Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2005-3164

    The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, whic... Read more

    • Published: Oct. 06, 2005
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2005-3171

    Microsoft Windows 2000 before Update Rollup 1 for SP4 records Event ID 1704 to indicate that Group Policy security settings were successfully updated, even when the processing fails such as when Ntuser.pol cannot be accessed, which could cause system admi... Read more

    Affected Products : windows_2000
    • Published: Oct. 06, 2005
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2005-3177

    CHKDSK in Microsoft Windows 2000 before Update Rollup 1 for SP4, Windows XP, and Windows Server 2003, when running in fix mode, does not properly handle security descriptors if the master file table contains a large number of files or if the descriptors d... Read more

    • Published: Oct. 06, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3158

    SQL injection vulnerability in messages.php in PHP-Fusion 6.00.106 and 6.00.107 allows remote attackers to execute arbitrary SQL commands via the (1) pm_email_notify and (2) pm_save_sent parameters, a different vulnerability than CVE-2005-3157 and CVE-200... Read more

    Affected Products : php_fusion
    • Published: Oct. 06, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3176

    Microsoft Windows 2000 before Update Rollup 1 for SP4 does not record the IP address of a Windows Terminal Services client in a security log event if the client connects successfully, which could make it easier for attackers to escape detection.... Read more

    Affected Products : windows_2000
    • Published: Oct. 06, 2005
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2005-3170

    The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for SP4 accepts certificates using LDAP Secure Sockets Layer (LDAPS) even when the Certificate Authority (CA) is not trusted, which could allow attackers to trick users into believing that t... Read more

    Affected Products : windows_2000
    • Published: Oct. 06, 2005
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2005-3174

    Microsoft Windows 2000 before Update Rollup 1 for SP4 allows users to log on to the domain, even when their password has expired, if the fully qualified domain name (FQDN) is 8 characters long.... Read more

    Affected Products : windows_2000
    • Published: Oct. 06, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-3169

    Microsoft Windows 2000 before Update Rollup 1 for SP4, when the "audit directory service access" policy is enabled, does not record a 565 event message for File Delete Child operations on an Active Directory object in the security event log, which could a... Read more

    Affected Products : windows_2000
    • Published: Oct. 06, 2005
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2005-3175

    Microsoft Windows 2000 before Update Rollup 1 for SP4 allows a local administrator to unlock a computer even if it has been locked by a domain administrator, which allows the local administrator to access the session as the domain administrator.... Read more

    Affected Products : windows_2000
    • Published: Oct. 06, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3160

    Multiple SQL injection vulnerabilities in photogallery.php in PHP-Fusion allow remote attackers to execute arbitrary SQL commands via the (1) album and (2) photo parameters.... Read more

    Affected Products : php_fusion
    • Published: Oct. 06, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3154

    Format string vulnerability in the logging functionality in BitDefender AntiVirus 7.2 through 9 allows remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in file or directory name.... Read more

    Affected Products : bitdefender
    • Published: Oct. 05, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3155

    Buffer overflow in the W3C logging for MailEnable Enterprise 1.1 and Professional 1.6 allows remote attackers to execute arbitrary code.... Read more

    • Published: Oct. 05, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-3156

    Directory traversal vulnerability in printfaq.php in EasyGuppy (Guppy for Windows) 4.5.4 and 4.5.5 allows remote attackers to read arbitrary files via ".." sequences in the pg parameter, which is cleansed for XSS but not directory traversal.... Read more

    Affected Products : easyguppy
    • Published: Oct. 05, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3153

    login.php in myBloggie 2.1.3 beta and earlier allows remote attackers to bypass a whitelist regular expression and conduct SQL injection attacks via a username parameter with SQL after a null character, which causes the whitelist check to succeed but inje... Read more

    Affected Products : mybloggie
    • Published: Oct. 05, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3150

    Format string vulnerability in the Log_Flush function in Weex 2.6.1.5, 2.6.1, and possibly other versions allows remote FTP servers to execute arbitrary code via format strings in filenames.... Read more

    Affected Products : weex
    • Published: Oct. 05, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3151

    Buffer overflow in blenderplay in Blender Player 2.37a allows attackers to execute arbitrary code via a long command line argument.... Read more

    Affected Products : blender
    • Published: Oct. 05, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-3152

    Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.3 allow remote attackers to inject arbitrary web script or HTML via the redir parameter to (1) cart.php or (2) index.php, or (3) the searchStr parameter in a viewCat action to index.php. ... Read more

    Affected Products : cubecart
    • Published: Oct. 05, 2005
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2005-3149

    Uim 0.4.x before 0.4.9.1 and 0.5.0 and earlier does not properly handle the LIBUIM_VANILLA environment variable when a suid or sgid application is linked to libuim, such as immodule for Qt, which allows local users to gain privileges.... Read more

    Affected Products : uim
    • Published: Oct. 05, 2005
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2005-3148

    StoreBackup before 1.19 does not properly set the uid and guid for symbolic links (1) that are backed up by storeBackup.pl, or (2) recovered by storeBackupRecover.pl, which could cause files to be restored with incorrect ownership.... Read more

    Affected Products : suse_linux storebackup
    • Published: Oct. 05, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-3141

    Cerulean Studios Trillian 3.0 allows remote attackers to cause a denial of service (crash) via a reverse direct connection from a different client, as demonstrated using LICQ.... Read more

    Affected Products : trillian
    • Published: Oct. 05, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 292797 Results