Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2005-1647

    Gurgens (GASoft) Guest Book 2.1 stores the db/Genid.dat database file under the web document root with insufficient access control, which allows remote attackers to obtain and decrypt usernames and passwords.... Read more

    Affected Products : gurgens_guest_book
    • EPSS Score: %1.02
    • Published: May. 18, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-1663

    Jeuce Personal Web Server 2.13 allows remote attackers to cause a denial of service (server crash) via a GET request beginning with "://".... Read more

    Affected Products : jeuce_personal_web_server
    • EPSS Score: %1.43
    • Published: May. 18, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-1649

    The IPv6 support in Windows XP SP2, 2003 Server SP1, and Longhorn, with Windows Firewall turned off, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the SYN flag set and the same destination and source address ... Read more

    Affected Products : windows_2003_server windows_xp
    • EPSS Score: %15.94
    • Published: May. 18, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1666

    Multiple buffer overflows in Orenosv HTTP/FTP Server 0.8.1 allow remote authenticated users to cause a denial of service (server crash) and possibly execute arbitrary code via long arguments to FTP commands such as MKD, RMD, or DELE, which are processed b... Read more

    Affected Products : orenosv_http_ftp_server
    • EPSS Score: %23.91
    • Published: May. 18, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1660

    HTMLJunction EZGuestbook stores the guestbook.mdb file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as the administrative password.... Read more

    Affected Products : ezguestbook
    • EPSS Score: %1.02
    • Published: May. 18, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1646

    The default installation of Fastream NETFile FTP/Web Server 7.4.6, which supports FXP, does not require that the IP address in a PORT command be the same as the IP of the logged in user, which allows remote attackers to conduct FTP Bounce attacks to bypas... Read more

    Affected Products : netfile_ftp_web_server
    • EPSS Score: %0.43
    • Published: May. 18, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-1655

    AOL Instant Messenger 5.5.x and earlier allows remote attackers to cause a denial of service (client crash) via an invalid smiley icon location in the sml parameter of a font tag.... Read more

    Affected Products : instant_messenger
    • EPSS Score: %3.39
    • Published: May. 18, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-1659

    Cross-site scripting (XSS) vulnerability in filemanager.cpp in MyServer 0.8 allows remote attackers to inject arbitrary Javascript via a URL with a "..." (triple dot) followed by an onmouseover event.... Read more

    Affected Products : myserver
    • EPSS Score: %0.40
    • Published: May. 18, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-1658

    Directory traversal vulnerability in filemanager.cpp in MyServer 0.8 allows remote attackers to list the parent directory of the web root via a URL with a "..." (triple dot).... Read more

    Affected Products : myserver
    • EPSS Score: %0.22
    • Published: May. 18, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1652

    message.htm for Woppoware PostMaster 4.2.2 (build 3.2.5) allows remote attackers to bypass authentication by modifying the email parameter.... Read more

    Affected Products : postmaster
    • EPSS Score: %0.57
    • Published: May. 18, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1640

    mod_channel.bas in The Ignition Project ignitionServer 0.3.0 to 0.3.6, and possibly earlier versions, does not properly verify whether a host has the owner privileges required to delete IRC channel access entries, which allows remote attackers to bypass i... Read more

    Affected Products : ignitionserver
    • EPSS Score: %0.17
    • Published: May. 17, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1633

    Multiple SQL injection vulnerabilities in JGS-XA JGS-Portal 3.0.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) anzahl_beitraege parameter to jgs_portal.php, 2) year parameter to (jgs_portal_statistik.php, 3) year parame... Read more

    Affected Products : jgs-portal
    • EPSS Score: %0.31
    • Published: May. 17, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1642

    SQL injection vulnerability in the verify_email function in Woltlab Burning Board 2.x and earlier allows remote attackers to execute arbitrary SQL commands via the $email variable.... Read more

    Affected Products : burning_board
    • EPSS Score: %0.51
    • Published: May. 17, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-1643

    The ZCom_BitStream::Deserialize function in Zoidcom 1.0 beta 4 and earlier allows remote attackers to cause a denial of service via a crafted UDP packet with a large size value, which causes a memory allocation error or an out-of-bounds read.... Read more

    Affected Products : zoidcom
    • EPSS Score: %0.54
    • Published: May. 17, 2005
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2005-1264

    Raw character devices (raw.c) in the Linux kernel 2.6.x call the wrong function before passing an ioctl to the block device, which crosses security boundaries by making kernel address space accessible from user space, a similar vulnerability to CVE-2005-1... Read more

    Affected Products : linux_kernel enterprise_linux
    • EPSS Score: %0.05
    • Published: May. 17, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-1634

    Multiple cross-site scripting (XSS) vulnerabilities in JGS-XA JGS-Portal 3.0.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) anzahl_beitraege parameter to jgs_portal.php, (2) year parameter to jgs_portal_statistik.p... Read more

    Affected Products : jgs-portal
    • EPSS Score: %0.30
    • Published: May. 17, 2005
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2005-1307

    The (1) stopserver.sh and (2) startserver.sh scripts in Adobe Version Cue on Mac OS X uses the current working directory to find and execute the productname.sh script, which allows local users to execute arbitrary code by copying and calling the scripts f... Read more

    Affected Products : mac_os_x version_cue
    • EPSS Score: %0.67
    • Published: May. 17, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1626

    Multiple buffer overflows in handlers.c for Pico Server (pServ) before 3.3 may allow attackers to execute arbitrary code.... Read more

    Affected Products : pico_server
    • EPSS Score: %1.18
    • Published: May. 17, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1629

    SQL injection vulnerability in member.php for Photopost PHP Pro allows remote attackers to execute arbitrary SQL commands via the verifykey parameter.... Read more

    Affected Products : photopost_php_pro
    • EPSS Score: %0.29
    • Published: May. 17, 2005
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2005-1589

    The pkt_ioctl function in the pktcdvd block device ioctl handler (pktcdvd.c) in Linux kernel 2.6.12-rc4 and earlier calls the wrong function before passing an ioctl to the block device, which crosses security boundaries by making kernel address space acce... Read more

    Affected Products : linux_kernel enterprise_linux
    • EPSS Score: %0.14
    • Published: May. 17, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 291739 Results