Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.0

    MEDIUM
    CVE-2005-3721

    The default configuration of the HTTP server in Hitachi IP5000 VOIP WIFI Phone 1.5.6 does not require authentication for sensitive configuration pages, which allows remote attackers to modify configuration.... Read more

    Affected Products : ip5000_voip_wifi_phone
    • Published: Nov. 21, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3718

    UTStarcom F1000 VOIP WIFI Phone s2.0 running VxWorks 5.5.1 with kernel WIND 2.6 does not allow users to disable access to (1) SNMP or (2) the rlogin port TCP 513, which allows remote attackers to exploit other vulnerabilities such as CVE-2005-3716, or exe... Read more

    Affected Products : f1000_voip_wifi_phone
    • Published: Nov. 21, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-3729

    Idetix Software Systems Revize CMS allows remote attackers to obtain sensitive information via direct requests to files in the revize/debug directory, such as (1) apptables.html and (2) main.html.... Read more

    Affected Products : revize_cms
    • Published: Nov. 21, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3697

    Unspecified vulnerability in the administration interface in Uresk Links 2.0 Lite allows remote attackers to bypass authentication via unspecified vectors in index.php.... Read more

    Affected Products : uresk_links
    • Published: Nov. 21, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-3720

    The default index page in the HTTP server in Hitachi IP5000 VOIP WIFI Phone 1.5.6 lists sensitive information such as software versions.... Read more

    Affected Products : ip5000_voip_wifi_phone
    • Published: Nov. 21, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-3699

    Opera Web Browser 8.50 and 8.0 through 8.0.2 allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site.... Read more

    Affected Products : opera_browser
    • Published: Nov. 21, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3723

    Hitachi IP5000 VOIP WIFI Phone 1.5.6 does not allow the user to disable access to (1) SNMP or (2) TCP port 3390, which allows remote attackers to modify configuration using CVE-2005-3722, or access the Unidata Shell to obtain sensitive information or caus... Read more

    Affected Products : ip5000_voip_wifi_phone
    • Published: Nov. 21, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-3730

    Multiple cross-site scripting (XSS) vulnerabilities in HTTPTranslatorServlet in Idetix Software Systems Revize CMS allow remote attackers to inject arbitrary web script or HTML via the (1) resourcetype, (2) objectmap, and (3) redirect parameters, possibly... Read more

    Affected Products : revize_cms
    • Published: Nov. 21, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3726

    SQL injection vulnerability in Interspire ArticleLive NX 0.3 allows remote attackers to execute arbitrary SQL commands via the Query parameter.... Read more

    Affected Products : articlelive_nx
    • Published: Nov. 21, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3717

    The telnet daemon in UTStarcom F1000 VOIP WIFI Phone s2.0 running VxWorks 5.5.1 with kernel WIND 2.6 has a default username "target" and password "password", which allows remote attackers to gain full access to the system.... Read more

    Affected Products : f1000_voip_wifi_phone
    • Published: Nov. 21, 2005
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2005-3719

    Hitachi IP5000 VOIP WIFI Phone 1.5.6 has a hard-coded administrator password of "0000", which allows attackers with physical access to obtain sensitive information and modify the phone's configuration.... Read more

    Affected Products : ip5000_voip_wifi_phone
    • Published: Nov. 21, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3727

    SQL injection vulnerability in debug/query_results.jsp in Idetix Software Systems Revize CMS allows remote attackers to execute arbitrary SQL commands via the query parameter.... Read more

    Affected Products : revize_cms
    • Published: Nov. 21, 2005
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2005-3724

    Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 allows remote attackers to obtain sensitive information and possibly cause a denial of service via a direct connection to UDP port 9090, which is undocumented and does not require authentication.... Read more

    • Published: Nov. 21, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3722

    The SNMP v1/v2c daemon in Hitachi IP5000 VOIP WIFI Phone 1.5.6 allows remote attackers to gain read or write access to system configuration using arbitrary SNMP credentials.... Read more

    Affected Products : ip5000_voip_wifi_phone
    • Published: Nov. 21, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-3728

    Idetix Software Systems Revize CMS stores conf/revize.xml under the web document root with insufficient access control, which allows remote attackers to obtain sensitive configuration information.... Read more

    Affected Products : revize_cms
    • Published: Nov. 21, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-3695

    Cross-site scripting (XSS) vulnerability in admin/config/confMgr.php in LiteSpeed Web Server 2.1.5 allows remote attackers to inject arbitrary web script or HTML via the m parameter.... Read more

    Affected Products : litespeed_web_server
    • Published: Nov. 20, 2005
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2005-2709

    The sysctl functionality (sysctl.c) in Linux kernel before 2.6.14.1 allows local users to cause a denial of service (kernel oops) and possibly execute code by opening an interface file in /proc/sys/net/ipv4/conf/, waiting until the interface is unregister... Read more

    Affected Products : linux_kernel enterprise_linux
    • Published: Nov. 20, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3696

    SQL injection vulnerability in Arki-DB 1.0 and 2.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter in a view action (view.php) to index.php.... Read more

    Affected Products : arki-db
    • Published: Nov. 20, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-3529

    tiki-view_forum_thread.php in TikiWiki 1.9.0 through 1.9.2 allows remote attackers to obtain the installation path via an invalid topics_sort_mode parameter, possibly related to an SQL injection vulnerability.... Read more

    Affected Products : tikiwiki_cms\/groupware
    • Published: Nov. 20, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-3530

    Cross-site scripting (XSS) vulnerability in Antville 1.1 allows remote attackers to inject arbitrary web script or HTML via the notfound.skin error document.... Read more

    Affected Products : antville
    • Published: Nov. 20, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 292913 Results