Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.0

    MEDIUM
    CVE-2004-2112

    Directory traversal vulnerability in BremsServer 1.2.4 allows remote attackers to read arbitrary files via ".." (dot dot) sequences in the URL.... Read more

    Affected Products : bremsserver
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-1867

    Cross-site scripting (XSS) vulnerability in guest.cgi in Fresh Guest Book allows remote attackers to inject arbitrary web script or HTML via the Name field.... Read more

    Affected Products : fresh_guest_book
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2075

    Sophos Anti-Virus 3.78 allows remote attackers to cause a denial of service (infinite loop) via a MIME header that is not properly terminated.... Read more

    Affected Products : sophos_anti-virus
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2361

    Digital Reality game engine, as used in Haegemonia 1.0 through 1.0.7 and Desert Rats vs. Afrika Korps 1.0, allows remote attackers to cause a denial of service (crash) via a chat message with a large message size, which triggers an out-of-bounds read.... Read more

    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2371

    Multiple Red Storm web-based games, including Ghost Recon 1.4 and earlier, Desert Siege, and The Sum of all Fears 1.1.1.0 and earlier, do not properly check return values from certain functions, which allows remote attackers to cause a denial of service (... Read more

    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2004-2300

    Buffer overflow in snmpd in ucd-snmp 4.2.6 and earlier, when installed setuid root, allows local users to execute arbitrary code via a long -p command line argument. NOTE: it is not clear whether there are any standard configurations in which snmpd is in... Read more

    Affected Products : ucd-snmp
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-2241

    Cross-site scripting (XSS) vulnerability in Phorum 5.0.11 and earlier allows remote attackers to inject arbitrary HTML or web script via search.php. NOTE: some sources have reported that the affected file is read.php, but this is inconsistent with the ven... Read more

    Affected Products : phorum
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2378

    @Mail 3.64 for Windows allows remote attackers to cause a denial of service ("unusable" server) via a large number of POP3 connections to the server.... Read more

    Affected Products : at_mail_webmail_system
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2004-2219

    Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar to facilitate phishing attacks via Javascript that uses an invalid URI, modifies the Location field, then uses history.back to navigate to the previous domain, aka NullyFake.... Read more

    Affected Products : internet_explorer ie
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-2474

    SQL injection vulnerability in PHPNews 1.2.3 allows remote attackers to execute arbitrary SQL commands via the mid parameter to sendtofriend.php.... Read more

    Affected Products : phpnews
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1887

    Ada Image Server (ImgSvr) 0.4 allows remote attackers to view directories or download files via an HTTP request with a trailing %00 (null).... Read more

    Affected Products : imgsvr
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-2468

    Cross-site scripting (XSS) vulnerability in SillySearch 2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter.... Read more

    Affected Products : sillysearch
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-2740

    PHP remote file inclusion vulnerability in authform.inc.php in PHProjekt 4.2.3 and earlier allows remote attackers to include arbitrary PHP code via a URL in the path_pre parameter.... Read more

    Affected Products : phprojekt
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2004-2115

    Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.... Read more

    Affected Products : http_server
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2592

    Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (application crash) via a modified client that asks the server to send data stored at a negative array offset, which is not handled when proces... Read more

    Affected Products : quake_ii_server
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.8

    HIGH
    CVE-2004-2745

    Directory traversal vulnerability in Anteco Visual Technologies OwnServer 1.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in a URL.... Read more

    Affected Products : ownserver
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2004-2476

    Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service (infinite loop and crash) via an IFRAME with "?" as the file source.... Read more

    Affected Products : internet_explorer
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2045

    The HTTP administration interface on Conceptronic CADSLR1 ADSL router running firmware 3.04n allows remote attackers to cause a denial of service (device reboot) via an HTTP request with a long username.... Read more

    Affected Products : cadslr1_adsl_router
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-2114

    Stack-based and heap-based buffer overflows in ProxyNow! 2.75 and earlier allow remote attackers to execute arbitrary code via a GET request with a long ftp:// URL.... Read more

    Affected Products : proxynow
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-2475

    Cross-site scripting (XSS) vulnerability in Google Toolbar 2.0.114.1 allows remote attackers to inject arbitrary web script via about.html in the About section. NOTE: some followup posts suggest that the demonstration code's use of the res:// protocol do... Read more

    Affected Products : toolbar
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025
Showing 20 of 293626 Results