Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.9

    MEDIUM
    CVE-2005-3981

    NOTE: this issue has been disputed by third parties. Microsoft Windows XP, 2000, and 2003 allows local users to kill a writable process by using the CreateRemoteThread function with certain arguments on a process that has been opened using the OpenProces... Read more

    • Published: Dec. 04, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3984

    SQL injection vulnerability in WebCalendar 1.0.1 allows remote attackers to execute arbitrary SQL commands via the time_range parameter to edit_report_handler.php. NOTE: the startid/activity_log.php vector is already covered by CVE-2005-3949.... Read more

    Affected Products : webcalendar
    • Published: Dec. 04, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-3971

    Cross-site scripting (XSS) vulnerability in the login form in Citrix MetaFrame Secure Access Manager 2.0 through 2.2 and NFuse Elite 1.0 allows remote attackers to inject arbitrary web script or HTML via the username field.... Read more

    • Published: Dec. 03, 2005
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2005-3974

    Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3, when running on PHP5, does not correctly enforce user privileges, which allows remote attackers to bypass the "access user profiles" permission.... Read more

    Affected Products : drupal
    • Published: Dec. 03, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-3979

    relocate_server.php in Coppermine Photo Gallery (CPG) 1.4.2 and 1.4 beta is not removed after installation and does not use authentication, which allows remote attackers to obtain sensitive information, such as database configuration, via a direct request... Read more

    Affected Products : coppermine_photo_gallery
    • Published: Dec. 03, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-3972

    Cross-site scripting (XSS) vulnerability in extremesearch.php in Extreme Search Corporate Edition 6.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter.... Read more

    Affected Products : extreme_search
    • Published: Dec. 03, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-3970

    Cross-site scripting (XSS) vulnerability in MXChange before 0.2.0-pre10 PL492 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.... Read more

    Affected Products : mxchange
    • Published: Dec. 03, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-3977

    Cross-site scripting (XSS) vulnerability in QualityEBiz Quality PPC 1553 allows remote attackers to inject web script or HTML via the REQ parameter to the search module.... Read more

    Affected Products : qualityppc
    • Published: Dec. 03, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3978

    Multiple SQL injection vulnerabilities in NetClassifieds Premium Edition 1.0.1, Professional Edition 1.5.1, Standard Edition 1.9.6.3, and Free Edition 1.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) CatID parameter in (a) ViewCa... Read more

    Affected Products : netclassifieds
    • Published: Dec. 03, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3969

    SQL injection vulnerability in MXChange before 0.2.0-pre10 PL492 allows remote attackers to execute arbitrary SQL commands via unknown vectors.... Read more

    Affected Products : mxchange
    • Published: Dec. 03, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-3967

    Cross-site scripting (XSS) vulnerability in the dosearchsite.action module in Atlassian Confluence 2.0.1 Build 321 allows remote attackers to inject arbitrary web script or HTML via the searchQuery.queryString search module parameter.... Read more

    Affected Products : confluence
    • Published: Dec. 03, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-3966

    Cross-site scripting (XSS) vulnerability in search.jsp in Java Search Engine (JSE) 0.9.34 allows remote attackers to inject arbitrary web script or HTML via the q parameter.... Read more

    Affected Products : java_search_engine
    • Published: Dec. 03, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-3973

    Multiple cross-site scripting (XSS) vulnerabilities in Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3 allow remote attackers to inject arbitrary web script or HTML via various HTML tags and values, such as the (1) legend tag and the value parameter us... Read more

    Affected Products : drupal
    • Published: Dec. 03, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3976

    SQL injection vulnerability in type.asp, as used in multiple DUware products including (1) DUamazon 3.1, (2) DUarticle 1.1, (3) DUclassified 4.2, (4) DUdirectory 3.1 and DUdirectory Pro 3.0 and 3.0 SQL, (5) DUdownload 1.1, (6) DUgallery 3.3, (7) DUnews 1.... Read more

    • Published: Dec. 03, 2005
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2005-3975

    Interpretation conflict in file.inc in Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3 allows remote authenticated users to inject arbitrary web script or HTML via HTML in a file with a GIF or JPEG file extension, which causes the HTML to be executed b... Read more

    Affected Products : drupal
    • Published: Dec. 03, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3968

    SQL injection vulnerability in auth.inc.php in PHPX 3.5.9 and earlier allows remote attackers to execute arbitrary SQL commands, bypass authentication, and upload arbitrary PHP code via the username parameter.... Read more

    Affected Products : phpx
    • Published: Dec. 03, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3964

    Multiple buffer overflows in libUil (libUil.so) in OpenMotif 2.2.3, and possibly other versions, allows attackers to execute arbitrary code via the (1) diag_issue_diagnostic function in UilDiags.c and (2) open_source_file function in UilSrcSrc.c.... Read more

    Affected Products : openmotif
    • Published: Dec. 02, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3963

    SQL injection vulnerability in session.php in DotClear before 1.2.3 allows remote attackers to execute arbitrary SQL commands via the dc_xd parameter in a cookie.... Read more

    Affected Products : dotclear
    • Published: Dec. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2005-3962

    Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer ... Read more

    Affected Products : perl
    • Published: Dec. 01, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-3959

    Multiple cross-site scripting (XSS) vulnerabilities in FreeWebStat 1.0 rev37 allow remote attackers to inject arbitrary web script or HTML via the (1) site, (2) jsref, (3) jsres, and (4) jscolor parameters to pixel.php, which are not sanitized before bein... Read more

    Affected Products : freewebstat
    • Published: Dec. 01, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 292795 Results