Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.6

    MEDIUM
    CVE-2004-1224

    Off-by-one error in the mtr_curses_keyaction function for mtr 0.55 through 0.65 allows local users to hijack raw sockets, as demonstrated using the "s" keybinding, which leaves a buffer without a NULL terminator.... Read more

    Affected Products : mtr
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1231

    Directory traversal vulnerability in Gadu-Gadu allows remote attackers to read arbitrary files via .. (dot dot) sequences in a DCC connection with a CTCP packet that contains a 1 as the type and a 4 as the subtype.... Read more

    Affected Products : gadu-gadu_instant_messenger
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1215

    Kreed 1.05 and earlier allows remote attackers to cause a denial of service (server disconnect) via a long UDP packet, which causes a "message too long" socket error.... Read more

    Affected Products : kreed
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2004-1213

    Cross-site scripting (XSS) vulnerability in index.php in Advanced Guestbook 2.3.1, 2.2, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the entry parameter.... Read more

    Affected Products : advanced_guestbook
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1206

    Directory traversal vulnerability in codebrowserpntm.php in pnTresMailer 6.0.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the filetodownload parameter.... Read more

    Affected Products : pntresmailer
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1205

    codebrowserpntm.php in PnTresMailer 6.03 allows remote attackers to gain sensitive information via an invalid filetohighlight parameter, which reveals the full path in an error message.... Read more

    Affected Products : pntresmailer
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1203

    parser.php in phpCMS 1.2.1 and earlier, with non-stealth and debug modes enabled, allows remote attackers to gain sensitive information via an invalid file parameter, which reveals the web server's installation path.... Read more

    Affected Products : phpcms
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1207

    The Serious engine, as used in (1) Alpha Black Zero Intrepid Protocol 1.04 and earlier, (2) Nitro family, and (3) Serious Sam Second Encounter 1.07 allows remote attackers to cause a denial of service (server crash) via a large number of UDP join requests... Read more

    Affected Products : seriousengine
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1216

    The scripts that handle players in Kreed 1.05 and earlier allow remote attackers to cause a denial of service (server freeze) via a long (1) nickname or (2) model type, which generates dialog boxes on the server that must be manually handled before the se... Read more

    Affected Products : kreed
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2004-1202

    Cross-site scripting (XSS) vulnerability in parser.php in phpCMS 1.2.1 and earlier, with non-stealth and debug modes enabled, allows remote attackers to inject arbitrary web script or HTML via the file parameter.... Read more

    Affected Products : phpcms
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-1290

    Buffer overflow in the process_moves function in pgn2web.c for pgn2web 0.3 allows remote attackers to execute arbitrary code via a crafted PGN file.... Read more

    Affected Products : pgn2web
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-1255

    Buffer overflow in the expandtabs function in 2fax 3.04 allows remote attackers to execute arbitrary code via a text file that is converted to TIFF.... Read more

    Affected Products : 2fax
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-1309

    Heap-based buffer overflow in the demux_open_bmp function in demux_bmp.c for Unix MPlayer 1.0pre5 allows remote attackers to execute arbitrary code via a bitmap (BMP) file containing a large biClrUsed field.... Read more

    Affected Products : unix_mplayer
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0568

    HyperTerminal application for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the length of a value that is saved in a session file, which allows remote attackers to execute arbitrary code via a malicious Hyper... Read more

    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-1292

    Buffer overflow in the parse_emelody function in parse_emelody.c for ringtonetools 2.22 allows remote attackers to execute arbitrary code via a crafted eMelody file.... Read more

    Affected Products : ringtonetools
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-0287

    Bottomline Webseries Payment Application allows remote attackers to read arbitrary files on the network via a report template with modified ReportPath or ReportName values.... Read more

    Affected Products : webseries_payment_application
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1277

    The download_selection_recursive() function in ftplist.c for IglooFTP 0.6.1 allows remote malicious FTP servers to overwrite arbitrary files via filenames that contain / (slash) characters.... Read more

    Affected Products : iglooftp
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-1271

    Buffer overflow in the dxfin function in d.c for dxfscope 0.2 allows remote attackers to execute arbitrary code via a crafted DXF file.... Read more

    Affected Products : dxf_file_format_viewer
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-1298

    Buffer overflow in the parse function in vb2c.c for vb2c 0.02 allows remote attackers to execute arbitrary code via a crafted FRM file.... Read more

    Affected Products : vb2c
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-1286

    Buffer overflow in the auto_filter_extern function in auto.c for NapShare 1.2, with the extern filter enabled, allows remote attackers to execute arbitrary code via a crafted gnutella response.... Read more

    Affected Products : napshare
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 293975 Results