Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2005-4207

    SQL injection vulnerability in BTGrup Admin WebController Script allows remote attackers to execute SQL commands via the (1) Username and (2) Password fields.... Read more

    Affected Products : admin_webcontroller_script
    • Published: Dec. 13, 2005
    • Modified: Apr. 03, 2025

  • 3.5

    LOW
    CVE-2005-4191

    Multiple cross-site scripting (XSS) vulnerabilities in templates/tasklists/tasklists.inc in Horde Nag Task List Manager H3 before 2.0.4 allow remote authenticated users to inject arbitrary web script or HTML via (1) the tasklist's name or (2) description,... Read more

    Affected Products : nag_task_list_manager_h3
    • Published: Dec. 13, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-4193

    Cross-site scripting (XSS) vulnerability in UseBB before 0.7 allows remote attackers to inject arbitrary web script or HTML via the $_SERVER['PHP_SELF'] variable.... Read more

    Affected Products : usebb
    • Published: Dec. 13, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-4204

    Cross-site scripting (XSS) vulnerability in LogiSphere 0.9.9j allows remote attackers to inject arbitrary Javascript via the msg command. NOTE: due to lack of appropriate details by the original researcher, it is unclear whether this issue is distinct fro... Read more

    Affected Products : logisphere
    • Published: Dec. 13, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-4201

    Directory traversal vulnerability in My Album Online 1.0 allows remote attackers to access arbitrary files via ".../" (triple dot) sequences in unspecified vectors.... Read more

    Affected Products : my_album_online
    • Published: Dec. 13, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-4196

    Multiple cross-site scripting (XSS) vulnerabilities in Scout Portal Toolkit (SPT) 1.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the ss parameter in SPT--QuickSearch.php; (2) ParentId parameter in SPT--BrowseResour... Read more

    Affected Products : scout_portal_toolkit
    • Published: Dec. 13, 2005
    • Modified: Apr. 03, 2025

  • 7.8

    HIGH
    CVE-2005-4203

    LogiSphere 0.9.9j does not restrict the number of messages that can be sent, which allows remote attackers to cause a denial of service by sending a large number of messages via the msg command. NOTE: due to lack of appropriate details by the original re... Read more

    Affected Products : logisphere
    • Published: Dec. 13, 2005
    • Modified: Apr. 03, 2025

  • 6.5

    MEDIUM
    CVE-2005-4178

    Buffer overflow in Dropbear server before 0.47 allows authenticated users to execute arbitrary code via unspecified inputs that cause insufficient memory to be allocated due to an incorrect expression that does not enforce the proper order of operations.... Read more

    Affected Products : debian_linux dropbear_ssh
    • Published: Dec. 12, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-4177

    Cross-site scripting (XSS) vulnerability in book.cfm in Magic Book Personal and Professional 2.0 allows remote attackers to inject arbitrary web script or HTML via the StartRow parameter.... Read more

    • Published: Dec. 12, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-4168

    Multiple SQL injection vulnerabilities in eFiction 1.0, 1.1, and 2.0 allow remote attackers to execute arbitrary SQL commands via (1) the let parameter in a viewlist action to titles.php and (2) the username.... Read more

    Affected Products : efiction
    • Published: Dec. 11, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-4172

    eFiction 1.0, 1.1, and 2.0 allows remote attackers to obtain sensitive information via a direct request to storyblock.php without arguments, which leaks the full pathname in the resulting PHP error message.... Read more

    Affected Products : efiction
    • Published: Dec. 11, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-4170

    SQL injection vulnerability in eFiction 1.1 allows remote attackers to execute arbitrary SQL commands via the uid parameter to viewuser.php.... Read more

    Affected Products : efiction
    • Published: Dec. 11, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-4171

    The "Upload new image" command in the "Manage Images" eFiction 1.1, when members are allowed to upload images, allows remote attackers to execute arbitrary PHP code by uploading a filename with a .php extension that contains a GIF header, which passes the... Read more

    Affected Products : efiction
    • Published: Dec. 11, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-4173

    eFiction 1.0, 1.1, and 2.0 allows remote attackers to obtain sensitive information by accessing phpinfo.php, which executes the PHP phpinfo function.... Read more

    Affected Products : efiction
    • Published: Dec. 11, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-4167

    Cross-site scripting (XSS) vulnerability in eFiction 1.0 and 1.1 allows remote attackers to inject arbitrary web script or HTML via the let parameter in a viewlist action to titles.php.... Read more

    Affected Products : efiction
    • Published: Dec. 11, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-4166

    Cross-site scripting (XSS) vulnerability in password.asp in DUWare DUportal Pro 3.4.3 allows remote attackers to inject arbitrary web script or HTML via the result parameter.... Read more

    Affected Products : duportal_pro
    • Published: Dec. 11, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-4174

    eFiction 1.0, 1.1, and 2.0, in unspecified environments, might allow remote attackers to conduct unauthorized operations by directly accessing (1) install.php or (2) upgrade.php. NOTE: it is unclear whether this is a vulnerability in eFiction itself or t... Read more

    Affected Products : efiction
    • Published: Dec. 11, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-4176

    AWARD Bios Modular 4.50pg does not clear the keyboard buffer after reading the BIOS password during system startup, which allows local administrators or users to read the password directly from physical memory.... Read more

    Affected Products : award_bios_modular
    • Published: Dec. 11, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-4175

    Insyde BIOS V190 does not clear the keyboard buffer after reading the BIOS password during system startup, which allows local administrators or users to read the password directly from physical memory.... Read more

    Affected Products : insyde_bios
    • Published: Dec. 11, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-4165

    Multiple SQL injection vulnerabilities in ASP-DEV ASP Resources Forum allow remote attackers to execute arbitrary SQL commands via the (1) forum_id parameter to forum.asp, (2) unspecified parameters to register.asp, and (3) the "Search For" field in searc... Read more

    Affected Products : asp_resources_forum
    • Published: Dec. 11, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 293351 Results