Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2005-4442

    Untrusted search path vulnerability in OpenLDAP before 2.2.28-r3 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH.... Read more

    Affected Products : openldap
    • Published: Dec. 21, 2005
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2005-4444

    Stack-based buffer overflow in the trace message functionality in Pegasus Mail 4.21a through 4.21c and 4.30PB1 allow remote attackers to execute arbitrary code via a long POP3 reply.... Read more

    Affected Products : pegasus_mail
    • Published: Dec. 21, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-4447

    SQL injection vulnerability in articles\articles_funcs.php in phpCOIN 1.2.2 allows remote attackers to modify SQL syntax and possibly execute SQL in limited circumstances via the rec_next parameter. NOTE: the original disclosure suggests that command inje... Read more

    Affected Products : phpcoin
    • Published: Dec. 21, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-4435

    Cross-site scripting (XSS) vulnerability in index.php AbleDesign D-Man 3.x allows remote attackers to inject arbitrary web script or HTML via the title parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from th... Read more

    Affected Products : d-man
    • Published: Dec. 21, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-4433

    Cross-site scripting (XSS) vulnerability in search.php in Esselbach Storyteller CMS 1.8 allows remote attackers to inject arbitrary web script or HTML via the query parameter, which is used by the Search field.... Read more

    Affected Products : esselbach_storyteller_cms
    • Published: Dec. 21, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-4434

    Cross-site scripting (XSS) vulnerability in AbleDesign ReSearch 2.x allows remote attackers to inject arbitrary web script or HTML via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party i... Read more

    Affected Products : abledesign
    • Published: Dec. 21, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-4438

    Heap-based buffer overflow in Dec2Rar.dll 3.2.14.3, as distributed in the Symantec Antivirus Library and used by various Symantec products, allows remote attackers to execute arbitrary code via RAR archives with sub-block headers that contain incorrect va... Read more

    Affected Products : antivirus dec2rar.dll
    • Published: Dec. 21, 2005
    • Modified: Apr. 03, 2025

  • 7.8

    HIGH
    CVE-2005-4439

    Buffer overflow in ELOG elogd 2.6.0-beta4 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a URL with a long (1) cmd or (2) mode parameter.... Read more

    Affected Products : elogd
    • Published: Dec. 21, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-4437

    MD5 Neighbor Authentication in Extended Interior Gateway Routing Protocol (EIGRP) 1.2, as implemented in Cisco IOS 11.3 and later, does not include the Message Authentication Code (MAC) in the checksum, which allows remote attackers to sniff message hashe... Read more

    • Published: Dec. 21, 2005
    • Modified: Apr. 03, 2025

  • 7.8

    HIGH
    CVE-2005-4436

    Extended Interior Gateway Routing Protocol (EIGRP) 1.2, as implemented in Cisco IOS after 12.3(2), 12.3(3)B, and 12.3(2)T and other products, allows remote attackers to cause a denial of service by sending a "spoofed neighbor announcement" with (1) mismat... Read more

    • Published: Dec. 21, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-4430

    SQL injection vulnerability in LogicBill 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) __mode and (2) __id parameters to helpdesk.php.... Read more

    Affected Products : logicbill
    • Published: Dec. 21, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-4432

    Cross-site scripting (XSS) vulnerability in index.php in PlaySMS 0.8 allows remote attackers to inject arbitrary web script or HTML via the err parameter.... Read more

    Affected Products : playsms
    • Published: Dec. 21, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-4429

    SQL injection vulnerability in CS-Cart 1.3.0 allows remote attackers to execute arbitrary SQL commands via the (1) sort_by and (2) sort_order parameters to index.php.... Read more

    Affected Products : cs-cart
    • Published: Dec. 21, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-4431

    SQL injection vulnerability in WowBB 1.65 allows remote attackers to execute arbitrary SQL commands via the q parameter to search.php. NOTE: the view_user.php/sort_by vector is already covered by CVE-2005-1554 and CVE-2004-2181.... Read more

    Affected Products : wowbb
    • Published: Dec. 21, 2005
    • Modified: Apr. 03, 2025

  • 7.8

    HIGH
    CVE-2005-4348

    fetchmail before 6.3.1 and before 6.2.5.5, when configured for multidrop mode, allows remote attackers to cause a denial of service (application crash) by sending messages without headers from upstream mail servers.... Read more

    Affected Products : fetchmail
    • Published: Dec. 21, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-4428

    Cross-site scripting (XSS) vulnerability in index.php in Cerberus Helpdesk allows remote attackers to inject arbitrary web script or HTML via the kb_ask parameter.... Read more

    Affected Products : cerberus_helpdesk
    • Published: Dec. 20, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-4427

    Multiple SQL injection vulnerabilities in Cerberus Helpdesk allow remote attackers to execute arbitrary SQL commands via the (1) file_id parameter to attachment_send.php, (2) the $addy variable in email_parser.php, (3) $address variable in email_parser.ph... Read more

    Affected Products : cerberus_helpdesk
    • Published: Dec. 20, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-4410

    Cross-site scripting (XSS) vulnerability in NQcontent 3 allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the text parameter.... Read more

    Affected Products : nqcontent
    • Published: Dec. 20, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-4409

    Cross-site scripting (XSS) vulnerability in MMBase 1.7.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters.... Read more

    Affected Products : mmbase
    • Published: Dec. 20, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-4397

    SQL injection vulnerability in RunScript.asp iCMS allows remote attackers to execute arbitrary SQL commands via the Event_ID parameter.... Read more

    Affected Products : icms
    • Published: Dec. 20, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 292864 Results