Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2004-0811

    Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.... Read more

    Affected Products : http_server
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2004-0806

    cdrecord in the cdrtools package before 2.01, when installed setuid root, does not properly drop privileges before executing a program specified in the RSH environment variable, which allows local users to gain privileges.... Read more

    Affected Products : cdrecord
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0369

    Buffer overflow in Entrust LibKmp ISAKMP library, as used by Symantec Enterprise Firewall 7.0 through 8.0, Gateway Security 5300 1.0, Gateway Security 5400 2.0, and VelociRaptor 1.5, allows remote attackers to execute arbitrary code via a crafted ISAKMP p... Read more

    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0090

    Unknown vulnerability in Windows File Sharing for Mac OS X 10.1.5 through 10.3.2 does not "shutdown properly," which has unknown impact and attack vectors.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0951

    The make_recovery command for the TFTP server in HP Ignite-UX before C.6.2.241 makes a copy of the password file in the TFTP directory tree, which allows remote attackers to obtain sensitive information.... Read more

    Affected Products : hp-ux ignite-ux
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0498

    The H.323 protocol agent in StoneSoft firewall engine 2.2.8 and earlier allows remote attackers to cause a denial of service (crash) via crafted H.323 packets.... Read more

    Affected Products : firewall_engine
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0567

    The Windows Internet Naming Service (WINS) in Windows NT Server 4.0 SP 6a, NT Terminal Server 4.0 SP 6, Windows 2000 Server SP3 and SP4, and Windows Server 2003 does not properly validate the computer name value in a WINS packet, which allows remote attac... Read more

    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2380

    Directory traversal vulnerability in postfile.exe for Twilight Utilities Web Server 2.0.0.0 allows remote attackers to write arbitrary files via a .. (dot dot) in the attfile parameter.... Read more

    Affected Products : twilight_utilities_web_server
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2360

    Targem Battle Mages 1.0 allows remote attackers to cause a denial of service (infinite loop) via a UDP packet with incomplete data, which causes the server to enter an infinite loop while waiting to read the rest of the data that is not sent.... Read more

    Affected Products : battle_mages
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-2437

    SQL injection vulnerability in PHP-Fusion 4.01 allows remote attackers to execute arbitrary SQL commands via the rowstart parameter to (1) index.php or (2) members.php, or (3) the comment_id parameter to comments.php.... Read more

    Affected Products : php_fusion
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-2407

    Unknown vulnerability in phpGroupWare before 0.9.14.002 has unknown attack vectors and impact, related to a "security hole" in the Setup/Config functionality.... Read more

    Affected Products : phpgroupware
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2594

    Absolute path traversal vulnerability in Quake II server before R1Q2 on Windows, as used in multiple products, allows remote attackers to read arbitrary files via a "\/" in a pathname argument, as demonstrated by "download \/server.cfg".... Read more

    Affected Products : quake_ii_server_windows
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2004-2126

    The upgrade for BlackICE PC Protection 3.6 and earlier sets insecure permissions for .INI files such as (1) blackice.ini, (2) firewall.ini, (3) protect.ini, or (4) sigs.ini, which allows local users to modify BlackICE configuration or possibly execute arb... Read more

    Affected Products : blackice_pc_protection
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 9.8

    CRITICAL
    CVE-2004-2154

    CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf as case sensitive, which allows attackers to bypass intended ACLs via a printer name containing uppercase or lowercase letters that are different from what is specified in the directive.... Read more

    Affected Products : cups ubuntu_linux ubuntu_linux
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-2720

    Cross-site scripting (XSS) vulnerability in register.asp in Snitz Forums 2000 3.4.04 and earlier allows remote attackers to inject arbitrary web script or HTML via javascript events in the Email parameter.... Read more

    Affected Products : snitz_forums_2000
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 9.0

    HIGH
    CVE-2004-2673

    Multiple buffer overflows in ArGoSoft FTP Server before 1.4.1.6 allow remote authenticated users to cause a denial of service and possibly execute arbitrary code via (1) a SITE ZIP command with a long first or second argument, or (2) a SITE COPY with a lo... Read more

    Affected Products : ftp_server
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2004-2584

    frmAddfolder.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote authenticated users to create a folder that SmarterMail cannot delete or rename via a folder name with a null byte ("%00"). NOTE: it is not clear whether this issue poses a ... Read more

    Affected Products : smartermail
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-2653

    Unspecified vulnerability in PD9 Software MegaBBS 2.0 and 2.1 allows attackers to gain privileges via unknown vectors involving (1) admin/userlevelmembers-edit.asp and (2) admin/edit-groups.asp.... Read more

    Affected Products : megabbs
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-2502

    im-switch before 11.4-46.1 in Fedora Core 2 allows local users to overwrite arbitrary files via a symlink attack on the imswitcher[PID] temporary file.... Read more

    Affected Products : im-switch
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2524

    clogin.php in Benchmark Designs' WHM AutoPilot 2.4.5 and earlier allows remote attackers to obtain plaintext username and password credentials by using the clogin_e and base64_encode functions to encode the desired user ID in the c parameter, then read th... Read more

    Affected Products : whm_autopilot
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025
Showing 20 of 293494 Results