Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.0

    MEDIUM
    CVE-2004-1947

    The AVXSCANONLINE.AvxScanOnlineCtrl.1 ActiveX control in BitDefender Scan Online allows remote attackers to (1) obtain sensitive information such as system drives and contents or (2) use the RequestFile method to download and execute arbitrary code via an... Read more

    Affected Products : bitdefender
    • Published: Apr. 19, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1942

    The Solaris 9 patches 113579-02 through 113579-05, and 114342-02 through 114342-05, prevent ypserv and ypxfrd from properly restricting access to secure NIS maps, which allows local users to use ypcat or ypmatch to extract the contents of a secure map suc... Read more

    Affected Products : solaris patch_manager
    • Published: Apr. 19, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-1035

    The default installation of SAP R/3 46C/D allows remote attackers to bypass account locking by using the RFC API instead of the SAPGUI to conduct a brute force password guessing attack, which does not lock out the account like the SAPGUI does.... Read more

    Affected Products : sapgui sap_r_3
    • Published: Apr. 15, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-1039

    Multiple buffer overflows in the mySAP.com architecture for SAP allow remote attackers to execute arbitrary code via a long HTTP Host header to (1) Message Server, (2) Web Dispatcher, or (3) Application Server.... Read more

    Affected Products : mysap_business_suite
    • Published: Apr. 15, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-1036

    Multiple buffer overflows in the AGate component for SAP Internet Transaction Server (ITS) allow remote attackers to execute arbitrary code via long (1) ~command, (2) ~runtimemode, or (3) ~session parameters, or (4) a long HTTP Content-Type header.... Read more

    Affected Products : internet_transaction_server
    • Published: Apr. 15, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0514

    Apple Safari allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Safari to send the cookie outside the specified URL subsets, e.g. t... Read more

    Affected Products : safari
    • Published: Apr. 15, 2004
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2003-0202

    The (1) halstead and (2) gather_stats scripts in metrics 1.0 allow local users to overwrite arbitrary files via a symlink attack on temporary files.... Read more

    Affected Products : metrics
    • Published: Apr. 15, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-0364

    The WrapNISUM ActiveX component (WrapUM.dll) in Norton Internet Security 2004 is marked safe for scripting, which allows remote attackers to execute arbitrary programs via the LaunchURL method.... Read more

    Affected Products : norton_internet_security
    • Published: Apr. 15, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2002-1579

    SAP GUI (Sapgui) 4.6D allows remote attackers to cause a denial of service (crash) via a connection to a high-numbered port, which generates an "unknown connection data" error.... Read more

    Affected Products : sapgui
    • Published: Apr. 15, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0594

    Mozilla allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Mozilla to send the cookie outside the specified URL subsets, e.g. to a ... Read more

    Affected Products : mozilla
    • Published: Apr. 15, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-0111

    gdk-pixbuf before 0.20 allows attackers to cause a denial of service (crash) via a malformed bitmap (BMP) file.... Read more

    • Published: Apr. 15, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-1935

    Cross-site scripting (XSS) vulnerability in SCT Campus Pipeline allows remote attackers to inject arbitrary web script or HTML via onload, onmouseover, and other Javascript events in an e-mail attachment.... Read more

    Affected Products : campus_pipeline
    • Published: Apr. 15, 2004
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2003-0257

    Format string vulnerability in the printer capability for IBM AIX .3, 5.1, and 5.2 allows local users to gain printq or root privileges.... Read more

    Affected Products : aix
    • Published: Apr. 15, 2004
    • Modified: Apr. 03, 2025

  • 7.0

    HIGH
    CVE-2004-0217

    The LiveUpdate capability (liveupdate.sh) in Symantec AntiVirus Scan Engine 4.0 and 4.3 for Red Hat Linux allows local users to create or append to arbitrary files via a symlink attack on /tmp/LiveUpdate.log.... Read more

    Affected Products : linux antivirus_scan_engine
    • Published: Apr. 15, 2004
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2003-1034

    The RPM installation of SAP DB 7.x creates the (1) dbmsrv or (2) lserver programs with world-writable permissions, which allows local users to gain privileges by modifying those programs.... Read more

    Affected Products : sap_db
    • Published: Apr. 15, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-1038

    The AGate component for SAP Internet Transaction Server (ITS) allows remote attackers to obtain sensitive information via a ~command parameter with an AgateInstallCheck value, which provides a list of installed DLLs and full pathnames.... Read more

    Affected Products : internet_transaction_server
    • Published: Apr. 15, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-1037

    Format string vulnerability in the WGate component for SAP Internet Transaction Server (ITS) allows remote attackers to execute arbitrary code via a high "trace level."... Read more

    Affected Products : internet_transaction_server
    • Published: Apr. 15, 2004
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2004-0108

    The isag utility, which processes sysstat data, allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CAN-2004-0107.... Read more

    Affected Products : propack sysstat sysstat
    • Published: Apr. 15, 2004
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2004-0148

    wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows local users to bypass access restrictions by changing the permissions to prevent access to their home directory, which causes wu-ftpd to use the root directory instead.... Read more

    Affected Products : propack wu-ftpd
    • Published: Apr. 15, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1934

    PHP remote file inclusion vulnerability in affich.php in Gemitel 3.50 allows remote attackers to execute arbitrary PHP code via the base parameter.... Read more

    Affected Products : gemitel
    • Published: Apr. 15, 2004
    • Modified: Apr. 03, 2025
Showing 20 of 293656 Results