Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2005-4365

    Multiple cross-site scripting (XSS) vulnerabilities in FLIP 0.9.0.1029 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter in text.php and (2) frame parameter in forum.php.... Read more

    Affected Products : flip
    • Published: Dec. 20, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-4355

    Multiple cross-site scripting (XSS) vulnerabilities in UStore allow remote attackers to inject arbitrary web script or HTML via the (1) Cat parameter in default.asp and the (2) accessdenied parameter in admin/default.asp. NOTE: the provenance of this inf... Read more

    Affected Products : ustore
    • Published: Dec. 20, 2005
    • Modified: Apr. 03, 2025

  • 7.8

    HIGH
    CVE-2005-4360

    The URL parser in Microsoft Internet Information Services (IIS) 5.1 on Windows XP Professional SP2 allows remote attackers to execute arbitrary code via multiple requests to ".dll" followed by arguments such as "~0" through "~9", which causes ntdll.dll to... Read more

    • Published: Dec. 20, 2005
    • Modified: Apr. 03, 2025

  • 5.8

    MEDIUM
    CVE-2005-4367

    Cross-site scripting (XSS) vulnerability in register_domain.php in DRZES HMS 3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the "Domain Availability" field. NOTE: this issue was later report... Read more

    Affected Products : drzes_hms
    • Published: Dec. 20, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-4358

    admin/admin_disallow.php in phpBB 2.0.18 allows remote attackers to obtain the installation path via a direct request with a non-empty setmodules parameter, which causes an invalid append_sid function call that leaks the path in an error message.... Read more

    Affected Products : phpbb
    • Published: Dec. 20, 2005
    • Modified: Apr. 03, 2025

  • 5.8

    MEDIUM
    CVE-2005-4363

    Cross-site scripting (XSS) vulnerability in the search engine in Komodo CMS 2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters.... Read more

    Affected Products : komodo_cms
    • Published: Dec. 20, 2005
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2005-4366

    Multiple SQL injection vulnerabilities in DRZES HMS 3.2 allow remote attackers to execute arbitrary SQL commands via the (1) plan_id parameter to (a) domains.php, (b) viewusage.php, (c) pop_accounts.php, (d) databases.php, (e) ftp_users.php, (f) crons.php... Read more

    Affected Products : drzes_hms
    • Published: Dec. 20, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-4356

    SQL injection vulnerability in UStore allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields. NOTE: the provenance of this information is unknown; the details are obtained solely from third party informatio... Read more

    Affected Products : ustore
    • Published: Dec. 20, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-4354

    Cross-site scripting (XSS) vulnerability in webglimpse.cgi in Webglimpse 2.14.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the query parameter.... Read more

    Affected Products : webglimpse
    • Published: Dec. 20, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-4353

    SQL injection vulnerability in index.php in toendaCMS 0.6.2.1, when configured to use a SQL database, allows remote attackers to execute arbitrary SQL commands via the id parameter.... Read more

    Affected Products : toendacms
    • Published: Dec. 20, 2005
    • Modified: Apr. 03, 2025

  • 7.8

    HIGH
    CVE-2005-4350

    Unspecified vulnerability in WBEM Services A.01.x before A.01.05.12 and A.02.x before A.02.00.08 on HP-UX B.11.00 through B.11.23 allows remote attackers to cause an unspecified denial of service via unknown attack vectors.... Read more

    Affected Products : wbem_services
    • Published: Dec. 20, 2005
    • Modified: Apr. 03, 2025

  • 6.5

    MEDIUM
    CVE-2005-4349

    SQL injection vulnerability in server_privileges.php in phpMyAdmin 2.7.0 allows remote authenticated users to execute arbitrary SQL commands via the (1) dbname and (2) checkprivs parameters. NOTE: the vendor and a third party have disputed this issue, sa... Read more

    Affected Products : phpmyadmin
    • Published: Dec. 19, 2005
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2005-4345

    Adobe (formerly Macromedia) ColdFusion MX 7.0 exposes the password hash of the Administrator in an API call, which allows local developers to obtain the hash and gain privileges.... Read more

    Affected Products : coldfusion
    • Published: Dec. 19, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-4346

    Invalid SQL syntax error in blog.php in phpBB Blog 2.2.2 and earlier allows remote attackers to obtain the full path of the application via an invalid permalink parameter to index.php, which produces an invalid SQL query that leaks the full pathname in a ... Read more

    Affected Products : phpbb_blog
    • Published: Dec. 19, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-4344

    Adobe (formerly Macromedia) ColdFusion MX 7.0 does not honor when the CFOBJECT /CreateObject(Java) setting is disabled, which allows local users to create an object despite the specified configuration.... Read more

    Affected Products : coldfusion
    • Published: Dec. 19, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-4337

    The login page in Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to bypass authentication and gain privileges as other users via a modified user_id parameter and a... Read more

    Affected Products : academic_suite
    • Published: Dec. 19, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2005-4338

    announcement.pl in Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to gain administrator privileges by setting the context parameter to "admin".... Read more

    Affected Products : academic_suite
    • Published: Dec. 19, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-4342

    ColdFusion Sandbox on Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 does not throw an exception if the SecurityManager is disabled, which might allow remote attackers to "bypass security controls," aka "JRun Clustered Sandbox ... Read more

    Affected Products : coldfusion
    • Published: Dec. 19, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-4339

    Cross-site scripting (XSS) vulnerability in Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to inject arbitrary web script or HTML via the context parameter to anno... Read more

    Affected Products : academic_suite
    • Published: Dec. 19, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-4341

    Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to list all available categories via a blank category_id parameter to category.pl. NOTE: it is not clear whether th... Read more

    Affected Products : academic_suite
    • Published: Dec. 19, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 292864 Results