Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2008-1116

    Insecure method vulnerability in the Web Scan Object ActiveX control (OL2005.dll) in Rising Antivirus Online Scanner allows remote attackers to force the download and execution of arbitrary code by setting the BaseURL property and invoking the UpdateEngin... Read more

    Affected Products : rising_web_scan_object
    • EPSS Score: %6.93
    • Published: Mar. 03, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2008-2551

    The DownloaderActiveX Control (DownloaderActiveX.ocx) in Icona SpA C6 Messenger 1.0.0.1 allows remote attackers to force the download and execution of arbitrary files via a URL in the propDownloadUrl parameter with the propPostDownloadAction parameter set... Read more

    Affected Products : instant_messenger
    • EPSS Score: %85.10
    • Published: Jun. 04, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2008-2635

    Multiple directory traversal vulnerabilities in BitKinex 2.9.3 allow remote FTP and WebDAV servers to create or overwrite arbitrary files via a .. (dot dot) in (1) a response to a LIST command from the BitKinex FTP client and (2) a response to a PROPFIND ... Read more

    Affected Products : bitkinex
    • EPSS Score: %0.15
    • Published: Jun. 10, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2008-2702

    Directory traversal vulnerability in the FTP client in ALTools ESTsoft ALFTP 4.1 beta 2 and 5.0 allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a response to a LIST command, a related issue to CVE-2002-1345. NOTE: t... Read more

    Affected Products : alftp
    • EPSS Score: %6.34
    • Published: Jun. 13, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2008-2894

    Directory traversal vulnerability in the FTP client in NCH Software Classic FTP 1.02 for Windows allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a response to a LIST command, a related issue to CVE-2002-1345.... Read more

    Affected Products : nch_software_classic_ftp
    • EPSS Score: %2.48
    • Published: Jun. 27, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2008-3024

    Stack-based buffer overflow in phgrafx in QNX Momentics (aka RTOS) 6.3.2 and earlier allows local users to gain privileges via a long .pal filename in palette/.... Read more

    Affected Products : qnx_momentics
    • EPSS Score: %1.48
    • Published: Jul. 07, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2008-3239

    Unrestricted file upload vulnerability in the writeLogEntry function in system/v_cron_proc.php in PHPizabi 0.848b C1 HFP1, when register_globals is enabled, allows remote attackers to upload and execute arbitrary code via a filename in the CONF[CRON_LOGFI... Read more

    Affected Products : phpizabi
    • EPSS Score: %5.56
    • Published: Jul. 21, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2008-3733

    Stack-based buffer overflow in EO Video (eo-video) 1.36 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a .eop (aka playlist) file with a ProjectElement element that contains a long Name element.... Read more

    Affected Products : eo-video
    • EPSS Score: %19.32
    • Published: Aug. 20, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2008-3957

    The Microsoft Windows Image Acquisition Logger ActiveX control allows remote attackers to force the download of arbitrary files onto a client system via a URL in the first argument to the Open method, in conjunction with a full destination pathname in the... Read more

    Affected Products : windows_image_acquisition_logger
    • EPSS Score: %33.27
    • Published: Sep. 11, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2008-4396

    Stack-based buffer overflow in Safer Networking FileAlyzer 1.6.0.0 and 1.6.0.4 beta, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via an executable with malformed version data.... Read more

    Affected Products : filealyzer
    • EPSS Score: %4.21
    • Published: Oct. 02, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2008-4434

    Stack-based buffer overflow in (1) uTorrent 1.7.7 build 8179 and earlier and (2) BitTorrent 6.0.3 build 8642 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long Created By field in a .tor... Read more

    Affected Products : utorrent bittorrent
    • EPSS Score: %22.29
    • Published: Oct. 03, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2008-4547

    Heap-based buffer overflow in the PdvrAtl.PdvrOcx.1 ActiveX control (pdvratl.dll) in DVRHOST Web CMS OCX 1.0.1.25 allows remote attackers to execute arbitrary code via a long second argument to the TimeSpanFormat method.... Read more

    Affected Products : dvrstation_cms
    • EPSS Score: %12.37
    • Published: Oct. 14, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2008-4719

    PHP remote file inclusion vulnerability in cms/classes/openengine/filepool.php in openEngine 2.0 beta2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the oe_classpath parameter, a different vector tha... Read more

    Affected Products : openengine
    • EPSS Score: %1.01
    • Published: Oct. 23, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2008-5089

    Multiple insecure method vulnerabilities in the DDActiveReportsViewer2.ARViewer2 ActiveX control (arview2.ocx) in Data Dynamics ActiveReports 2.5.0.1314 allow remote attackers to overwrite arbitrary files via a call to the (1) Pages.Save, (2) PrintReport,... Read more

    Affected Products : activereports
    • EPSS Score: %0.86
    • Published: Nov. 14, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2008-4391

    Stack-based buffer overflow in the SetSource method in the NetCamPlayerWeb11gv2 ActiveX control in NetCamPlayerWeb11gv2.ocx on the Cisco Linksys WVC54GC wireless video camera before firmware 1.25 allows remote attackers to execute arbitrary code via long ... Read more

    Affected Products : wvc54gc
    • EPSS Score: %5.23
    • Published: Dec. 09, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2008-5406

    Stack-based buffer overflow in Apple QuickTime Player 7.5.5 and iTunes 8.0.2.20 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a MOV file with "long arguments," related to an "off by one ov... Read more

    Affected Products : itunes quicktime
    • EPSS Score: %6.12
    • Published: Dec. 10, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2008-5409

    Unspecified vulnerability in the pdf.xmd module in (1) BitDefender Free Edition 10 and Antivirus Standard 10, (2) BullGuard Internet Security 8.5, and (3) Software602 Groupware Server 6.0.08.1118 allows remote attackers to cause a denial of service (appli... Read more

    • EPSS Score: %21.88
    • Published: Dec. 10, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2008-5492

    Heap-based buffer overflow in the PDFVIEW.PdfviewCtrl.1 ActiveX control in pdfview.ocx 2.0.0.1 in VeryDOC PDF Viewer OCX Control allows remote attackers to execute arbitrary code via a long first argument to the OpenPDF method. NOTE: some of these detail... Read more

    Affected Products : verydoc_pdf_viewer
    • EPSS Score: %70.18
    • Published: Dec. 12, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2008-5521

    Avira AntiVir 7.9.0.36 and possibly 7.8.1.28, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (... Read more

    Affected Products : internet_explorer antivir
    • EPSS Score: %0.29
    • Published: Dec. 12, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2008-5523

    avast! antivirus 4.8.1281.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, ... Read more

    Affected Products : internet_explorer avast_antivirus
    • EPSS Score: %0.31
    • Published: Dec. 12, 2008
    • Modified: Apr. 09, 2025
Showing 20 of 292512 Results