Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.0

    MEDIUM
    CVE-2004-1786

    PortalApp places user credentials under the web root with insufficient access control, which allows remote attackers to gain access to sensitive information via a direct request to 8275.mdb.... Read more

    Affected Products : portalapp
    • Published: Jan. 04, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1784

    Buffer overflow in the web server of Webcam Watchdog 3.63 allows remote attackers to execute arbitrary code via a long HTTP GET request.... Read more

    Affected Products : webcam_watchdog
    • Published: Jan. 03, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1785

    SQL injection vulnerability in calendar.php for Invision Power Board 1.3 allows remote attackers to execute arbitrary SQL commands via the m parameter, which sets the $this->chosen_month variable.... Read more

    Affected Products : invision_board
    • Published: Jan. 03, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2003-1371

    Nuked-Klan 1.3b, and possibly earlier versions, allows remote attackers to obtain sensitive server information via an op parameter set to phpinfo for the (1) Team, (2) News, or (3) Liens modules.... Read more

    Affected Products : nuked-klan
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-1304

    EarlyImpact ProductCart 1.0 through 2.0 stores database/EIPC.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive database information via a direct request.... Read more

    Affected Products : productcart
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-1239

    Directory traversal vulnerability in sendphoto.php in WihPhoto 0.86 allows remote attackers to read arbitrary files via .. specifiers in the album parameter, and the target filename in the pic parameter.... Read more

    Affected Products : wihphoto
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 7.8

    HIGH
    CVE-2003-1510

    TinyWeb 1.9 allows remote attackers to cause a denial of service (CPU consumption) via a ".%00." in an HTTP GET request to the cgi-bin directory.... Read more

    Affected Products : tinyweb
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2003-1307

    The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming con... Read more

    Affected Products : http_server
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2003-1414

    Directory traversal vulnerability in parse_xml.cg Apple Darwin Streaming Server 4.1.2 and Apple Quicktime Streaming Server 4.1.1 allows remote attackers to read arbitrary files via a ... (triple dot) in the filename parameter.... Read more

    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-1450

    BitchX 75p3 and 1.0c16 through 1.0c20cvs allows remote attackers to cause a denial of service (segmentation fault) via a malformed RPL_NAMREPLY numeric 353 message.... Read more

    Affected Products : bitchx
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 5.8

    MEDIUM
    CVE-2003-1401

    login.php in php-Board 1.0 stores plaintext passwords in $username.txt with insufficient access control under the web document root, which allows remote attackers to obtain sensitive information via a direct request.... Read more

    Affected Products : php_board
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2003-1375

    Buffer overflow in wall for HP-UX 10.20 through 11.11 may allow local users to execute arbitrary code by calling wall with a large file as an argument.... Read more

    Affected Products : hp-ux
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-1523

    SQL injection vulnerability in the IMAP daemon in dbmail 1.1 allows remote attackers to execute arbitrary SQL commands via the (1) login username, (2) mailbox name, and possibly other attack vectors.... Read more

    Affected Products : dbmail
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2003-1501

    Directory traversal vulnerability in the file upload CGI of Gast Arbeiter 1.3 allows remote attackers to write arbitrary files via a .. (dot dot) in the req_file parameter.... Read more

    Affected Products : gast_arbeiter
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 7.8

    HIGH
    CVE-2003-1448

    Memory leak in the Windows 2000 kernel allows remote attackers to cause a denial of service (SMB request hang) via a NetBIOS continuation packet.... Read more

    Affected Products : windows_2000
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-1153

    byteHoard 0.7 and 0.71 allows remote attackers to list arbitrary files and directories via a direct request to files.inc.php.... Read more

    Affected Products : bytehoard
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2003-1339

    Stack-based buffer overflow in eZnet.exe, as used in eZ (a) eZphotoshare, (b) eZmeeting, (c) eZnetwork, and (d) eZshare allows remote attackers to cause a denial of service (crash) or execute arbitrary code, as demonstrated via (1) a long GET request and ... Read more

    Affected Products : ezmeeting
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2003-1306

    Microsoft URLScan 2.5, with the RemoveServerHeader option enabled, allows remote attackers to obtain sensitive information (server name and version) via an HTTP request that generates certain errors such as 400 "Bad Request," which leak the Server header ... Read more

    Affected Products : urlscan
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2003-1455

    Multiple buffer overflows in the launch_bcrelay function in pptpctrl.c in PoPToP 1.1.4-b1 through PoPToP 1.1.4-b3 allow local users to execute arbitrary code.... Read more

    Affected Products : pptp_server
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2003-1467

    Multiple cross-site scripting (XSS) vulnerabilities in (1) login.php, (2) register.php, (3) post.php, and (4) common.php in Phorum before 3.4.3 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors.... Read more

    Affected Products : linux_kernel phorum all_windows unix
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025
Showing 20 of 293534 Results