Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2004-2063

    Cross-site scripting (XSS) vulnerability in antiboard.php in AntiBoard 0.7.2 and earlier allows remote attackers to inject arbitrary HTML or web script via the feedback parameter.... Read more

    Affected Products : antiboard
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2348

    Sybari AntiGen for Domino 7.0 Build 722 SR2 allows remote attackers to cause a denial of service (hang) via an encrypted ZIP file with the "include full path info" option set, as used by certain variants of the Beagle/Bagle worm.... Read more

    Affected Products : antigen
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2323

    DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d allows remote attackers to obtain sensitive information, including the SQL server username and password, via a GET request for source or configuration files such as Web.config.... Read more

    Affected Products : dotnetnuke
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2004-2125

    Buffer overflow in blackd.exe for BlackICE PC Protection 3.6 and other versions before 3.6.ccb, with application protection off, allows local users to gain system privileges by modifying the .INI file to contain a long packetLog.fileprefix value.... Read more

    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2342

    ChatterBox 2.0 allows remote attackers to cause a denial of service (server crash) via a malformed request to the server, as demonstrated using "aaaaaa".... Read more

    Affected Products : chatterbox
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2268

    PimenGest2 before 1.1.1 allows remote attackers to obtain the database password via debug information in rowLatex.inc.php.... Read more

    Affected Products : pimengest2
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2095

    Honeyd before 0.8 replies to TCP packets with the SYN and RST flags set, which allows remote attackers to identify IP addresses that are being simulated by Honeyd.... Read more

    Affected Products : honeyd
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-2186

    SQL injection vulnerability in MediaWiki 1.3.5 allows remote attackers to execute arbitrary SQL commands via SpecialMaintenance.... Read more

    Affected Products : mediawiki
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-2163

    login_radius on OpenBSD 3.2, 3.5, and possibly other versions does not verify the shared secret in a response packet from a RADIUS server, which allows remote attackers to bypass authentication by spoofing server replies.... Read more

    Affected Products : openbsd
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1891

    The ftp_syslog function in ftpd in SGI IRIX 6.5.20 "doesn't work with anonymous FTP," which has an unknown impact, possibly preventing the actions of anonymous users from being logged.... Read more

    Affected Products : irix
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-2212

    SQL injection vulnerability in forum.asp in AliveSites Forums 2.0 allows remote attackers to execute arbitrary SQL commands via the forum_id parameter.... Read more

    Affected Products : alivesites_forum
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2151

    Chatman 1.1.1 RC1 and earlier allows remote attackers to cause a denial of service (memory consumption or application crash) via a very large data size.... Read more

    Affected Products : chatman
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2313

    Inter7 SqWebMail 3.4.1 through 3.6.1 generates different error messages for incorrect passwords versus correct passwords on non-mail-enabled accounts (such as root), which allows remote attackers to guess the root password via brute force attacks.... Read more

    Affected Products : sqwebmail
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-2199

    Cross-site scripting (XSS) vulnerability in DUware DUclassified 4.0 allows remote attackers to inject arbitrary web script or HTML via the message text.... Read more

    Affected Products : duclassified
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2004-2270

    Unknown vulnerability in IBM Parallel Environment (PE) 3.2 and 4.1 allows attackers to execute arbitrary commands as root via unknown vectors in the sample code.... Read more

    Affected Products : parallel_environment
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2004-2298

    Novell Internet Messaging System (NIMS) 2.6 and 3.0, and NetMail 3.1 and 3.5, is installed with a default NMAP authentication credential, which allows remote attackers to read and write mail store data if the administrator does not change the credential b... Read more

    Affected Products : netmail internet_messaging_system
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2004-2184

    Directory traversal vulnerability in Digicraft Yak! server 2.0 through 2.1.2 allows remote attackers to read or write arbitrary files via "../" or "..\" sequences in commands such as (1) dir or (2) put.... Read more

    Affected Products : yak
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-2258

    Xconfig in Hummingbird Exceed before 9.0.0.1, when the Screen Definition is password-protected, allows local users to access certain options by switching to another tab, then switching back to the original tab.... Read more

    Affected Products : exceed
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2252

    The firewall in Astaro Security Linux before 4.024 sends responses to SYN-FIN packets, which makes it easier for remote attackers to obtain information about the system and construct specialized attacks.... Read more

    Affected Products : astaro_security_linux
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-2156

    Multiple unknown vulnerabilities in Online Recruitment Agency 1.0 have unknown impact and attack vectors.... Read more

    Affected Products : online_recruitment_agency
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025
Showing 20 of 293260 Results