Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2004-2709

    Buffer overflow in the strip_html_tags method for Gyach Enhanced (Gyach-E) before 1.0.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via unknown vectors involving HTML tags.... Read more

    Affected Products : gyach_enhanced
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1543

    Directory traversal vulnerability in viewimg.php in KorWeblog 1.6.2-cvs and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the path parameter.... Read more

    Affected Products : korweblog
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2385

    EMU Webmail 5.2.7 allows remote attackers to obtain sensitive path information (home directory) via an HTTP request for init.emu.... Read more

    Affected Products : emu_webmail
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-2718

    PHPMyChat 0.14.5 does not remove or protect setup.php3 after installation, which allows attackers to obtain sensitive information including database passwords via a direct request.... Read more

    Affected Products : phpmychat
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.4

    MEDIUM
    CVE-2004-2729

    Inetd32 Administration Tool of Hummingbird Connectivity 7.1 and 9.0 allows local users to execute arbitrary code by changing the program for handling incoming connections.... Read more

    Affected Products : connectivity
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2004-2678

    Unspecified vulnerability in HP Tru64 UNIX 5.1B PK2(BL22) and PK3(BL24), and 5.1A PK6(BL24), when using IPsec/IKE (Internet Key Exchange) with Certificates, allows remote attackers to gain privileges via unknown attack vectors.... Read more

    Affected Products : tru64
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1548

    Directory traversal vulnerability in the file server in ActivePost Standard 3.1 allows remote authenticated users to upload arbitrary files via a .. (dot dot) in the filename.... Read more

    Affected Products : activepost_standard
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-2715

    edituser.php3 in PHPMyChat 0.14.5 allow remote attackers to bypass authentication and gain administrative privileges by setting the do_not_login parameter to false.... Read more

    Affected Products : phpmychat
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-2668

    SQL injection vulnerability in Interchange before 4.8.9 allows remote attackers to execute arbitrary SQL commands via unknown vectors.... Read more

    Affected Products : interchange
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2371

    Multiple Red Storm web-based games, including Ghost Recon 1.4 and earlier, Desert Siege, and The Sum of all Fears 1.1.1.0 and earlier, do not properly check return values from certain functions, which allows remote attackers to cause a denial of service (... Read more

    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2535

    The person-to-person secure messaging feature in Sticker before 3.1.0 beta 2 allows remote attackers to post messages to unauthorized private groups by using the group's public encryption key.... Read more

    Affected Products : sticker
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-1544

    Cross-site scripting (XSS) vulnerability in Search.jsp in JSPWiki 2.1.120-cvs and earlier allows remote attackers to execute arbitrary web script as other users via the query parameter.... Read more

    Affected Products : jspwiki
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2004-2667

    Cross-site scripting (XSS) vulnerability in Lotus Domino 6.0.x before 6.0.4 and 6.5.x before 6.5.2 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.... Read more

    Affected Products : lotus_domino
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-2497

    Cross-site scripting (XSS) vulnerability in the error handler in Hitachi Web Page Generator and Web Page Generator Enterprise 4.01 and earlier, when using the default error template and debug mode is set to ON, allows remote attackers to inject arbitrary ... Read more

    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-2528

    Cross-site scripting (XSS) vulnerability in sresult.exe in Webcam Watchdog 4.0.1a allows remote attackers to inject arbitrary web script or HTML via the cam parameter.... Read more

    Affected Products : webcam_watchdog
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.8

    HIGH
    CVE-2004-2495

    The (1) Webmail, (2) admin, and (3) SMTP services in Ability Mail Server 1.18 allow remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous connections to the service.... Read more

    Affected Products : ability_mail_server
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2422

    Multiple features in Ipswitch IMail Server before 8.13 allow remote attackers to cause a denial of service (crash) via (1) a long sender field to the Queue Manager or (2) a long To field to the Web Messaging component.... Read more

    Affected Products : imail
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2004-1569

    Buffer overflow in (1) MusicConverter.exe, (2) playlist.exe, and (3) amp.exe in dBpowerAMP Audio Player 2.0 and dbPowerAmp Music Converter 10.0 allows remote attackers to cause a denial of service or execute arbitrary code via a .pls or .m3u playlist that... Read more

    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 6.0

    MEDIUM
    CVE-2004-2714

    Unspecified vulnerability in Window Maker 0.80.2 and earlier allows attackers to perform unknown actions via format string specifiers in a font specification in WMGLOBAL, probably a format string vulnerability.... Read more

    Affected Products : windowmaker
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2498

    Unspecified vulnerability in the error handler in Hitachi Web Page Generator and Web Page Generator Enterprise 4.01 and earlier, when using the default error template and debug mode is set to ON, allows remote attackers to determine internal directory str... Read more

    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025
Showing 20 of 293681 Results