Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.0

    MEDIUM
    CVE-2005-3143

    Unspecified vulnerability in the Mailbox Server for 4D WebStar before 5.3.5 allows attackers to cause a denial of service (crash) via IMAP clients on Mac OS X 10.4 Mail 2.... Read more

    Affected Products : webstar
    • Published: Oct. 05, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-3147

    StoreBackup before 1.19 creates the backup root with world-readable permissions, which allows local users to obtain sensitive information.... Read more

    Affected Products : suse_linux storebackup
    • Published: Oct. 05, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-3139

    Bugzilla 2.19.1 through 2.20rc2 and 2.21, with user matching turned on in substring mode, allows attackers to list all users whose names match an arbitrary substring, even when the usevisibilitygroups parameter is set.... Read more

    Affected Products : bugzilla
    • Published: Oct. 05, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3140

    Procom NetFORCE 800 4.02 M10 Build 20 and possibly other versions sends the NIS password map (passwd.nis) as a file attachment in diagnostic e-mail messages, which allows remote attackers to obtain the cleartext NIS password hashes.... Read more

    Affected Products : netforce_800_firmware netforce_800
    • Published: Oct. 05, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-0023

    gnome-pty-helper in GNOME libzvt2 and libvte4 allows local users to spoof the logon hostname via a modified DISPLAY environment variable. NOTE: the severity of this issue has been disputed.... Read more

    Affected Products : libvte4 libzvt2
    • Published: Oct. 05, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2961

    Buffer overflow in the get_string_ahref function for ProZilla 1.3.7.4 and possibly earlier, with the -ftpsearch option enabled, allows remote servers to execute arbitrary code via a search response with a crafted string in the HREF field of an <A> tag.... Read more

    Affected Products : prozilla_download_accelerator
    • Published: Oct. 05, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2005-2758

    Integer signedness error in the administrative interface for Symantec AntiVirus Scan Engine 4.0 and 4.3 allows remote attackers to execute arbitrary code via crafted HTTP headers with negative values, which lead to a heap-based buffer overflow.... Read more

    • Published: Oct. 05, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-3137

    The (1) cfmailfilter and (2) cfcron.in files for cfengine 1.6.5 allow local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CVE-2005-2960.... Read more

    Affected Products : cfengine
    • Published: Oct. 05, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-2960

    cfengine 1.6.5 and 2.1.16 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by vicf.in, a different vulnerability than CVE-2005-3137.... Read more

    Affected Products : debian_linux cfengine
    • Published: Oct. 05, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-3128

    Cross-site scripting (XSS) vulnerability in add.php in Address Add Plugin 1.9 and 2.0 for Squirrelmail allows remote attackers to inject arbitrary web script or HTML via the IMG tag.... Read more

    Affected Products : address_add_plugin
    • Published: Oct. 04, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-3133

    Multiple directory traversal vulnerabilities in MERAK Mail Server 8.2.4r with Icewarp Web Mail 5.5.1, and possibly earlier versions, allows remote attackers to (1) delete arbitrary files or directories via a relative path to the id parameter to logout.htm... Read more

    Affected Products : web_mail mail_server
    • Published: Oct. 04, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-3136

    Directory traversal vulnerability in Virtools Web Player 3.0.0.100 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a filename.... Read more

    Affected Products : web_player
    • Published: Oct. 04, 2005
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2005-3129

    Cross-site request forgery (CSRF) vulnerability in Serendipity 0.8.4 and earlier allows remote attackers to perform unauthorized actions as a logged in user via a link or IMG tag to serendipity_admin.php.... Read more

    Affected Products : serendipity
    • Published: Oct. 04, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-3127

    Cross-site scripting (XSS) vulnerability in index.php in lucidCMS 1.0.11 allows remote attackers to inject arbitrary web script or HTML via the query string.... Read more

    Affected Products : lucidcms
    • Published: Oct. 04, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-3131

    Multiple cross-site scripting (XSS) vulnerabilities in MERAK Mail Server 8.2.4r with Icewarp Web Mail 5.5.1, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to blank.html, or the create... Read more

    Affected Products : web_mail mail_server
    • Published: Oct. 04, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3130

    SQL injection vulnerability in lucidCMS 1.0.11 allows remote attackers to execute arbitrary SQL commands via the login field.... Read more

    Affected Products : lucidcms
    • Published: Oct. 04, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3135

    Buffer overflow in Virtools Web Player 3.0.0.100 and earlier allows remote attackers to execute arbitrary code via a long filename.... Read more

    Affected Products : web_player
    • Published: Oct. 04, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-3132

    MERAK Mail Server 8.2.4r with Icewarp Web Mail 5.5.1, and possibly earlier versions, allows remote attackers to obtain sensitive information via a direct request to bwlist_inc.html, which reveals the path in an error message.... Read more

    Affected Products : web_mail mail_server
    • Published: Oct. 04, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3134

    Citrix Metaframe Presentation Server 3.0 and 4.0 allows remote attackers to bypass policy restrictions by downloading the launch.ica file and changing the client device name (ClientName).... Read more

    Affected Products : metaframe
    • Published: Oct. 04, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-2804

    Integer overflow in the registry parsing code in GroupWise 6.5.3, and possibly earlier version, allows remote attackers to cause a denial of service (application crash) via a large TCP/IP port in the Windows registry key.... Read more

    Affected Products : groupwise
    • Published: Oct. 04, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 292811 Results