Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2005-3891

    Stack-based buffer overflow in Gadu-Gadu 7.20 allows remote attackers to cause a denial of service (crash) via an image filename between exactly 192 to 200 characters, which does not account for the "imgcache\" string that is added to the end of the buffe... Read more

    Affected Products : gadu-gadu_instant_messenger
    • Published: Nov. 29, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2123

    Multiple integer overflows in the Graphics Rendering Engine (GDI32.DLL) in Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allow remote attackers to execute arbitrary code via crafted Windows Metafile (WMF) and Enhanced Metafile (EMF) format images ... Read more

    • Published: Nov. 29, 2005
    • Modified: Apr. 03, 2025

  • 7.6

    HIGH
    CVE-2005-2124

    Unspecified vulnerability in the Graphics Rendering Engine (GDI32.DLL) in Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1, related to "An unchecked buffer" and possibly buffer overflows, allows remote attackers to execute arbitrary code via a crafte... Read more

    • Published: Nov. 29, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3893

    Multiple SQL injection vulnerabilities in index.pl in Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) user parameter in the Login ... Read more

    Affected Products : otrs
    • Published: Nov. 29, 2005
    • Modified: Apr. 03, 2025

  • 7.8

    HIGH
    CVE-2005-3897

    Apple Safari 2.0.2 allows remote attackers to cause a denial of service (system slowdown) via a Javascript BODY onload event that calls the window function.... Read more

    Affected Products : safari
    • Published: Nov. 29, 2005
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2005-3886

    Unspecified vulnerability in Cisco Security Agent (CSA) 4.5.0 and 4.5.1 agents, when running on Windows systems, allows local users to bypass protections and gain system privileges by executing certain local software.... Read more

    Affected Products : security_agent
    • Published: Nov. 29, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-3885

    The ps2epsi extension shell script (ps2epsi.sh) in Inkscape before 0.41 allows local users to overwrite arbitrary files via a symlink attack on the tmpepsifile.epsi temporary file.... Read more

    Affected Products : inkscape
    • Published: Nov. 29, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3879

    Multiple SQL injection vulnerabilities in Softbiz Resource Repository Script 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) sbres_id parameter in (a) details_res.php, (b) refer_friend.php, and (c) report_link.php, and... Read more

    Affected Products : resource_repository_script
    • Published: Nov. 29, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3876

    Multiple SQL injection vulnerabilities in adcbrowres.php in AD Center ADC2000 NG Pro 1.2 and NG Pro Lite allow remote attackers to execute arbitrary SQL commands via the (1) cat and (2) lang parameters.... Read more

    Affected Products : adc2000_ng_pro adc2000_ng_pro_lite
    • Published: Nov. 29, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3881

    SQL injection vulnerability in search.php in AtlantisFAQ Knowledge Base Software 2.03 and earlier allows remote attackers to execute arbitrary SQL commands via the searchStr parameter.... Read more

    Affected Products : altantis_knowledge_base_software
    • Published: Nov. 29, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3870

    Multiple SQL injection vulnerabilities in edmobbs9r.php in edmoBBS 0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) table and (2) messageID parameters.... Read more

    Affected Products : edmobbs
    • Published: Nov. 29, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3874

    SQL injection vulnerability in netzbr.php in Netzbrett 1.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the p_entry parameter in an entry command to index.php.... Read more

    Affected Products : netzbrett
    • Published: Nov. 29, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3882

    SQL injection vulnerability in answer.php in FAQSystems FAQRing Knowledge Base Software 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.... Read more

    Affected Products : faqring_knowledge_base_software
    • Published: Nov. 29, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3860

    PHP remote file inclusion vulnerability in athena.php in Oliver May Athena PHP Website Administration 0.1a allows remote attackers to execute arbitrary PHP code via a URL in the athena_dir parameter.... Read more

    Affected Products : athena_php_website_administration
    • Published: Nov. 29, 2005
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2005-3878

    Directory traversal vulnerability in index.php in PHP Doc System 1.5.1 and earlier allows remote attackers to access or include arbitrary files via a .. (dot dot) in the show parameter.... Read more

    Affected Products : php_doc_system
    • Published: Nov. 29, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-3866

    Cross-site scripting (XSS) vulnerability in SearchFeed Search Engine 1.3.2 and earlier allows remote attackers to inject arbitrary HTML and web script, possibly via the REQ parameter, which is used when performing a search.... Read more

    Affected Products : searchfeed_search_engine
    • Published: Nov. 29, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-3867

    Cross-site scripting (XSS) vulnerability in RevenuePilot Search Engine Script 1.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the REQ parameter, which is used when performing a search.... Read more

    Affected Products : revenuepilot_search_engine_script
    • Published: Nov. 29, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3864

    SQL injection vulnerability in index.php in SourceWell 1.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the cnt parameter. NOTE: various reports indicate that the affected version is 1.1.3, but as of 2005-11-29, the most re... Read more

    Affected Products : sourcewell
    • Published: Nov. 29, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3875

    Multiple SQL injection vulnerabilities in Enterprise Connector 1.0.2 and earlier allow remote attackers to execute arbitrary SQL commands via the messageid parameter in (1) send.php or (2) a delete action in messages.php.... Read more

    Affected Products : enterprise_connector
    • Published: Nov. 29, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3861

    PHP remote file inclusion vulnerability in content.php in phpGreetz 0.99 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the content parameter.... Read more

    Affected Products : phpgreetz
    • Published: Nov. 29, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 292800 Results