Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.0

    MEDIUM
    CVE-2005-4680

    Sophos Anti-Virus before 4.02, 4.5.x before 4.5.9, 4.6.x before 4.6.9, and 5.x before 5.1.4 allow remote attackers to hide arbitrary files and data via crafted ARJ archives, which are not properly scanned.... Read more

    Affected Products : sophos_anti-virus
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-4637

    Multiple cross-site scripting (XSS) vulnerabilities in index.php in Kayako SupportSuite 3.00.26 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) nav parameter in the downloads module, (2) Full Name and (3) Email fields... Read more

    Affected Products : supportsuite
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 5.8

    MEDIUM
    CVE-2005-2465

    Cross-site scripting (XSS) vulnerability in pm.php in PCXP/TOPPE CMS allows remote attackers to inject arbitrary web script or HTML via the msg variable.... Read more

    Affected Products : pc-experience toppe_cms
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-4854

    eZ publish 3.5 through 3.7 before 20050830 does not use a folder's read permissions to restrict notifications, which allows remote authenticated users to obtain sensitive information about changes to content in arbitrary folders.... Read more

    Affected Products : ez_publish
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 7.1

    HIGH
    CVE-2005-4844

    The CLSID_ApprenticeICW control allows remote attackers to cause a denial of service (Internet Explorer crash) by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet Explorer.... Read more

    Affected Products : internet_explorer
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-4741

    NetBSD 1.6, NetBSD 2.0 through 2.1, and NetBSD-current before 20051031 allows local users to gain privileges by attaching a debugger to a setuid/setgid (P_SUGID) process that performs an exec without a reset of real credentials.... Read more

    Affected Products : netbsd
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2005-4829

    VirtueMart before 1.0.1 does not properly handle errors when a user is forbidden to read a requested page, which has unknown impact and remote attack vectors.... Read more

    Affected Products : virtuemart
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-4673

    ioFTPD 0.5.84 u responds with different messages depending on whether or not a username exists, which allows remote attackers to enumerate valid usernames.... Read more

    Affected Products : ioftpd
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 6.5

    MEDIUM
    CVE-2005-4738

    IBM DB2 Universal Database (UDB) 810 before ESE AIX 5765F4100 does not ensure that a user has execute privileges before permitting object creation based on routines, which allows remote authenticated users to gain privileges.... Read more

    Affected Products : db2_universal_database
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2005-4762

    BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier sometimes stores the boot password in the registry in cleartext, which might allow local users to gain administrative privileges.... Read more

    Affected Products : weblogic_server
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-4817

    Format string vulnerability in ui.c in Textbased MSN Client (TMSNC) before 0.2.5 allows attackers to cause a denial of service and possibly execute arbitrary code via unknown attack vectors that cause format strings to be injected into the wprintw functio... Read more

    Affected Products : tmsnc
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-4787

    Turnkey Web Tools SunShop Shopping Cart allows remote attackers to obtain sensitive information via a phpinfo action to (1) index.php, (2) admin/index.php, and (3) admin/adminindex.php, which executes the PHP phpinfo function. NOTE: The vendor has disput... Read more

    Affected Products : sunshop_shopping_cart
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 6.1

    MEDIUM
    CVE-2005-4826

    Unspecified vulnerability in the VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(22)EA3 on Catalyst 2950T switches allows remote attackers to cause a denial of service (device reboot) via a crafted Subset-Advert message packet, a different issue th... Read more

    Affected Products : ios
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 3.5

    LOW
    CVE-2005-4855

    Unrestricted file upload vulnerability in eZ publish 3.5 before 3.5.5, 3.6 before 3.6.2, 3.7 before 3.7.0rc2, and 3.8 before 20050922 does not restrict Image datatype uploads to image content types, which allows remote authenticated users to upload certai... Read more

    Affected Products : ez_publish
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-4846

    Format string vulnerability in Logger.cc for Spey 0.3.3 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in a syslog call.... Read more

    Affected Products : spey
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-4729

    SQL injection vulnerability in show.php in VBZooM Forum allows remote attackers to execute arbitrary SQL commands via the SubjectID parameter.... Read more

    Affected Products : vbzoom
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-4719

    Multiple SQL injection vulnerabilities in Sysbotz Systems Panel 1.0.6 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the cid parameter in knowledgebase/index.php, (2) the aid parameter in knowledgebase/view.php, (3) the cid p... Read more

    Affected Products : systems_panel
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-4683

    PADL MigrationTools 46, when a failure occurs, stores contents of /etc/shadow in a world-readable /tmp/nis.$$.ldif file, and possibly other sensitive information in other temporary files, which are not properly managed by (1) migrate_all_online.sh, (2) mi... Read more

    Affected Products : migrationtools
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-4674

    Multiple SQL injection vulnerabilities in list.php in Complete PHP Counter allow remote attackers to execute arbitrary SQL commands via the (1) c or (2) s parameter.... Read more

    Affected Products : complete_php_counter
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2005-4600

    Directory traversal vulnerability in tiny_mce_gzip.php in TinyMCE Compressor PHP before 1.06 allows remote attackers to read or include arbitrary files via a trailing null byte (%00) in the (1) theme, (2) language, (3) plugins, or (4) lang parameter.... Read more

    Affected Products : tinymce_compressor_php
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 293350 Results