Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.0

    MEDIUM
    CVE-2004-0298

    CesarFTP 0.99e allows remote attackers to cause a denial of service (CPU consumption) via a long RETR parameter.... Read more

    Affected Products : cesarftp
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0361

    The Javascript engine in Safari 1.2 and earlier allows remote attackers to cause a denial of service (segmentation fault) by creating a new Array object with a large size value, then writing into that array.... Read more

    Affected Products : safari
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0332

    Extremail 1.5.9 does not check passwords correctly when they are all digits or begin with a digit, which allows remote attackers to gain privileges.... Read more

    Affected Products : extremail
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0262

    Stack-based buffer overflow in The Palace 3.5 and earlier client allows remote attackers to execute arbitrary code via a link to a palace:// url followed by a long server address string.... Read more

    Affected Products : the_palace_client
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0284

    Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow remote attackers to cause a denial of service (CPU consumption), if "Do not save encrypted pages to disk" is disabled, via a web site or HTML e-mail that contains two null characters (%... Read more

    Affected Products : internet_explorer outlook ie
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-0267

    The (1) inoregupdate, (2) uniftest, or (3) unimove scripts in eTrust InoculateIT for Linux 6.0 allow local users to overwrite arbitrary files via a symlink attack on files in /tmp.... Read more

    Affected Products : inoculateit
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0599

    Multiple integer overflows in the (1) png_read_png in pngread.c or (2) png_handle_sPLT functions in pngrutil.c or (3) progressive display image reading capability in libpng 1.2.5 and earlier allow remote attackers to cause a denial of service (application... Read more

    Affected Products : libpng
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0329

    FreeChat 1.1.1a allows remote attackers to cause a denial of service (crash) via certain unexpected strings, as demonstrated using "aaaaa".... Read more

    Affected Products : freechat
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 5.5

    MEDIUM
    CVE-2004-0342

    WFTPD Pro Server 3.21 Release 1, with the XeroxDocutech option enabled, allows local users to cause a denial of service (crash) via a (1) MKD or (2) XMKD command that causes an absolute path of 260 characters to be used, which overwrites a cookie with a n... Read more

    Affected Products : wftpd_pro_server
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2004-0344

    Directory traversal vulnerability in ModifyMessage.php in YaBB SE 1.5.4 through 1.5.5b allows remote attackers to delete arbitrary files via a .. (dot dot) in the attachOld parameter.... Read more

    Affected Products : yabb
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2004-0339

    Cross-site scripting (XSS) vulnerability in ViewTopic.php in phpBB, possibly 2.0.6c and earlier, allows remote attackers to execute arbitrary script or HTML as other users via the postorder parameter.... Read more

    Affected Products : phpbb
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0335

    LAN SUITE Web Mail 602Pro, when configured to use the "Directory browsing" feature, allows remote attackers to obtain a directory listing via an HTTP request to (1) index.html, (2) cgi-bin/, or (3) users/.... Read more

    Affected Products : 602pro_lan_suite
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2004-0359

    Cross-site scripting (XSS) vulnerability in index.php for Invision Power Board 1.3 final allows remote attackers to execute arbitrary script as other users via the (1) c, (2) f, (3) showtopic, (4) showuser, or (5) username parameters.... Read more

    Affected Products : invision_board
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0343

    Multiple SQL injection vulnerabilities in YaBB SE 1.5.4 through 1.5.5b allow remote attackers to execute arbitrary SQL via (1) the msg parameter in ModifyMessage.php or (2) the postid parameter in ModifyMessage.php.... Read more

    Affected Products : yabb
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0355

    Invision Power Board 1.3 Final allows remote attackers to gain sensitive information by selecting a file for "Personal Photo" that is not an image file, which displays the installation path in an error message.... Read more

    Affected Products : invision_board
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0330

    Buffer overflow in Serv-U ftp before 5.0.0.4 allows remote authenticated users to execute arbitrary code via a long time zone argument to the MDTM command.... Read more

    Affected Products : serv-u_file_server
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0356

    Stack-based buffer overflow in Supervisor Report Center in SL Mail Pro 2.0.9 and earlier allows remote attackers to execute arbitrary code via an HTTP request with a long HTTP sub-version.... Read more

    Affected Products : slmail_pro
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0316

    Buffer overflow in Avirt Soho 4.3 allows remote attackers to cause a denial of service (crash) via (1) a large GET request to port 1080 or (2) a large GET request of % characters to port 8080.... Read more

    Affected Products : avirt_soho
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-0350

    SpiderSales shopping cart does not enforce a minimum length for the private key, which can make it easier for local users to obtain the private key by factoring.... Read more

    Affected Products : spidersales
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0338

    SQL injection vulnerability in search.php for Invision Board Forum allows remote attackers to execute arbitrary SQL queries via the st parameter.... Read more

    Affected Products : invision_board
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025
Showing 20 of 293588 Results