced
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2705

    Unspecified vulnerability in Player vs. Player Gaming Network (PvPGN) before 1.6.4 allows remote attackers to obtain attributes of arbitrary accounts, including the password hash, via certain statsreq packets.... Read more

    Affected Products : pvpgn
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2104

    Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to obtain sensitive server information, including the internal IP address, via a direct request to (1) snoop.jsp, (2) SnoopServlet, (3) env.bas, or (4) lcgitest.nlm.... Read more

    Affected Products : netware
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-2701

    Cross-site scripting (XSS) vulnerability in signin.aspx for AspDotNetStorefront 3.3 allows remote attackers to inject arbitrary web script or HTML via the returnurl parameter.... Read more

    Affected Products : aspdotnetstorefront
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2385

    EMU Webmail 5.2.7 allows remote attackers to obtain sensitive path information (home directory) via an HTTP request for init.emu.... Read more

    Affected Products : emu_webmail
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2168

    BaSoMail 1.24 allows remote attackers to cause a denial of service (CPU consumption) via multiple connections to TCP port (1) 25 (SMTP) or (2) 110 (POP3).... Read more

    Affected Products : basomail_server
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 1.9

    LOW
    CVE-2004-2713

    Zone Alarm Pro 1.0 through 5.1 gives full access to %windir%\Internet Logs\* to the EVERYONE group, which allows local users to cause a denial of service by modifying the folder contents or permissions. NOTE: this issue has been disputed by the vendor, wh... Read more

    Affected Products : zonealarm
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1906

    Mcafee FreeScan allows remote attackers to cause a denial of service and possibly arbitrary code via a long string in the ScanParam property of a COM object, which may trigger a buffer overflow.... Read more

    Affected Products : freescan
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 8.5

    HIGH
    CVE-2004-2690

    Unrestricted file upload vulnerability in the Administration Panel for NewsPHP allows remote authenticated administrators to upload and execute arbitrary code instead of video files.... Read more

    Affected Products : newsphp
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-2689

    NewsPHP allows remote attackers to gain unauthorized administrative access by setting a cookie to the "autorized=admin; root=admin" value.... Read more

    Affected Products : newsphp
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025
Showing 20 of 293642 Results