Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.4

    MEDIUM
    CVE-2004-2298

    Novell Internet Messaging System (NIMS) 2.6 and 3.0, and NetMail 3.1 and 3.5, is installed with a default NMAP authentication credential, which allows remote attackers to read and write mail store data if the administrator does not change the credential b... Read more

    Affected Products : netmail internet_messaging_system
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2313

    Inter7 SqWebMail 3.4.1 through 3.6.1 generates different error messages for incorrect passwords versus correct passwords on non-mail-enabled accounts (such as root), which allows remote attackers to guess the root password via brute force attacks.... Read more

    Affected Products : sqwebmail
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1585

    Flash Messaging 5.2.0g (rev 1.1.2) and earlier allows remote attackers to cause a denial of service (application crash) via certain wide characters.... Read more

    Affected Products : flash_messaging
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2268

    PimenGest2 before 1.1.1 allows remote attackers to obtain the database password via debug information in rowLatex.inc.php.... Read more

    Affected Products : pimengest2
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2323

    DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d allows remote attackers to obtain sensitive information, including the SQL server username and password, via a GET request for source or configuration files such as Web.config.... Read more

    Affected Products : dotnetnuke
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2348

    Sybari AntiGen for Domino 7.0 Build 722 SR2 allows remote attackers to cause a denial of service (hang) via an encrypted ZIP file with the "include full path info" option set, as used by certain variants of the Beagle/Bagle worm.... Read more

    Affected Products : antigen
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1577

    index.php in PHP Links allows remote attackers to gain sensitive information via an invalid show parameter, which reveals the full path in an error message.... Read more

    Affected Products : phplinks
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2296

    The preview_review function in the Reviews module in PHP-Nuke 6.0 to 7.3, when running on Windows systems, allows remote attackers to obtain sensitive information via an invalid date parameter, which generates an error message.... Read more

    Affected Products : php-nuke
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-2338

    OpenBSD 3.3 and 3.4 does not properly parse Accept and Deny rules without netmasks on big-endian 64-bit platforms such as SPARC64, which may allow remote attackers to bypass access restrictions.... Read more

    Affected Products : openbsd
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-2350

    SQL injection vulnerability in search.php for phpBB 1.0 through 2.0.6 allows remote attackers to execute arbitrary SQL and gain privileges via the search_results parameter.... Read more

    Affected Products : phpbb
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1581

    BlackBoard 1.5.1 allows remote attackers to gain sensitive information via a direct request to (1) checkdb.inc.php, (2) admin.inc.php or (3) cp.inc.php, which reveals the path in a PHP error message.... Read more

    Affected Products : blackboard
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1545

    UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.... Read more

    Affected Products : moniwiki
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-1566

    Cross-site scripting (XSS) vulnerability in index.php in Silent Storm Portal 2.1 and 2.2 allows remote attackers to execute arbitrary web script or HTML via the module parameter.... Read more

    Affected Products : silent-storm_portal
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2316

    Mbedthis AppWeb HTTP server before 1.0.2 allows remote attackers to cause a denial of service (crash) via a GET request containing an MS-DOS device name such as COM1.... Read more

    Affected Products : mbedthis_appweb_http_server
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2004-2335

    The Macromedia installers and e-licensing client on Mac OS X, as used for Macromedia Contribute 2, Director, Dreamweaver, Fireworks, Flash, and Studio, install the AuthenticationService setuid and writable by other users, which allows local users to gain ... Read more

    Affected Products : contribute studio
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1515

    SQL injection vulnerability in (1) ttlast.php and (2) last10.php in vBulletin 3.0.x allows remote attackers to execute arbitrary SQL statements via the fsel parameter, as demonstrated using last.php.... Read more

    Affected Products : vbulletin
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2004-2329

    Kerio Personal Firewall (KPF) 2.1.5 allows local users to execute arbitrary code with SYSTEM privileges via the Load button in the Firewall Configuration Files option, which does not drop privileges before opening the file loading dialog box.... Read more

    Affected Products : personal_firewall
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2342

    ChatterBox 2.0 allows remote attackers to cause a denial of service (server crash) via a malformed request to the server, as demonstrated using "aaaaaa".... Read more

    Affected Products : chatterbox
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-2355

    Cross-site scripting (XSS) vulnerability in Crafty Syntax Live Help (CSLH) before 2.7.4 allows remote attackers to inject arbitrary web script or HTML via the name field of a livehelp or chat session.... Read more

    Affected Products : crafty_syntax_live_help
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-2310

    Cross-site scripting (XSS) vulnerability in webadmin.nsf in Lotus Domino R6 6.5.1 allows remote attackers to inject arbitrary web script or HTML via a Domino command in the Quick Console.... Read more

    Affected Products : lotus_domino
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025
Showing 20 of 293620 Results