Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2005-3969

    SQL injection vulnerability in MXChange before 0.2.0-pre10 PL492 allows remote attackers to execute arbitrary SQL commands via unknown vectors.... Read more

    Affected Products : mxchange
    • Published: Dec. 03, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-3967

    Cross-site scripting (XSS) vulnerability in the dosearchsite.action module in Atlassian Confluence 2.0.1 Build 321 allows remote attackers to inject arbitrary web script or HTML via the searchQuery.queryString search module parameter.... Read more

    Affected Products : confluence
    • Published: Dec. 03, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-3970

    Cross-site scripting (XSS) vulnerability in MXChange before 0.2.0-pre10 PL492 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.... Read more

    Affected Products : mxchange
    • Published: Dec. 03, 2005
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2005-3974

    Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3, when running on PHP5, does not correctly enforce user privileges, which allows remote attackers to bypass the "access user profiles" permission.... Read more

    Affected Products : drupal
    • Published: Dec. 03, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-3979

    relocate_server.php in Coppermine Photo Gallery (CPG) 1.4.2 and 1.4 beta is not removed after installation and does not use authentication, which allows remote attackers to obtain sensitive information, such as database configuration, via a direct request... Read more

    Affected Products : coppermine_photo_gallery
    • Published: Dec. 03, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-3971

    Cross-site scripting (XSS) vulnerability in the login form in Citrix MetaFrame Secure Access Manager 2.0 through 2.2 and NFuse Elite 1.0 allows remote attackers to inject arbitrary web script or HTML via the username field.... Read more

    • Published: Dec. 03, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-3966

    Cross-site scripting (XSS) vulnerability in search.jsp in Java Search Engine (JSE) 0.9.34 allows remote attackers to inject arbitrary web script or HTML via the q parameter.... Read more

    Affected Products : java_search_engine
    • Published: Dec. 03, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3976

    SQL injection vulnerability in type.asp, as used in multiple DUware products including (1) DUamazon 3.1, (2) DUarticle 1.1, (3) DUclassified 4.2, (4) DUdirectory 3.1 and DUdirectory Pro 3.0 and 3.0 SQL, (5) DUdownload 1.1, (6) DUgallery 3.3, (7) DUnews 1.... Read more

    • Published: Dec. 03, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-3972

    Cross-site scripting (XSS) vulnerability in extremesearch.php in Extreme Search Corporate Edition 6.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter.... Read more

    Affected Products : extreme_search
    • Published: Dec. 03, 2005
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2005-3975

    Interpretation conflict in file.inc in Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3 allows remote authenticated users to inject arbitrary web script or HTML via HTML in a file with a GIF or JPEG file extension, which causes the HTML to be executed b... Read more

    Affected Products : drupal
    • Published: Dec. 03, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-3973

    Multiple cross-site scripting (XSS) vulnerabilities in Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3 allow remote attackers to inject arbitrary web script or HTML via various HTML tags and values, such as the (1) legend tag and the value parameter us... Read more

    Affected Products : drupal
    • Published: Dec. 03, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3968

    SQL injection vulnerability in auth.inc.php in PHPX 3.5.9 and earlier allows remote attackers to execute arbitrary SQL commands, bypass authentication, and upload arbitrary PHP code via the username parameter.... Read more

    Affected Products : phpx
    • Published: Dec. 03, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3964

    Multiple buffer overflows in libUil (libUil.so) in OpenMotif 2.2.3, and possibly other versions, allows attackers to execute arbitrary code via the (1) diag_issue_diagnostic function in UilDiags.c and (2) open_source_file function in UilSrcSrc.c.... Read more

    Affected Products : openmotif
    • Published: Dec. 02, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3963

    SQL injection vulnerability in session.php in DotClear before 1.2.3 allows remote attackers to execute arbitrary SQL commands via the dc_xd parameter in a cookie.... Read more

    Affected Products : dotclear
    • Published: Dec. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2005-3962

    Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer ... Read more

    Affected Products : perl
    • Published: Dec. 01, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3933

    SQL injection vulnerability in index.php in 88Script's Event Calendar 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the m parameter.... Read more

    Affected Products : 88script_event_calendar
    • Published: Dec. 01, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3932

    SQL injection vulnerability in okiraku.php in O-Kiraku Nikki 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the day_id parameter.... Read more

    Affected Products : o-kiraku_nikki
    • Published: Dec. 01, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-3959

    Multiple cross-site scripting (XSS) vulnerabilities in FreeWebStat 1.0 rev37 allow remote attackers to inject arbitrary web script or HTML via the (1) site, (2) jsref, (3) jsres, and (4) jscolor parameters to pixel.php, which are not sanitized before bein... Read more

    Affected Products : freewebstat
    • Published: Dec. 01, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-3948

    Directory traversal vulnerability in main.php in PHPAlbum 0.2.3 and earlier allows remote attackers to read arbitrary files via the (1) cmd and (2) var1 parameters.... Read more

    Affected Products : phpalbum
    • Published: Dec. 01, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-3954

    Cross-site scripting (XSS) vulnerability in blogBuddies 0.3 allows remote attackers to inject arbitrary web script or HTML via the u parameter to index.php.... Read more

    Affected Products : blogbuddies
    • Published: Dec. 01, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 292811 Results