Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.0

    MEDIUM
    CVE-2004-1473

    Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running firmware before 1.63 and Gateway Security 320, 360, and 360R running firmware before 622 allow remote attackers to bypass filtering and determine whether the device is running services... Read more

    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-1882

    Cross-site scripting (XSS) vulnerability in popuplargeimage.asp in CactuShop 5.x allows remote attackers to inject arbitrary web script or HTML via the strImageTag parameter.... Read more

    Affected Products : cactushop
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2004-1883

    Multiple buffer overflows in Ipswitch WS_FTP Server 4.0.2 (1) allow remote authenticated users to execute arbitrary code by causing a large error string to be generated by the ALLO handler, or (2) may allow remote FTP administrators to execute arbitrary c... Read more

    Affected Products : ws_ftp_server
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1937

    Multiple directory traversal vulnerabilities in Nuked-KlaN 1.4b and 1.5b allow remote attackers to read or include arbitrary files via .. sequences in (1) the user_langue parameter to index.php or (2) the langue parameter to update.php, or modify arbitrar... Read more

    Affected Products : nuked-klan
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-2107

    Finjan SurfinGate 6.0 and 7.0, when running in proxy mode, does not authenticate FHTTP commands on TCP port 3141, which allows remote attackers to use the finjan-parameter-type header to (1) restart the service, (2) use the getlastmsg command to view log ... Read more

    Affected Products : surfingate
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 3.5

    LOW
    CVE-2004-2728

    Buffer overflow in the FTP server of Hummingbird Connectivity 7.1 and 9.0 allows remote, authenticated users to cause a denial of service (application crash) via a long argument to the XCWD command.... Read more

    Affected Products : connectivity
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-2221

    Buffer overflow in SoftCart.exe in Mercantec SoftCart 4.00b allows remote attackers to execute arbitrary code via a long parameter in an HTTP GET request.... Read more

    Affected Products : softcart
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2081

    The samiftp.dll library in Sami FTP Server 1.1.3 allows local users to cause a denial of service (pmsystem.exe crash) by issuing (1) a CD command with a tilde (~) character or dot dot (/../) or (2) a GET command for an unavailable file.... Read more

    Affected Products : sami_ftp_server
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2140

    CRLF injection vulnerability in YaBB 1 Gold before 1.3.2 allows remote attackers to modify text file contents via the subject variable.... Read more

    Affected Products : yabb
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2194

    MailEnable Professional Edition before 1.53 and Enterprise Edition before 1.02 allows remote attackers to cause a denial of service (crash) via malformed (1) SMTP or (2) IMAP commands.... Read more

    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-2177

    Cross-site scripting (XSS) vulnerability in DevoyBB Web Forum 1.0.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.... Read more

    Affected Products : devoybb_web_forum
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-2157

    Cross-site scripting (XSS) vulnerability in Comment.php in Serendipity 0.7 beta1, and possibly other versions before 0.7-beta3, allows remote attackers to inject arbitrary HTML and PHP code via the (1) email or (2) username field.... Read more

    Affected Products : serendipity
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2004-2185

    Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.5 allow remote attackers to execute arbitrary scripts and/or SQL queries via (1) the UnicodeConverter extension, (2) raw page views, (3) SpecialIpblocklist, (4) SpecialEmailuser, (5) Spe... Read more

    Affected Products : mediawiki
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-2632

    phpMyAdmin 2.5.1 up to 2.5.7 allows remote attackers to modify configuration settings and gain unauthorized access to MySQL servers via modified $cfg['Servers'] variables.... Read more

    Affected Products : phpmyadmin
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-1586

    Flash Messaging clients can ignore disconnecting commands such as "shutdown" from the Flash Messaging Server 5.2.0g (rev 1.1.2), which could allow remote attackers to stay connected.... Read more

    Affected Products : flash_messaging_server
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-1512

    Cross-site scripting (XSS) vulnerability in Response_default.html in 04WebServer 1.42 allows remote attackers to execute arbitrary web script or HTML via script code in the URL, which is not quoted in the resulting default error page.... Read more

    Affected Products : 04webserver
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-1420

    Multiple cross-site scripting (XSS) vulnerabilities in header.php in WHM AutoPilot 2.4.6.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) site_title or (2) http_images parameter.... Read more

    Affected Products : autopilot
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1584

    CRLF injection vulnerability in wp-login.php in WordPress 1.2 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the text parameter.... Read more

    Affected Products : wordpress
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1513

    04WebServer 1.42 does not adequately filter data that is written to log files, which could allow remote attackers to inject carriage return characters into the log file and spoof log entries.... Read more

    Affected Products : 04webserver
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2225

    Mozilla Firefox before 0.10.1 allows remote attackers to delete arbitrary files in the download directory via a crafted data: URI that is not properly handled when the user clicks the Save button.... Read more

    Affected Products : firefox
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025
Showing 20 of 293425 Results