Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.8

    MEDIUM
    CVE-2005-3366

    PHP file inclusion vulnerability in index.php in PHP iCalendar 2.0a2 through 2.0.1 allows remote attackers to execute arbitrary PHP code and include arbitrary local files via the phpicalendar cookie. NOTE: this is not a cross-site scripting (XSS) issue a... Read more

    Affected Products : php_icalendar
    • Published: Oct. 30, 2005
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2005-3375

    Multiple interpretation error in Ikarus demo version allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a sa... Read more

    Affected Products : ikarus_antivirus
    • Published: Oct. 30, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-3382

    Multiple interpretation error in Sophos 3.91 with the 2.28.4 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be ... Read more

    Affected Products : sophos_anti-virus
    • Published: Oct. 30, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-3381

    Multiple interpretation error in Ukrainian National Antivirus (UNA) 1.83.2.16 with kernel 265 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, wh... Read more

    Affected Products : una
    • Published: Oct. 30, 2005
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2005-3379

    Multiple interpretation error in Trend Micro (1) PC-Cillin 2005 12.0.1244 with the 7.510.1002 engine and (2) OfficeScan 7.0 with the 7.510.1002 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magi... Read more

    Affected Products : officescan pc-cillin_2005
    • Published: Oct. 30, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3384

    SQL injection vulnerability in Techno Dreams Guest Book script allows remote attackers to execute arbitrary SQL commands and bypass authentication via the userid parameter in admin/login.asp.... Read more

    Affected Products : techno_dreams_guest_book
    • Published: Oct. 30, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3365

    Multiple SQL injection vulnerabilities in DCP-Portal 6 and earlier allow remote attackers to execute arbitrary SQL commands, possibly requiring encoded characters, via (1) the name parameter in register.php, (2) the email parameter in lostpassword.php, (3... Read more

    Affected Products : dcp-portal
    • Published: Oct. 30, 2005
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2005-2930

    Stack-based buffer overflow in the _chm_find_in_PMGL function in chm_lib.c for chmlib before 0.36, as used in products such as KchmViewer, allows user-assisted attackers to execute arbitrary code via a CHM file containing a long element, a different vulne... Read more

    Affected Products : chm_lib
    • Published: Oct. 28, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-3361

    Cross-site scripting (XSS) vulnerability in forum/index.php in FlatNuke 2.5.6 allows remote attackers to inject arbitrary web script or HTML via the nome parameter in a login operation, a variant of CVE-2005-3306.... Read more

    Affected Products : flatnuke
    • Published: Oct. 28, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-2973

    The udp_v6_get_port function in udp.c in Linux 2.6 before 2.6.14-rc5, when running IPv6, allows local users to cause a denial of service (infinite loop and crash).... Read more

    Affected Products : linux_kernel
    • Published: Oct. 27, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-3246

    Ethereal 0.10.12 and earlier allows remote attackers to cause a denial of service (null dereference) via unknown vectors in the (1) SCSI, (2) sFlow, or (3) RTnet dissectors.... Read more

    Affected Products : ethereal
    • Published: Oct. 27, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-3334

    Cross-site scripting (XSS) vulnerability in index.php in Flyspray 0.9.7 through 0.9.8 (devel) allows remote attackers to inject arbitrary web script or HTML via the (1) PHPSESSID, (2) task, (3) string, (4) type, (5) serv, (6) due, (7) dev, and (8) sort2 p... Read more

    Affected Products : flyspray
    • Published: Oct. 27, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-3242

    Ethereal 0.10.12 and earlier allows remote attackers to cause a denial of service (crash) via unknown vectors in (1) the IrDA dissector and (2) the SMB dissector when SMB transaction payload reassembly is enabled.... Read more

    Affected Products : ethereal
    • Published: Oct. 27, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-3319

    The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or Vi... Read more

    Affected Products : php
    • Published: Oct. 27, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3325

    Multiple SQL injection vulnerabilities in (1) acid_qry_main.php in Analysis Console for Intrusion Databases (ACID) 0.9.6b20 and (2) base_qry_main.php in Basic Analysis and Security Engine (BASE) 1.2, and unspecified other console scripts in these products... Read more

    • Published: Oct. 27, 2005
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2005-3321

    chkstat in SuSE Linux 9.0 through 10.0 allows local users to modify permissions of files by creating a hardlink to a file from a world-writable directory, which can cause the link count to drop to 1 when the file is deleted or replaced, which is then modi... Read more

    Affected Products : suse_linux suse_linux
    • Published: Oct. 27, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3326

    SQL injection vulnerability in usercp.php in MyBulletinBoard (MyBB) allows remote attackers to execute arbitrary SQL commands via the awayday parameter.... Read more

    Affected Products : mybulletinboard
    • Published: Oct. 27, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3330

    The _httpsrequest function in Snoopy 1.2, as used in products such as (1) MagpieRSS, (2) WordPress, (3) Ampache, and (4) Jinzora, allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTPS URL to an SSL protected web page, ... Read more

    Affected Products : snoopy
    • Published: Oct. 27, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3317

    Multiple stack-based buffer overflows in ZipGenius 5.5.1.468 and 6.0.2.1041, and other versions before 6.0.2.1050, allow remote attackers to execute arbitrary code via (1) a ZIP archive that contains a file with a long filename, which is not properly hand... Read more

    Affected Products : zipgenius
    • Published: Oct. 27, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3323

    docutils in Zope 2.6, 2.7 before 2.7.8, and 2.8 before 2.8.2 allows remote attackers to include arbitrary files via include directives in RestructuredText functionality.... Read more

    Affected Products : debian_linux zope
    • Published: Oct. 27, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 292835 Results