Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.0

    MEDIUM
    CVE-2004-1721

    The (1) function.php or (2) function.view.php scripts in Merak Mail Server 5.2.7 allow remote attackers to read arbitrary PHP files via a direct HTTP request to port 32000.... Read more

    Affected Products : mail_server
    • Published: Aug. 17, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1722

    SQL injection vulnerability in calendar.html in Merak Mail Server 5.2.7 allows remote attackers to execute arbitrary SQL statements via the schedule parameter.... Read more

    Affected Products : mail_server
    • Published: Aug. 17, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-1718

    The ZwOpenSection function in Integrity Protection Driver (IPD) 1.4 and earlier allows local users to cause a denial of service (crash) via an invalid pointer in the "oa" argument.... Read more

    Affected Products : integrity_protection_driver
    • Published: Aug. 17, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-1719

    Multiple cross-site scripting (XSS) vulnerabilities in Merak Webmail Server 5.2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) category, (2) cserver, (3) ext, (4) global, (5) showgroups, (6) or showlite parameters to address.h... Read more

    Affected Products : mail_server
    • Published: Aug. 17, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1737

    SQL injection vulnerability in auth_login.php in Cacti 0.8.5a allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) password parameters.... Read more

    Affected Products : linux cacti
    • Published: Aug. 16, 2004
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2004-1717

    Multiple buffer overflows in the psscan function in ps.c for gv (ghostview) allow remote attackers to execute arbitrary code via a Postscript file with a long (1) BoundingBox, (2) comment, (3) Orientation, (4) PageOrder, or (5) Pages value.... Read more

    Affected Products : gv
    • Published: Aug. 16, 2004
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2004-1716

    Cross-site scripting (XSS) vulnerability in PForum before 1.26 allows remote attackers to inject arbitrary web script or HTML via the (1) IRC Server or (2) AIM ID fields in the user profile.... Read more

    Affected Products : pforum
    • Published: Aug. 16, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-1682

    Format string vulnerability in QNX 6.1 FTP client allows remote authenticated users to gain group bin privileges via format string specifiers in the QUOTE command.... Read more

    Affected Products : rtp
    • Published: Aug. 15, 2004
    • Modified: Apr. 03, 2025

  • 7.1

    HIGH
    CVE-2004-1714

    BlackICE PC Protection and Server Protection installs (1) firewall.ini, (2) blackice.ini, (3) sigs.ini and (4) protect.ini with Everyone Full Control permissions, which allows local users to cause a denial of service (crash) or modify configuration, as de... Read more

    • Published: Aug. 11, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1715

    Directory traversal vulnerability in MIMEsweeper for Web before 5.0.4 allows remote attackers or local users to read arbitrary files via "..\\", "..\", and similar dot dot sequences in the URL.... Read more

    Affected Products : mimesweeper_for_web
    • Published: Aug. 11, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1347

    X Display Manager (XDM) on Solaris 8 allows remote attackers to cause a denial of service (XDM crash) via an invalid X Display Manager Control Protocol (XDMCP) request.... Read more

    Affected Products : solaris sunos
    • Published: Aug. 10, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-1713

    Unknown vulnerability in HP Process Resource Manager (PRM) C.02.01[.01] and earlier, as used by HP-UX Workload Manager (WLM), allows local users to corrupt data files.... Read more

    • Published: Aug. 10, 2004
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2004-1702

    The AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to 2.1.7p1 does not properly check the return value of the ReceiveTransaction function, which leads to a failed malloc call and triggers to a null dereference, which allows remote attackers... Read more

    Affected Products : cfengine
    • Published: Aug. 09, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-1701

    Heap-based buffer overflow in the AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to 2.1.7p1 allows remote attackers to execute arbitrary code via a long SAUTH command during RSA authentication.... Read more

    Affected Products : cfengine
    • Published: Aug. 09, 2004
    • Modified: Apr. 03, 2025

  • 7.8

    HIGH
    CVE-2004-0210

    The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by modifying message length values and causing a buffer overflow.... Read more

    • Actively Exploited
    • Published: Aug. 06, 2004
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2004-0125

    The jail system call in FreeBSD 4.x before 4.10-RELEASE does not verify that an attempt to manipulate routing tables originated from a non-jailed process, which could allow local users to modify the routing table.... Read more

    Affected Products : freebsd
    • Published: Aug. 06, 2004
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2004-0135

    The syssgi SGI_IOPROBE system call in IRIX 6.5.20 through 6.5.24 allows local users to gain privileges by reading and writing to kernel memory.... Read more

    Affected Products : irix
    • Published: Aug. 06, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0212

    Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Internet Exp... Read more

    • Published: Aug. 06, 2004
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2004-0589

    Cisco IOS 11.1(x) through 11.3(x) and 12.0(x) through 12.2(x), when configured for BGP routing, allows remote attackers to cause a denial of service (device reload) via malformed BGP (1) OPEN or (2) UPDATE messages.... Read more

    Affected Products : ios
    • Published: Aug. 06, 2004
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2004-0554

    Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a denial of service (system crash), possibly via an infinite loop that triggers a signal handler with a certain sequence of fsave and frstor instructions, as originally demonstrated using a ... Read more

    • Published: Aug. 06, 2004
    • Modified: Apr. 03, 2025
Showing 20 of 294733 Results