Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2004-1299

    Buffer overflow in the get_attr function in html.c for vilistextum 2.6.6 allows remote attackers to execute arbitrary code via a crafted web page.... Read more

    Affected Products : vilistextum
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-1152

    Buffer overflow in the mailListIsPdf function in Adobe Acrobat Reader 5.09 for Unix allows remote attackers to execute arbitrary code via an e-mail message with a crafted PDF attachment.... Read more

    Affected Products : acrobat_reader
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-1110

    The mtink status monitor before 1.0.5 for Epson printers allows local users to overwrite arbitrary files via a symlink attack on the epson temporary file.... Read more

    Affected Products : linux mtink
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0571

    Microsoft Word for Windows 6.0 Converter does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Table Conversion Vulnerability," a ... Read more

    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-1019

    The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to cause a denial of service and execute arbitrary code via untrusted data to the unserialize function that may trigger "information disclosure, double-free and ... Read more

    Affected Products : php ubuntu_linux secure_linux openpkg
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1269

    lppasswd in CUPS 1.1.22 does not remove the passwd.new file if it encounters a file-size resource limit while writing to passwd.new, which causes subsequent invocations of lppasswd to fail.... Read more

    Affected Products : cups fedora_core
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-1022

    Kerio Winroute Firewall before 6.0.7, ServerFirewall before 1.0.1, and MailServer before 6.0.5 use symmetric encryption for user passwords, which allows attackers to decrypt the user database and obtain the passwords by extracting the secret key from with... Read more

    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1215

    Kreed 1.05 and earlier allows remote attackers to cause a denial of service (server disconnect) via a long UDP packet, which causes a "message too long" socket error.... Read more

    Affected Products : kreed
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-1168

    Stack-based buffer overflow in the WebDav handler in MaxDB WebTools 7.5.00.18 and earlier allows remote attackers to execute arbitrary code via a long Overwrite header.... Read more

    Affected Products : maxdb
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 6.6

    MEDIUM
    CVE-2004-1193

    Prevx Home 1.0 allows local users with administrator privileges to bypass the intrusion prevention features by directly writing to \device\physicalmemory, which restores the running kernel's original SDT ServiceTable.... Read more

    Affected Products : prevx_home
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1194

    Buffer overflow in Star Wars Battlefront 1.11 and earlier allows remote attackers to cause a denial of service (application crash) via a long nickname.... Read more

    Affected Products : star_wars_battlefront
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1205

    codebrowserpntm.php in PnTresMailer 6.03 allows remote attackers to gain sensitive information via an invalid filetohighlight parameter, which reveals the full path in an error message.... Read more

    Affected Products : pntresmailer
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2004-1202

    Cross-site scripting (XSS) vulnerability in parser.php in phpCMS 1.2.1 and earlier, with non-stealth and debug modes enabled, allows remote attackers to inject arbitrary web script or HTML via the file parameter.... Read more

    Affected Products : phpcms
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1216

    The scripts that handle players in Kreed 1.05 and earlier allow remote attackers to cause a denial of service (server freeze) via a long (1) nickname or (2) model type, which generates dialog boxes on the server that must be manually handled before the se... Read more

    Affected Products : kreed
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1207

    The Serious engine, as used in (1) Alpha Black Zero Intrepid Protocol 1.04 and earlier, (2) Nitro family, and (3) Serious Sam Second Encounter 1.07 allows remote attackers to cause a denial of service (server crash) via a large number of UDP join requests... Read more

    Affected Products : seriousengine
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1203

    parser.php in phpCMS 1.2.1 and earlier, with non-stealth and debug modes enabled, allows remote attackers to gain sensitive information via an invalid file parameter, which reveals the web server's installation path.... Read more

    Affected Products : phpcms
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1206

    Directory traversal vulnerability in codebrowserpntm.php in pnTresMailer 6.0.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the filetodownload parameter.... Read more

    Affected Products : pntresmailer
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2004-1213

    Cross-site scripting (XSS) vulnerability in index.php in Advanced Guestbook 2.3.1, 2.2, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the entry parameter.... Read more

    Affected Products : advanced_guestbook
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1231

    Directory traversal vulnerability in Gadu-Gadu allows remote attackers to read arbitrary files via .. (dot dot) sequences in a DCC connection with a CTCP packet that contains a 1 as the type and a 4 as the subtype.... Read more

    Affected Products : gadu-gadu_instant_messenger
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2004-1224

    Off-by-one error in the mtr_curses_keyaction function for mtr 0.55 through 0.65 allows local users to hijack raw sockets, as demonstrated using the "s" keybinding, which leaves a buffer without a NULL terminator.... Read more

    Affected Products : mtr
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 294157 Results