Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2005-4381

    Multiple cross-site scripting (XSS) vulnerabilities in Caravel CMS 3.0 Beta 1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) fileDN and (2) folderviewer_attrs parameters.... Read more

    Affected Products : caravel_cms
    • Published: Dec. 20, 2005
    • Modified: Apr. 03, 2025

  • 5.8

    MEDIUM
    CVE-2005-4363

    Cross-site scripting (XSS) vulnerability in the search engine in Komodo CMS 2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters.... Read more

    Affected Products : komodo_cms
    • Published: Dec. 20, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-4354

    Cross-site scripting (XSS) vulnerability in webglimpse.cgi in Webglimpse 2.14.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the query parameter.... Read more

    Affected Products : webglimpse
    • Published: Dec. 20, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-4356

    SQL injection vulnerability in UStore allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields. NOTE: the provenance of this information is unknown; the details are obtained solely from third party informatio... Read more

    Affected Products : ustore
    • Published: Dec. 20, 2005
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2005-4366

    Multiple SQL injection vulnerabilities in DRZES HMS 3.2 allow remote attackers to execute arbitrary SQL commands via the (1) plan_id parameter to (a) domains.php, (b) viewusage.php, (c) pop_accounts.php, (d) databases.php, (e) ftp_users.php, (f) crons.php... Read more

    Affected Products : drzes_hms
    • Published: Dec. 20, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-4358

    admin/admin_disallow.php in phpBB 2.0.18 allows remote attackers to obtain the installation path via a direct request with a non-empty setmodules parameter, which causes an invalid append_sid function call that leaks the path in an error message.... Read more

    Affected Products : phpbb
    • Published: Dec. 20, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-4365

    Multiple cross-site scripting (XSS) vulnerabilities in FLIP 0.9.0.1029 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter in text.php and (2) frame parameter in forum.php.... Read more

    Affected Products : flip
    • Published: Dec. 20, 2005
    • Modified: Apr. 03, 2025

  • 7.8

    HIGH
    CVE-2005-4360

    The URL parser in Microsoft Internet Information Services (IIS) 5.1 on Windows XP Professional SP2 allows remote attackers to execute arbitrary code via multiple requests to ".dll" followed by arguments such as "~0" through "~9", which causes ntdll.dll to... Read more

    • Published: Dec. 20, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-4357

    Cross-site scripting (XSS) vulnerability in phpBB 2.0.18, when "Allowed HTML tags" is enabled, allows remote attackers to inject arbitrary Javascript via a permitted HTML tag with " (quote) characters and active attributes such as onmouseover.... Read more

    Affected Products : phpbb
    • Published: Dec. 20, 2005
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2005-4359

    SQL injection vulnerability in includes/core.inc.php in ODFaq 2.1.0 allows remote attackers to execute arbitrary SQL commands via the (1) cat and (2) srcText parameters to faq.php.... Read more

    Affected Products : odfaq
    • Published: Dec. 20, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-4355

    Multiple cross-site scripting (XSS) vulnerabilities in UStore allow remote attackers to inject arbitrary web script or HTML via the (1) Cat parameter in default.asp and the (2) accessdenied parameter in admin/default.asp. NOTE: the provenance of this inf... Read more

    Affected Products : ustore
    • Published: Dec. 20, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-4361

    Cross-site scripting (XSS) vulnerability in search.html in Magnolia Content Management Suite 2.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter.... Read more

    Affected Products : content_management_suite
    • Published: Dec. 20, 2005
    • Modified: Apr. 03, 2025

  • 5.8

    MEDIUM
    CVE-2005-4364

    Cross-site scripting (XSS) vulnerability in index.cfm in Hot Banana Web Content Management Suite 5.3 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter.... Read more

    Affected Products : web_content_management_suite
    • Published: Dec. 20, 2005
    • Modified: Apr. 03, 2025

  • 5.8

    MEDIUM
    CVE-2005-4367

    Cross-site scripting (XSS) vulnerability in register_domain.php in DRZES HMS 3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the "Domain Availability" field. NOTE: this issue was later report... Read more

    Affected Products : drzes_hms
    • Published: Dec. 20, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-4362

    SQL injection vulnerability in page.php in Komodo CMS 2.1 allows remote attackers to execute arbitrary SQL commands via the page parameter.... Read more

    Affected Products : komodo_cms
    • Published: Dec. 20, 2005
    • Modified: Apr. 03, 2025

  • 7.8

    HIGH
    CVE-2005-4350

    Unspecified vulnerability in WBEM Services A.01.x before A.01.05.12 and A.02.x before A.02.00.08 on HP-UX B.11.00 through B.11.23 allows remote attackers to cause an unspecified denial of service via unknown attack vectors.... Read more

    Affected Products : wbem_services
    • Published: Dec. 20, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-4353

    SQL injection vulnerability in index.php in toendaCMS 0.6.2.1, when configured to use a SQL database, allows remote attackers to execute arbitrary SQL commands via the id parameter.... Read more

    Affected Products : toendacms
    • Published: Dec. 20, 2005
    • Modified: Apr. 03, 2025

  • 6.5

    MEDIUM
    CVE-2005-4349

    SQL injection vulnerability in server_privileges.php in phpMyAdmin 2.7.0 allows remote authenticated users to execute arbitrary SQL commands via the (1) dbname and (2) checkprivs parameters. NOTE: the vendor and a third party have disputed this issue, sa... Read more

    Affected Products : phpmyadmin
    • Published: Dec. 19, 2005
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2005-4345

    Adobe (formerly Macromedia) ColdFusion MX 7.0 exposes the password hash of the Administrator in an API call, which allows local developers to obtain the hash and gain privileges.... Read more

    Affected Products : coldfusion
    • Published: Dec. 19, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-4346

    Invalid SQL syntax error in blog.php in phpBB Blog 2.2.2 and earlier allows remote attackers to obtain the full path of the application via an invalid permalink parameter to index.php, which produces an invalid SQL query that leaks the full pathname in a ... Read more

    Affected Products : phpbb_blog
    • Published: Dec. 19, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 293350 Results