Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2004-1328

    Unknown vulnerability in newgrp in HP-UX B.11.00, B.11.04, and B.11.11 allows local users to gain elevated privileges.... Read more

    Affected Products : hp-ux
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-1179

    The debstd script in debmake 3.6.x before 3.6.10 and 3.7.x before 3.7.7 allows local users to overwrite arbitrary files via a symlink attack on temporary directories.... Read more

    Affected Products : debmake
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-2447

    Cross-site scripting (XSS) vulnerability in 1st Class Mail Server 4.01 allows remote attackers to inject arbitrary web script or HTML via the Mailbox parameter to (1) viewmail.tagz, (2) the index script under /user/, (3) members.tagz, (4) general.tagz, (5... Read more

    Affected Products : 1st_class_mail_server
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-2453

    Unknown vulnerability in Tutti Nova 0.10 through 0.12 (Beta) and 0.9.4, when register_globals is enabled, has unknown impact and attack vectors.... Read more

    Affected Products : tutti_nova
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2457

    Unspecified vulnerability in 3Com OfficeConnect ADSL 11g Router allows remote attackers to cause a denial of service (crash) via a large amount of UDP traffic.... Read more

    Affected Products : 3crwe754g72-a
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-2463

    Buffer overflow in ADA Image Server (ImgSvr) 0.4 allows remote attackers to cause a denial of service (web server crash) or execute arbitrary code via a long GET request.... Read more

    Affected Products : imgsvr
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2464

    Directory traversal vulnerability in ADA Image Server (ImgSvr) 0.4 allows remote attackers to read arbitrary files or list directories via hex-encoded "..//" sequences ("%2e%2e%2f%2f"). NOTE: it was later reported that 0.6.21 and earlier is also affected... Read more

    Affected Products : imgsvr
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1141

    The HTTP dissector in Ethereal 0.10.1 through 0.10.7 allows remote attackers to cause a denial of service (application crash) via a certain packet that causes the dissector to access previously-freed memory.... Read more

    Affected Products : ethereal
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-2470

    Unspecified vulnerability in MadBMS before 1.1.5 has unknown impact and attack vectors, related to logins.... Read more

    Affected Products : madbms
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2744

    Unspecified vulnerability in Tincan Limited PHPlist before 2.8.12 has unknown impact and attack vectors, related to a "security update release."... Read more

    Affected Products : mailing_list_manager
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-2741

    Cross-site scripting (XSS) vulnerability in the "help window" (help.php) in Horde Application Framework 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) module, (2) topic, or (3) module parameters.... Read more

    Affected Products : application_framework
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-2742

    Cross-site scripting (XSS) vulnerability in the report viewer in Crystal Enterprise 8.5, 9, and 10 allows remote attackers to inject arbitrary web script or HTML via script in the URL to a report (RPT) file.... Read more

    Affected Products : crystal_enterprise
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1540

    ZyXEL Prestige 623, 650, and 652 HW Routers, and possibly other versions, with HTTP Remote Administration enabled, does not require a password to access rpFWUpload.html, which allows remote attackers to reset the router configuration file.... Read more

    Affected Products : prestige zynos
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2004-2274

    Unknown vulnerability in Jigsaw before 2.2.4 has unknown impact and attack vectors, possibly related to the parsing of the URI.... Read more

    Affected Products : jigsaw
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2282

    DansGuardian before 2.7.7-2 allows remote attackers to bypass URL filters via a ".." in the request.... Read more

    Affected Products : dansguardian
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-2437

    SQL injection vulnerability in PHP-Fusion 4.01 allows remote attackers to execute arbitrary SQL commands via the rowstart parameter to (1) index.php or (2) members.php, or (3) the comment_id parameter to comments.php.... Read more

    Affected Products : php_fusion
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-2407

    Unknown vulnerability in phpGroupWare before 0.9.14.002 has unknown attack vectors and impact, related to a "security hole" in the Setup/Config functionality.... Read more

    Affected Products : phpgroupware
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2380

    Directory traversal vulnerability in postfile.exe for Twilight Utilities Web Server 2.0.0.0 allows remote attackers to write arbitrary files via a .. (dot dot) in the attfile parameter.... Read more

    Affected Products : twilight_utilities_web_server
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1494

    Buffer overflow in the Screen Fetch option in XDICT 2002 through 2005 allows remote attackers to cause a denial of service ( CPU consumption or application exit) and possibly execute arbitrary code via a long string.... Read more

    Affected Products : xdict
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1546

    Multiple buffer overflows in MDaemon 6.5.1 allow remote attackers to cause a denial of service (application crash) via a long (1) SAML, SOML, SEND, or MAIL command to the SMTP server or (2) LIST command to the IMAP server.... Read more

    Affected Products : mdaemon
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025
Showing 20 of 293280 Results