Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.0

    MEDIUM
    CVE-2004-0336

    LAN SUITE Web Mail 602Pro allows remote attackers to gain sensitive information via the mail login form, which contains the path to the mail directory.... Read more

    Affected Products : 602pro_lan_suite
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 9.3

    HIGH
    CVE-2004-0273

    Directory traversal vulnerability in RealOne Player, RealOne Player 2.0, and RealOne Enterprise Desktop allows remote attackers to upload arbitrary files via an RMP file that contains .. (dot dot) sequences in a .rjs skin file.... Read more

    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0300

    SQL injection vulnerability in Online Store Kit 3.0 allows remote attackers to inject arbitrary SQL and gain unauthorized access via (1) the cat parameter in shop.php, (2) the id parameter in more.php, (3) the cat_manufacturer parameter in shop_by_brand.p... Read more

    Affected Products : store_kit
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0293

    Directory traversal vulnerability in ShopCartCGI 2.3 allows remote attackers to retrieve arbitrary files via a .. (dot dot) in a HTTP request to (1) gotopage.cgi or (2) genindexpage.cgi.... Read more

    Affected Products : shopcartcgi
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0321

    Team Factor 1.25 and earlier allows remote attackers to cause a denial of service (crash) via a packet that uses a negative number to specify the size of the data block that follows, which causes Team Factor to read unallocated memory.... Read more

    Affected Products : team_factor
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0313

    Buffer overflow in PSOProxy 0.91 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long HTTP request, as demonstrated using a long (1) GET argument or (2) method name.... Read more

    Affected Products : psoproxy_server
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0276

    The get_real_string function in Monkey HTTP Daemon (monkeyd) 0.8.1 and earlier allows remote attackers to cause a denial of service (crash) via an HTTP request with a sequence of "%" characters and a missing Host field.... Read more

    Affected Products : monkey
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0291

    SQL injection vulnerability in post.php for YaBB SE 1.5.4 and 1.5.5 allows remote attackers to obtain hashed passwords via the quote parameter.... Read more

    Affected Products : yabb
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0304

    SQL injection vulnerability in browse_items.asp in WebCortex WebStores 2000 6.0 allows remote attackers to gain unauthorized access and execute arbitrary commands via the Search_Text parameter.... Read more

    Affected Products : webstores_2000
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-0256

    GNU libtool before 1.5.2, during compile time, allows local users to overwrite arbitrary files via a symlink attack on libtool directories in /tmp.... Read more

    Affected Products : libtool
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2004-0312

    Linksys WAP55AG 1.07 allows remote attackers with access to an SNMP read only community string to gain access to read/write communtiy strings via a query for OID 1.3.6.1.4.1.3955.2.1.13.1.2.... Read more

    Affected Products : wap55ag
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0280

    Caucho Technology Resin 2.1.12 allows remote attackers to view JSP source via an HTTP request to a .jsp file that ends in a "%20" (encoded space character), e.g. index.jsp%20.... Read more

    Affected Products : resin
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0297

    Buffer overflow in the Lightweight Directory Access Protocol (LDAP) daemon (iLDAP.exe 3.9.15.10) in Ipswitch IMail Server 8.03 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via an LDAP message with a large tag len... Read more

    Affected Products : imail
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-0203

    Cross-site scripting (XSS) vulnerability in Outlook Web Access for Exchange Server 5.5 Service Pack 4 allows remote attackers to insert arbitrary script and spoof content in HTML email or web caches via an HTML redirect query.... Read more

    Affected Products : exchange_server
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-0415

    Linux kernel does not properly convert 64-bit file offset pointers to 32 bits, which allows local users to access portions of kernel memory.... Read more

    Affected Products : linux_kernel fedora_core secure_linux
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0333

    Buffer overflow in the UUDeview package, as used in WinZip 6.2 through WinZip 8.1 SR-1, and possibly other packages, allows remote attackers to execute arbitrary code via a MIME archive with certain long MIME parameters.... Read more

    Affected Products : winzip linux uudeview openpkg
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2004-0340

    Stack-based buffer overflow in WFTPD Pro Server 3.21 Release 1, Pro Server 3.20 Release 2, Server 3.21 Release 1, and Server 3.10 allows local users to execute arbitrary code via long (1) LIST, (2) NLST, or (3) STAT commands.... Read more

    Affected Products : wftpd
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0311

    American Power Conversion (APC) Web/SNMP Management SmartSlot Card 3.0 through 3.0.3 and 3.21 are shipped with a default password of TENmanUFactOryPOWER, which allows remote attackers to gain unauthorized access.... Read more

    Affected Products : ap9606
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0348

    SQL injection vulnerability in viewCart.asp in SpiderSales shopping cart software allows remote attackers to execute arbitrary SQL via the userId parameter.... Read more

    Affected Products : spidersales
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0112

    The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a craft... Read more

    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025
Showing 20 of 293428 Results