Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2004-2290

    Microsoft Windows XP Explorer allows attackers to execute arbitrary code via a HTML and script in a self-executing folder that references an executable file within the folder, which is automatically executed when a user accesses the folder.... Read more

    Affected Products : windows_xp
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1501

    The webmail service in 602 Lan Suite 2004.0.04.0909 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) by sending a POST request with a large Content-Length value, then disconnecting without sending that amount o... Read more

    Affected Products : 602lan_suite
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-2294

    Canonicalize-before-filter error in the send_review function in the Reviews module for PHP-Nuke 6.0 to 7.3 allows remote attackers to inject arbitrary web script or HTML via hex-encoded XSS sequences in the text parameter, which is checked for dangerous s... Read more

    Affected Products : php-nuke
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-2263

    SQL injection vulnerability in the valid function in fr_left.php in PlaySMS 0.7 and earlier allows remote attackers to modify SQL statements via the vc2 cookie.... Read more

    Affected Products : playsms
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2356

    Early termination vulnerability in Fizmez Web Server 1.0 allows remote attackers to cause a denial of service (crash) by connecting to the server and then disconnecting without sending any data, which triggers a null pointer dereference.... Read more

    Affected Products : fizmez_web_server
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1504

    The displaycontent function in config.php for Just Another Flat file (JAF) CMS 3.0RC allows remote attackers to gain sensitive information via a blank show parameter, which reveals the installation path in an error message, as demonstrated using index.php... Read more

    Affected Products : jaf_cms
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1433

    Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, including 4.6(0) and 4.6(1), 4.5(x), 4.1(0) to 4.1(3), 4.0(0) to 4.0(2), and earlier versions, and ONS 15600 1.x(x), allows remote attackers to cause a denial of service (control card res... Read more

    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-1902

    The Citrix MetaFrame Password Manager 2.0, when a central credential store is not configured, does not encrypt passwords entered immediately after executing the First Time User Wizards, which allows local users to gain sensitive information.... Read more

    Affected Products : metaframe_password_manager
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2021

    Directory traversal vulnerability in file_manager.php in osCommerce 2.2 allows remote attackers to view arbitrary files via a .. (dot dot) in the filename argument.... Read more

    Affected Products : oscommerce
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2004-2109

    Multiple cross-site scripting (XSS) vulnerabilities in (1) imagezoom.asp or (2) recommend.asp in Q-Shop allow remote attackers to execute arbitrary script and steal the user session ID via Javascript in a URL.... Read more

    Affected Products : q-shop
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2045

    The HTTP administration interface on Conceptronic CADSLR1 ADSL router running firmware 3.04n allows remote attackers to cause a denial of service (device reboot) via an HTTP request with a long username.... Read more

    Affected Products : cadslr1_adsl_router
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-2240

    Multiple SQL injection vulnerabilities in Phorum 5.0.11 and earlier allow remote attackers to modify SQL statements via (1) the query string in read.php or (2) unknown vectors in file.php.... Read more

    Affected Products : phorum
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2004-2369

    Directory traversal vulnerability in webadmin.nsf for Lotus Domino R6 6.5.1 allows attackers to create and detect directories via a .. (dot dot) in the directory creation command.... Read more

    Affected Products : lotus_domino
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-2015

    Cross-site scripting (XSS) vulnerability in WebCT Campus Edition allows remote attackers to inject arbitrary HTML or web script via (1) iframe, (2) img, or (3) object tags.... Read more

    Affected Products : webct
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2224

    Appfoundry Message Foundry 2.75 .0003 allows remote attackers to cause a denial of service (crash) via an HTTP GET request that contains MS-DOS device names such as com1.... Read more

    Affected Products : message_foundry
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-2235

    Unknown vulnerability in Moodle before 1.2 has unknown impact and attack vectors, related to improper filtering of text.... Read more

    Affected Products : moodle
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2366

    Buffer overflow in GlobalSCAPE Secure FTP Server 2.0 B03.11.2004.2 allows remote attackers to cause a denial of service (crash) via a SITE command with a long argument.... Read more

    Affected Products : secure_ftp_server
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-2104

    Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to obtain sensitive server information, including the internal IP address, via a direct request to (1) snoop.jsp, (2) SnoopServlet, (3) env.bas, or (4) lcgitest.nlm.... Read more

    Affected Products : netware
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1519

    SQL injection vulnerability in bug.php in phpBugTracker 0.9.1 allows remote attackers to execute arbitrary SQL commands via (1) the bug_id parameter in a viewvotes operation or (2) the project parameter in an add operation.... Read more

    Affected Products : phpbugtracker
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1435

    Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, including 4.6(0) and 4.6(1), 4.5(x), 4.1(0) to 4.1(3), 4.0(0) to 4.0(2), and earlier versions, allows remote attackers to cause a denial of service (control card reset) via a large number... Read more

    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025
Showing 20 of 294848 Results