Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2004-0249

    PHPX 2.0 through 3.2.4 allows remote attackers to gain access to other accounts by modifying the cookie's PXL variable to reference another userID.... Read more

    Affected Products : phpx
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0274

    Share.mod in Eggheads Eggdrop IRC bot 1.6.10 through 1.6.15 can mistakenly assign STAT_OFFERED status to a bot that is not a sharebot, which allows remote attackers to use STAT_OFFERED to promote a bot to a sharebot and conduct unauthorized activities.... Read more

    Affected Products : eggdrop_irc_bot
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0295

    TsFtpSrv.exe in Broker FTP 6.1.0.0 allows remote attackers to cause a denial of service (CPU consumption) via an open idle connection.... Read more

    Affected Products : broker_ftp_server
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0290

    Buffer overflow in Purge Jihad 2.0.1 and earlier allows remote game servers to execute arbitrary code via an information packet that contains large (1) battle type and (2) map name fields.... Read more

    Affected Products : purge purge_jihad
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2004-0279

    AIM Sniff (aimSniff.pl) 0.9b allows local users to overwrite arbitrary files via a symlink attack on /tmp/AS.log.... Read more

    Affected Products : aim_sniff
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2004-0254

    Cross-site scripting (XSS) vulnerability in Discuz! Board 2.x and 3.x allows remote attackers to execute arbitrary script as other users via an img tag.... Read more

    Affected Products : discuz
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0288

    Buffer overflow in the UdmDocToTextBuf function in mnoGoSearch 3.2.13 through 3.2.15 could allow remote attackers to execute arbitrary code by indexing a large document.... Read more

    Affected Products : mnogosearch
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0239

    SQL injection vulnerability in showphoto.php in PhotoPost PHP Pro 4.6 and earlier allows remote attackers to gain unauthorized access via the photo variable.... Read more

    Affected Products : photopost_php_pro
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0246

    Multiple PHP remote file inclusion vulnerabilities in (1) fonctions.lib.php, (2) derniers_commentaires.php, and (3) admin.php in Les Commentaires 2.0 allow remote attackers to execute arbitrary PHP code via the rep parameter.... Read more

    Affected Products : les_commentaires
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-0289

    Buffer overflow in sdbscan in SignatureDB 0.1.1 allows local users to cause a denial of service (segmentation fault) via a database file that contains a large key parameter.... Read more

    Affected Products : signaturedb
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0636

    Buffer overflow in the goaway function in the aim:goaway URI handler for AOL Instant Messenger (AIM) 5.5, including 5.5.3595, allows remote attackers to execute arbitrary code via a long Away message.... Read more

    Affected Products : instant_messenger
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0332

    Extremail 1.5.9 does not check passwords correctly when they are all digits or begin with a digit, which allows remote attackers to gain privileges.... Read more

    Affected Products : extremail
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0297

    Buffer overflow in the Lightweight Directory Access Protocol (LDAP) daemon (iLDAP.exe 3.9.15.10) in Ipswitch IMail Server 8.03 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via an LDAP message with a large tag len... Read more

    Affected Products : imail
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0280

    Caucho Technology Resin 2.1.12 allows remote attackers to view JSP source via an HTTP request to a .jsp file that ends in a "%20" (encoded space character), e.g. index.jsp%20.... Read more

    Affected Products : resin
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-0256

    GNU libtool before 1.5.2, during compile time, allows local users to overwrite arbitrary files via a symlink attack on libtool directories in /tmp.... Read more

    Affected Products : libtool
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-0283

    Mailmgr 1.2.3 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/mailmgr.unsort, (2) /tmp/mailmgr.tmp, or (3) /tmp/mailmgr.sort.... Read more

    Affected Products : mailmgr
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0275

    SQL injection vulnerability in calendar_download.php in BosDates 3.2 and earlier allows remote attackers to obtain sensitive information and gain access via the calendar parameter.... Read more

    Affected Products : bosdates
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2004-0337

    Cross-site scripting (XSS) vulnerability in LAN SUITE Web Mail 602Pro allows remote attackers to execute arbitrary script or HTML as other users via a URL to index.html, followed by a / (slash) and the desired script. NOTE: the vendor states that this bu... Read more

    Affected Products : 602pro_lan_suite
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2004-0310

    Cross-site scripting (XSS) vulnerability in LiveJournal 1.0 and 1.1 allows remote attackers to execute Javascript as other users via the stylesheet, which does not strip the semicolon or parentheses, as demonstrated using a background:url.... Read more

    Affected Products : livejournal
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0286

    Buffer overflow in RobotFTP 1.0 and 2.0 beta 1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long username.... Read more

    Affected Products : robotftp_server
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025
Showing 20 of 294267 Results