Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.0

    MEDIUM
    CVE-2005-4521

    CRLF injection vulnerability in Mantis 1.0.0rc3 and earlier allows remote attackers to modify HTTP headers and conduct HTTP response splitting attacks via (1) the return parameter in login_cookie_test.php and (2) ref parameter in login_select_proj_page.ph... Read more

    Affected Products : mantis
    • Published: Dec. 28, 2005
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2005-4532

    scponlyc in scponly 4.1 and earlier, when the operating system supports LD_PRELOAD mechanisms, allows local users to execute arbitrary code with root privileges by creating a chroot directory in their home directory, hard linking to a system setuid applic... Read more

    Affected Products : scponly
    • Published: Dec. 28, 2005
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2005-4525

    SmcGui.exe in Sygate Protection Agent 5.0 build 6144 allows local users to obtain management control over the agent by executing the GUI (SmcGui.exe) and then killing the process, which causes the privileged management GUI to launch.... Read more

    Affected Products : protection_agent
    • Published: Dec. 28, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-4529

    The Chatspot 2.0.0a7 module for phpBB might allow remote attackers to impersonate other users via unknown vectors.... Read more

    Affected Products : chatspot
    • Published: Dec. 28, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-4522

    Multiple cross-site scripting (XSS) vulnerabilities in the view_filters_page.php filters script in Mantis 1.0.0rc3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) view_type and (2) target_field parameters.... Read more

    Affected Products : mantis
    • Published: Dec. 28, 2005
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2005-4530

    Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft EPay Enterprise 3.0 (formerly DoPays) allow remote attackers to inject arbitrary web script or HTML via multiple unspecified parameters in (1) profile.htm, (2) card.htm, (3) bank.htm, (4) s... Read more

    Affected Products : epay
    • Published: Dec. 28, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-4523

    Mantis 1.0.0rc3 and earlier discloses private bugs via public RSS feeds, which allows remote attackers to obtain sensitive information.... Read more

    Affected Products : mantis
    • Published: Dec. 28, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-4519

    Multiple SQL injection vulnerabilities in the manage user page (manage_user_page.php) in Mantis 1.0.0rc3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) prefix and (2) sort parameters to the manage user page (manage_user_p... Read more

    Affected Products : mantis
    • Published: Dec. 28, 2005
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2005-3343

    tkdiff before 4.1.1 allows local users to overwrite arbitrary files via a symlink attack on temporary files.... Read more

    Affected Products : tkdiff
    • Published: Dec. 27, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-3341

    DHIS tools DNS package (dhis-tools-dns) before 5.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files created by (1) register-q.sh and (2) register-p.sh.... Read more

    Affected Products : dns_package
    • Published: Dec. 27, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3535

    Buffer overflow in KETM 0.0.6 allows local users to execute arbitrary code via unknown vectors.... Read more

    Affected Products : ketm
    • Published: Dec. 27, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-4509

    SQL injection vulnerability in index.asp in pTools allows remote attackers to execute arbitrary SQL commands via the docID parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.... Read more

    Affected Products : ptools
    • Published: Dec. 23, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-4512

    Cross-site scripting (XSS) vulnerability in WAXTRAPP 3.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters.... Read more

    Affected Products : waxtrapp
    • Published: Dec. 23, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-4513

    Cross-site scripting (XSS) vulnerability in WANDSOFT e-SEARCH allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the keywords parameter.... Read more

    Affected Products : e-search
    • Published: Dec. 23, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-4514

    The encapsulation script mechanism in Webwasher CSM Appliance Suite 5.x uses case-sensitive detection of malicious tokens, which allows attackers to bypass script detection by using tokens that can be upper or lower case. NOTE: the vendor has stated that... Read more

    Affected Products : csm_appliance_suite
    • Published: Dec. 23, 2005
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2005-4511

    Format string vulnerability in TN3270 Resource Gateway 1.1.0 allows local users to cause a denial of service and possibly execute arbitrary code via format string specifiers in syslog function calls.... Read more

    Affected Products : tn3270_resource_gateway
    • Published: Dec. 23, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-4510

    Directory traversal vulnerability in server.np in NetPublish Server 7 allows remote attackers to read arbitrary files via "../" sequences in the template parameter.... Read more

    Affected Products : netpublish_server
    • Published: Dec. 23, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-4515

    SQL injection vulnerability in WebDB 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified search parameters, possibly Search0. NOTE: the vendor has disputed this issue, saying that "WebDB is a generic online database ... Read more

    Affected Products : webdb
    • Published: Dec. 23, 2005
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2005-4505

    Unquoted Windows search path vulnerability in McAfee VirusScan Enterprise 8.0i (patch 11) and CMA 3.5 (patch 5) might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, which is run by naPrdMgr.exe when it attempts t... Read more

    • Published: Dec. 23, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-4508

    Nexus Concepts Dev Hound 2.24 and earlier allows remote attackers to obtain the installation path via a URL containing a non-existent .dll file.... Read more

    Affected Products : dev_hound
    • Published: Dec. 23, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 293355 Results