Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2005-2818

    Cross-site scripting (XSS) vulnerability in DownFile 1.3 allows remote attackers to inject arbitrary web script or HTML via the id parameter to (1) email.php,(2) index.php, (3) del.php, or (4) add_form.php.... Read more

    Affected Products : downfile
    • Published: Sep. 07, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-2820

    Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows remote attackers to inject arbitrary web script or HTML via an e-mail message containing Internet Explorer "Conditional Comments" such as "[if]" and "[endif]".... Read more

    Affected Products : sqwebmail
    • Published: Sep. 07, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-2817

    Simple Machines Forum (SMF) 1-0-5 and earlier supports the use of URLs for avatar images, which allows remote attackers to monitor sensitive information of forum visitors such as IP address and user agent, as demonstrated using a PHP script on a malicious... Read more

    Affected Products : simple_machines_forum
    • Published: Sep. 07, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2819

    DownFile 1.3 allows remote attackers to gain administrator privileges via a direct request to (1) update.php, (2) del.php, and (3) add_form.php.... Read more

    Affected Products : downfile
    • Published: Sep. 07, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-2816

    Cross-site scripting (XSS) vulnerability in Greymatter allows remote attackers to inject arbitrary web script or HTML via a post comment, which is recorded in a log file but not properly handled when the administrator uses "View Control Panel Log" to read... Read more

    Affected Products : greymatter_forum
    • Published: Sep. 07, 2005
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2005-2807

    frox 0.7.18, when running setuid root, does not properly drop privileges when reading a configuration file, which allows local users to read portions of arbitrary files via the -f command line option.... Read more

    Affected Products : frox
    • Published: Sep. 07, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-2813

    Directory traversal vulnerability in FlatNuke 2.5.6 and possibly earlier allows remote attackers to read arbitrary files via ".." sequences and "%00" (trailing null byte) characters in the id parameter to the read mod in index.php.... Read more

    Affected Products : flatnuke
    • Published: Sep. 07, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2808

    frox 0.7.16 and 0.7.17 does not properly parse certain Deny ACLs, which might allow attackers to bypass intended restrictions and access blocked hosts.... Read more

    Affected Products : frox
    • Published: Sep. 07, 2005
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2005-2811

    Untrusted search path vulnerability in Net-SNMP 5.2.1.2 and earlier, on Gentoo Linux, installs certain Perl modules with an insecure DT_RPATH, which could allow local users to gain privileges.... Read more

    Affected Products : net-snmp
    • Published: Sep. 07, 2005
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2005-2815

    print.php in FlatNuke 2.5.6 allows remote attackers to obtain sensitive information (path disclosure on error) or cause a denial of service (resource consumption) via an MS-DOS device name in the news parameter to print.php, such as (1) AUX, (2) CON, (3) ... Read more

    Affected Products : flatnuke
    • Published: Sep. 07, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-2809

    silc daemon (silcd.c) in Secure Internet Live Conferencing (SILC) 1.0 and earlier allows local users to overwrite arbitrary files via a symlink attack on the silcd.[PID].stats temporary file.... Read more

    Affected Products : secure_internet_live_conferencing
    • Published: Sep. 07, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2812

    man2web allows remote attackers to execute arbitrary commands via -P arguments.... Read more

    Affected Products : man2web
    • Published: Sep. 07, 2005
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2005-2810

    Multiple stack-based buffer overflows in urban before 1.5.3 allow local users to gain privileges via a long HOME environment variable to (1) config.cc, (2) game.cc, (3) highscor.cc, or (4) meny.cc.... Read more

    Affected Products : urban
    • Published: Sep. 07, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-2796

    The sslConnectTimeout function in ssl.c for Squid 2.5.STABLE10 and earlier allows remote attackers to cause a denial of service (segmentation fault) via certain crafted requests.... Read more

    Affected Products : squid
    • Published: Sep. 07, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-2814

    Cross-site scripting (XSS) vulnerability in FlatNuke 2.5.6 allows remote attackers to inject arbitrary web script or HTML via the usr parameter in a vis_reg operation to index.php.... Read more

    Affected Products : flatnuke
    • Published: Sep. 07, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-2794

    store.c in Squid 2.5.STABLE10 and earlier allows remote attackers to cause a denial of service (crash) via certain aborted requests that trigger an assert error related to STORE_PENDING.... Read more

    Affected Products : squid
    • Published: Sep. 07, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2763

    Multiple format string vulnerabilities in OpenTTD before 0.4.0.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.... Read more

    Affected Products : openttd
    • Published: Sep. 06, 2005
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2005-2494

    kcheckpass in KDE 3.2.0 up to 3.4.2 allows local users to gain root access via a symlink attack on lock files.... Read more

    Affected Products : enterprise_linux kde
    • Published: Sep. 06, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2005-2700

    ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote attackers to bypass intended a... Read more

    Affected Products : ubuntu_linux debian_linux http_server
    • Published: Sep. 06, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-2656

    Polygen before 1.0.6 generates precompiled grammar objects with world-writable permissions, which allows local users to cause a denial of service (disk consumption) and possibly perform other unauthorized activities.... Read more

    Affected Products : polygen
    • Published: Sep. 06, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 292803 Results