Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.6

    LOW
    CVE-2005-0288

    The change password functionality in Bottomline Webseries Payment Application does not require the old password when users enter a new password, which could allow remote authenticated users to change other users' passwords.... Read more

    Affected Products : webseries_payment_application
    • Published: Jan. 11, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-0097

    The NTLM component in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via a malformed NTLM type 3 message that triggers a NULL dereference.... Read more

    Affected Products : squid
    • Published: Jan. 11, 2005
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2005-0117

    Buffer overflow in XShisen before 1.36 allows local users to execute arbitrary code via a long GECOS field.... Read more

    Affected Products : xshisen
    • Published: Jan. 11, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1039

    The NFS mountd service on SCO UnixWare 7.1.1, 7.1.3, 7.1.4, and 7.0.1, and possibly other versions, when run from inetd, allows remote attackers to cause a denial of service (memory exhaustion) via a series of requests, which causes inetd to launch a sepa... Read more

    Affected Products : unixware openserver
    • Published: Jan. 11, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-0108

    Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.... Read more

    Affected Products : mod_auth_radius
    • Published: Jan. 11, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-1272

    Buffer overflow in the save_embedded_address function in filter.c for elm/bolthole filter 2.6.1 allows remote attackers to execute arbitrary code via a crafted email message.... Read more

    Affected Products : filter
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1229

    Cross-site scripting vulnerability in the parser for Gadu-Gadu allows remote attackers to inject arbitrary web script or HTML via (1) http:// or (2) news:// URLs, a different vulnerability than CVE-2004-1410.... Read more

    Affected Products : gadu-gadu_instant_messenger
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1291

    Buffer overflow in qwik-smtpd allows remote attackers to use the server as an SMTP spam relay via a long HELO command, which overwrites the adjacent localIP data buffer.... Read more

    Affected Products : qwik_smtpd
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-1279

    Buffer overflow in the get_file_list_stdin function in jpegtoavi 1.5 allows remote attackers to execute arbitrary code via a crafted set of JPEG files and filenames.... Read more

    Affected Products : jpegtoavi
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2004-1313

    The Smc.exe process in My Firewall Plus 5.0 build 1117, and possibly other versions, does not drop privileges before invoking help, which allows local users to gain privileges.... Read more

    Affected Products : my_firewall_plus
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1218

    Remote Execute 2.30 allows remote attackers to cause a denial of service (application crash) by making 7 simultaneous connections.... Read more

    Affected Products : remote_execute
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-1266

    Buffer overflow in the get_field_headers function in csv2xml.cpp for csv2xml 0.5.1 allows remote attackers to execute arbitrary code via a crafted CSV file.... Read more

    Affected Products : csv2xml
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-1301

    Buffer overflow in the book_format_sql function in format.c for xlreader 0.9.0 allows remote attackers to execute arbitrary code via a crafted Excel (XLS) file.... Read more

    Affected Products : xlreader
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2004-1028

    Untrusted execution path vulnerability in chcod on AIX IBM 5.1.0, 5.2.0, and 5.3.0 allows local users to execute arbitrary programs by modifying the PATH environment variable to point to a malicious "grep" program, which is executed from chcod.... Read more

    Affected Products : aix
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-1168

    Stack-based buffer overflow in the WebDav handler in MaxDB WebTools 7.5.00.18 and earlier allows remote attackers to execute arbitrary code via a long Overwrite header.... Read more

    Affected Products : maxdb
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2004-1133

    Multiple cross-site scripting (XSS) vulnerabilities in Microsoft W3Who ISAPI (w3who.dll) allow remote attackers to inject arbitrary HTML and web script via (1) HTTP headers such as "Connection" or (2) invalid parameters whose values are echoed in the resu... Read more

    Affected Products : w3who.dll
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1205

    codebrowserpntm.php in PnTresMailer 6.03 allows remote attackers to gain sensitive information via an invalid filetohighlight parameter, which reveals the full path in an error message.... Read more

    Affected Products : pntresmailer
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0914

    Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory... Read more

    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-1119

    Stack-based buffer overflow in IN_CDDA.dll in Winamp 5.05, and possibly other versions including 5.06, allows remote attackers to execute arbitrary code via a certain .m3u playlist file.... Read more

    Affected Products : winamp
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2004-1202

    Cross-site scripting (XSS) vulnerability in parser.php in phpCMS 1.2.1 and earlier, with non-stealth and debug modes enabled, allows remote attackers to inject arbitrary web script or HTML via the file parameter.... Read more

    Affected Products : phpcms
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 294537 Results