Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2005-4640

    SQL injection vulnerability in index.php in class-1 Poll Software 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) pollid or (2) previouspoll parameters.... Read more

    Affected Products : poll_software
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-4638

    index.php in Kayako SupportSuite 3.00.26 and earlier allow remote attackers to obtain the full path via (1) _a and (2) newsid parameters in the news module, (3) downloaditemid parameter in the downloads module, and (4) kbarticleid parameter in the knowled... Read more

    Affected Products : supportsuite
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-4726

    MUTE 0.4 uses improper flood protection algorithms, which allows remote attackers to obtain sensitive information (privacy leak and search result data) by controlling a drop chain neighbor that is near the end of a message chain.... Read more

    Affected Products : mute
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2005-4819

    Cross-site scripting (XSS) vulnerability in Lotus Domino versions before 6.5.4 fix pack 1 (FP1) and versions before 7.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.... Read more

    Affected Products : lotus_domino
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-4788

    resmgr in SUSE Linux 9.2 and 9.3, and possibly other distributions, allows local users to bypass access control rules for USB devices via "alternate syntax for specifying USB devices."... Read more

    Affected Products : suse_linux
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-4653

    Unspecified vulnerability in ss.php in AL-Caricatier 2.5 and earlier allows remote attackers to bypass login authentication by requesting view_caricatier.php, and then requesting any file in the admin directory with a cookie_username=admin argument.... Read more

    Affected Products : al-caricatier
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2005-2454

    IBM Lotus Notes 6.5.4 and 6.5.5, and 7.0.0 and 7.0.1, uses insecure default permissions (Everyone/Full Control) for the "Notes" folder and all children, which allows local users to gain privileges and modify, add, or delete files in that folder.... Read more

    Affected Products : lotus_notes notes
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 1.7

    LOW
    CVE-2005-1976

    Novell NetMail 3.5.2a, 3.5.2b, and 3.5.2c, when running on Linux, sets the owner and group ID to 500 for certain files, which could allow users or groups with that ID to execute arbitrary code or cause a denial of service by modifying those files.... Read more

    Affected Products : netmail
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2005-4851

    eZ publish 3.4.4 through 3.7 before 20050722 applies certain permissions on the node level, which allows remote authenticated users to bypass the original permissions on embedded objects in XML fields and read these objects.... Read more

    Affected Products : ez_publish
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2005-4859

    mimicboard2 (Mimic2) 086 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for mimic2.dat.... Read more

    Affected Products : mimicboard
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-4709

    The popSubjectContext method in the SecurityAssociation class in JBoss Enterprise Java Beans (EJB) 3.0 RC3 maintains the threadPrincipal and threadCredential values from a previous client's authentication after termination of a client session, which allow... Read more

    Affected Products : enterprise_java_beans
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-4669

    SQL injection vulnerability in RT Internet Solutions (RTIS) WebAdmin allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields.... Read more

    Affected Products : rt_internet_solutions_webadmin
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-4632

    SQL injection vulnerability in poll_frame.php in Vote! Pro 4.0 and earlier allows remote attackers to execute arbitrary SQL commands via the poll_id parameter.... Read more

    Affected Products : vote_pro
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-4626

    The default configuration of Recruitment Software installs admin/site.xml under the web document root with insufficient access control, which might allow remote attackers to obtain sensitive information (MySQL database credentials) via a direct request.... Read more

    Affected Products : recruitment_software
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 7.8

    HIGH
    CVE-2005-2712

    The LDAP server (nldap.exe) in IBM Lotus Domino before 7.0.1, 6.5.5, and 6.5.4 FP2 allows remote attackers to cause a denial of service (crash) via a long bind request, which triggers a null dereference.... Read more

    Affected Products : lotus_domino
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-4750

    BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP5 and earlier, and 6.1 SP7 and earlier allow remote attackers to cause a denial of service (server thread hang) via unknown attack vectors.... Read more

    Affected Products : weblogic_server
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-4775

    Michael Scholz and Sebastian Stein Contineo 2.0, when the admin account lacks an e-mail address attribute, displays the password hash in a warning upon page reload, which might allow remote attackers to view the hash.... Read more

    Affected Products : contineo
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2005-4699

    Argument injection vulnerability in TellMe 1.2 and earlier allows remote attackers to modify command line arguments for the Whois program and obtain sensitive information via "--" style options in the q_Host parameter.... Read more

    Affected Products : tellme
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-4675

    Cross-site scripting (XSS) vulnerability in list.php in Complete PHP Counter allows remote attackers to inject arbitrary web script or HTML via the c parameter.... Read more

    Affected Products : complete_php_counter
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2005-4654

    Multiple unspecified vulnerabilities in Oracle for OpenView (OfO) 8.1.7, 9.1.01, and 9.2, and OfO for Linux, allow remote attackers to have an unknown impact via unknown attack vectors. NOTE: because of the lack of details in the vendor advisory, it is u... Read more

    Affected Products : oracle_for_openview
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 293437 Results