Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
  • 4.3

    MEDIUM
    CVE-2005-2254

    Multiple cross-site scripting (XSS) vulnerabilities in PhpAuction 2.5 allow remote attackers to inject arbitrary web script or HTML via the lan parameter to (1) index.php or (2) admin/index.php, or (3) the auction_id parameter to profile.php. NOTE: there... Read more

    Affected Products : phpauction
    • EPSS Score: %0.39
    • Published: Jul. 13, 2005
    • Modified: Apr. 03, 2025
  • 7.5

    HIGH
    CVE-2005-2252

    PhpAuction 2.5 allows remote attackers to bypass authentication and gain privileges as another user by setting the PHPAUCTION_RM_ID cookie to the user ID.... Read more

    Affected Products : phpauction
    • EPSS Score: %0.57
    • Published: Jul. 13, 2005
    • Modified: Apr. 03, 2025
  • 6.4

    MEDIUM
    CVE-2005-2255

    Directory traversal vulnerability in PhpAuction 2.5 allows remote attackers to read arbitrary files, include local PHP files, or obtain sensitive path information via ".." sequences in the lan parameter to (1) index.php or (2) admin/index.php.... Read more

    Affected Products : phpauction
    • EPSS Score: %0.26
    • Published: Jul. 13, 2005
    • Modified: Apr. 03, 2025
  • 7.5

    HIGH
    CVE-2005-2251

    PHP remote file inclusion vulnerability in secure.php in PHPSecurePages (phpSP) 0.28beta and earlier allows remote attackers to execute arbitrary code via the cfgProgDir parameter, a variant of CVE-2001-1468.... Read more

    Affected Products : phpsecurepages
    • EPSS Score: %4.29
    • Published: Jul. 13, 2005
    • Modified: Apr. 03, 2025
  • 2.6

    LOW
    CVE-2005-2271

    iCab 2.9.8 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability."... Read more

    Affected Products : icab
    • EPSS Score: %0.35
    • Published: Jul. 13, 2005
    • Modified: Apr. 03, 2025
  • 7.5

    HIGH
    CVE-2005-2270

    Firefox before 1.0.5 and Mozilla before 1.7.9 does not properly clone base objects, which allows remote attackers to execute arbitrary code by navigating the prototype chain to reach a privileged object.... Read more

    Affected Products : firefox mozilla
    • EPSS Score: %36.18
    • Published: Jul. 13, 2005
    • Modified: Apr. 03, 2025
  • 7.5

    HIGH
    CVE-2005-2260

    The browser user interface in Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 does not properly distinguish between user-generated events and untrusted synthetic events, which makes it easier for remote attackers to perform dangerou... Read more

    Affected Products : firefox mozilla
    • EPSS Score: %3.73
    • Published: Jul. 13, 2005
    • Modified: Apr. 03, 2025
  • 10.0

    HIGH
    CVE-2005-2257

    The saveProfile function in PhpSlash 0.8.0 allows remote attackers to modify arbitrary profiles and gain privileges by modifying the author_id parameter.... Read more

    Affected Products : phpslash
    • EPSS Score: %1.19
    • Published: Jul. 13, 2005
    • Modified: Apr. 03, 2025
  • 10.0

    HIGH
    CVE-2005-2259

    The dispallclosed2 function in dispallclosed.pl for multiple USANet Creations products, including (1) USANet Shopping Mall Software, (2) Domain Name Auction Software, (3) Standard Classified Ads Software, and (4) MakeBid Reverse Auction allows remote atta... Read more

    • EPSS Score: %3.55
    • Published: Jul. 13, 2005
    • Modified: Apr. 03, 2025
  • 7.5

    HIGH
    CVE-2005-2216

    PHP remote file inclusion vulnerability in gals.php in PhotoGal Photo Gallery 1.5 and earlier allows remote attackers to execute arbitrary code via the news_file parameter.... Read more

    Affected Products : photogal_photo_gallery
    • EPSS Score: %2.43
    • Published: Jul. 12, 2005
    • Modified: Apr. 03, 2025
  • 7.5

    HIGH
    CVE-2005-2229

    Blog Torrent 0.92 and earlier stores sensitive files under the web document root in the (1) data or (2) torrents directories with insufficient access control, which allows remote attackers to obtain sensitive information such as account names and password... Read more

    Affected Products : blog_torrent
    • EPSS Score: %3.26
    • Published: Jul. 12, 2005
    • Modified: Apr. 03, 2025
  • 7.5

    HIGH
    CVE-2005-2245

    Unknown vulnerability in F5 BIG-IP 9.0.2 through 9.1 allows attackers to "subvert the authentication of SSL transactions," via unknown attack vectors, possibly involving NATIVE ciphers.... Read more

    Affected Products : tmos
    • EPSS Score: %0.85
    • Published: Jul. 12, 2005
    • Modified: Apr. 03, 2025
  • 5.0

    MEDIUM
    CVE-2005-2220

    Dragonfly Commerce allows remote attackers to change a product price by modifying the x_DragonflyCartProductPrice hidden field to (1) dc_Categorieslist.asp, (2) dc_Categoriesview.asp, (3) dc_productslist.asp, and (4) dc_productslist_Clearance.asp. NOTE: ... Read more

    Affected Products : dragonfly_commerce
    • EPSS Score: %0.45
    • Published: Jul. 12, 2005
    • Modified: Apr. 03, 2025
  • 5.0

    MEDIUM
    CVE-2005-2226

    Microsoft Outlook Express 6.0 leaks the default news server account when a user responds to a "watched" conversation thread, which could allow remote attackers to obtain sensitive information.... Read more

    Affected Products : outlook_express
    • EPSS Score: %32.27
    • Published: Jul. 12, 2005
    • Modified: Apr. 03, 2025
  • 10.0

    HIGH
    CVE-2005-2247

    Multiple unknown vulnerabilities in Moodle before 1.5.1 have unknown impact and attack vectors.... Read more

    Affected Products : moodle
    • EPSS Score: %0.45
    • Published: Jul. 12, 2005
    • Modified: Apr. 03, 2025
  • 2.1

    LOW
    CVE-2005-2240

    xpvm.tcl in xpvm 1.2.5 allows local users to overwrite arbitrary files via a symlink attack on the xpvm.trace.$user temporary file.... Read more

    Affected Products : xpvm
    • EPSS Score: %0.10
    • Published: Jul. 12, 2005
    • Modified: Apr. 03, 2025
  • 4.6

    MEDIUM
    CVE-2005-2219

    Hosting Controller 6.1 Hotfix 2.1 allows remote authenticated users to perform unauthorized actions, such as modifying the credit limit, via a direct request to AccountActions.asp and modifying the CreditLimit parameter in an UpdateCreditLimit action.... Read more

    Affected Products : hosting_controller
    • EPSS Score: %0.26
    • Published: Jul. 12, 2005
    • Modified: Apr. 03, 2025
  • 4.3

    MEDIUM
    CVE-2005-2215

    Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.x before 1.4.6 and 1.5 before 1.5beta3 allows remote attackers to inject arbitrary web script or HTML via a parameter in the page move template, a different vulnerability than CVE-2005-1888.... Read more

    Affected Products : mediawiki
    • EPSS Score: %0.35
    • Published: Jul. 12, 2005
    • Modified: Apr. 03, 2025
  • 4.6

    MEDIUM
    CVE-2005-2232

    Buffer overflow in invscout in IBM AIX 5.1.0 through 5.3.0 might allow local users to execute arbitrary code via a long command line argument.... Read more

    Affected Products : aix
    • EPSS Score: %0.33
    • Published: Jul. 12, 2005
    • Modified: Apr. 03, 2025
  • 7.5

    HIGH
    CVE-2005-2246

    Multiple PHP remote file inclusion vulnerabilities in iPhotoAlbum 1.1 allow remote attackers to execute arbitrary code via the (1) doc_path parameter to getpage.php or (2) set_menu parameter to lib/static/header.php.... Read more

    Affected Products : iphotoalbum
    • EPSS Score: %11.16
    • Published: Jul. 12, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 291513 Results