Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.0

    MEDIUM
    CVE-2004-2452

    Unknown vulnerability in Hitachi Cosminexus Portal Framework 01-00, 01-01, 01-02, 02-01, 02-02, 02-03, and other versions allows remote attackers to obtain sensitive information in the <ut:cache> tag library.... Read more

    Affected Products : cosminexus_portal_framework
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-2413

    SQL injection vulnerability in VP-ASP Shopping Cart 4.0 through 5.0 allows remote attackers to execute arbitrary SQL commands via the (1) Processed0 and (2) Processed1 parameters in a POST request to shopproductselect.asp.... Read more

    Affected Products : vp-asp
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2521

    Mail server in Gattaca Server 2003 1.1.10.0 allows remote attackers to perform a denial of service (application crash) via a large number of connections to TCP port (1) 25 (SMTP) or (2) 110 (POP).... Read more

    Affected Products : gattaca_server_2003
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 3.5

    LOW
    CVE-2004-2728

    Buffer overflow in the FTP server of Hummingbird Connectivity 7.1 and 9.0 allows remote, authenticated users to cause a denial of service (application crash) via a long argument to the XCWD command.... Read more

    Affected Products : connectivity
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2524

    clogin.php in Benchmark Designs' WHM AutoPilot 2.4.5 and earlier allows remote attackers to obtain plaintext username and password credentials by using the clogin_e and base64_encode functions to encode the desired user ID in the c parameter, then read th... Read more

    Affected Products : whm_autopilot
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-2632

    phpMyAdmin 2.5.1 up to 2.5.7 allows remote attackers to modify configuration settings and gain unauthorized access to MySQL servers via modified $cfg['Servers'] variables.... Read more

    Affected Products : phpmyadmin
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-2502

    im-switch before 11.4-46.1 in Fedora Core 2 allows local users to overwrite arbitrary files via a symlink attack on the imswitcher[PID] temporary file.... Read more

    Affected Products : im-switch
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2628

    Multiple directory traversal vulnerabilities in thttpd 2.07 beta 0.4, when running on Windows, allow remote attackers to read arbitrary files via a URL that contains (1) a hex-encoded backslash dot-dot sequence ("%5C..") or (2) a drive letter (such as "C:... Read more

    Affected Products : thttpd
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 6.0

    MEDIUM
    CVE-2004-2553

    The Ignition Project ignitionServer 0.1.2 through 0.1.2-R2 allows remote authenticated users with local IRC operator privileges to obtain global IRC operator privileges by using the unofficial umode command with the +ORD argument.... Read more

    Affected Products : ignitionserver
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-2500

    Unknown vulnerability in IlohaMail before 0.8.14-rc1 has unknown impact and attack vectors.... Read more

    Affected Products : ilohamail
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-2653

    Unspecified vulnerability in PD9 Software MegaBBS 2.0 and 2.1 allows attackers to gain privileges via unknown vectors involving (1) admin/userlevelmembers-edit.asp and (2) admin/edit-groups.asp.... Read more

    Affected Products : megabbs
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2004-2584

    frmAddfolder.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote authenticated users to create a folder that SmarterMail cannot delete or rename via a folder name with a null byte ("%00"). NOTE: it is not clear whether this issue poses a ... Read more

    Affected Products : smartermail
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-2157

    Cross-site scripting (XSS) vulnerability in Comment.php in Serendipity 0.7 beta1, and possibly other versions before 0.7-beta3, allows remote attackers to inject arbitrary HTML and PHP code via the (1) email or (2) username field.... Read more

    Affected Products : serendipity
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.4

    MEDIUM
    CVE-2004-2527

    The local and remote desktop login screens in Microsoft Windows XP before SP2 and 2003 allow remote attackers to cause a denial of service (CPU and memory consumption) by repeatedly using the WinKey+"U" key combination, which causes multiple copies of Win... Read more

    Affected Products : windows_2003_server windows_xp
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1534

    ZoneAlarm and ZoneAlarm Pro before 5.5.062, with ad-blocking enabled, allows remote web sites to cause a denial of service (application instability or system hang) via certain JavaScript.... Read more

    Affected Products : zonealarm
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2140

    CRLF injection vulnerability in YaBB 1 Gold before 1.3.2 allows remote attackers to modify text file contents via the subject variable.... Read more

    Affected Products : yabb
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-2555

    Riverdeep FoolProof Security 3.9.x on Windows 98 and Windows ME uses weak cryptography (arithmetic and XOR operations) to relate the Control password to the Administrator password, which allows local users to calculate the Administrator password if they k... Read more

    Affected Products : foolproof_security
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2597

    Quake II server before R1Q2, as used in multiple products, allows remote attackers to bypass IP-based access control rules via a userinfo string that already contains an "ip" key/value pair but is also long enough to cause a new key/value pair to be trunc... Read more

    Affected Products : quake_ii_server
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2004-2462

    cplay 1.49 on Linux allows local users to overwrite arbitrary files via a symlink attack on the cplay_control temporary file.... Read more

    Affected Products : cplay
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2377

    Alcatel OmniSwitch 7000 and 7800 allows remote attackers to cause a denial of service (reboot) via certain network scans, as demonstrated using a Nessus port scan of ports 1 through 1024 with safe-checks disabled.... Read more

    Affected Products : omniswitch omniswitch_7800
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025
Showing 20 of 293557 Results