Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2005-2842

    Buffer overflow in dwrcs.exe in DameWare Mini Remote Control before 4.9.0 allows remote attackers to execute arbitrary code via the username.... Read more

    Affected Products : mini_remote_control_server
    • Published: Sep. 08, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-2858

    The Fetch.FetchContact.1 ActiveX control (Fetch.dll) for Rediff Bol 7.0 allows remote attackers to read the Windows Address Book via the FullAddressBook method.... Read more

    Affected Products : bol
    • Published: Sep. 08, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-2860

    Cross-site scripting (XSS) vulnerability in Nikto 1.35 and earlier allows remote attackers to inject arbitrary web script or HTML via the Server field in an HTTP response header, which is directly injected into an HTML report.... Read more

    Affected Products : nikto
    • Published: Sep. 08, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-2861

    Cross-site scripting (XSS) vulnerability in N-Stealth Commercial Edition before 5.8.0.38 and Free Edition before 5.8.1.03 allows remote attackers to inject arbitrary web script or HTML via the Server field in an HTTP response header, which is directly inj... Read more

    Affected Products : n-stealth
    • Published: Sep. 08, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-2845

    Ariba Spend Management System sends the username and password to the server in plaintext in a POST request, which allows remote attackers to obtain sensitive information.... Read more

    Affected Products : ariba_spend_management_solutions
    • Published: Sep. 08, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-2020

    Directory traversal vulnerability in the web server for 3Com Network Supervisor 5.0.2 allows remote attackers to read arbitrary files via ".." sequences in the URL to TCP port 21700.... Read more

    Affected Products : 3c15100d
    • Published: Sep. 08, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2857

    Free SMTP Server 2.2 allows remote attackers to use the server as an open mail relay (spam proxy).... Read more

    Affected Products : free_smtp_server
    • Published: Sep. 08, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2005-2840

    Multiple unknown vulnerabilities in MAXdev MD-Pro 1.0.72 and earlier have unknown impact and unspecified attack vectors, in one or more of the (1) Download, (2) Search, (3) Web links, (4) Blocks, (5) Messages, (6) News, (7) Comments, (8) Settings, (9) Sta... Read more

    Affected Products : md-pro
    • Published: Sep. 07, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-2839

    Multiple cross-site scripting (XSS) vulnerabilities in MAXdev MD-Pro 1.0.72 allow remote attackers to inject arbitrary web script or HTML via (1) dl-search.php or (2) wl-search.php.... Read more

    Affected Products : md-pro
    • Published: Sep. 07, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-2836

    Multiple cross-site scripting (XSS) vulnerabilities in Phorum 5.0.17a and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the username parameter to register.php or (2) a signature of a logged-in user in "My Control Center," w... Read more

    Affected Products : phorum
    • Published: Sep. 07, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2838

    SQL injection vulnerability in login.php in myBloggie 2.1.3-beta and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter.... Read more

    Affected Products : mybloggie
    • Published: Sep. 07, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2837

    Multiple eval injection vulnerabilities in PlainBlack Software WebGUI before 6.7.3 allow remote attackers to execute arbitrary Perl code via (1) Help.pm, (2) International.pm, or (3) WebGUI.pm.... Read more

    Affected Products : webgui
    • Published: Sep. 07, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-2816

    Cross-site scripting (XSS) vulnerability in Greymatter allows remote attackers to inject arbitrary web script or HTML via a post comment, which is recorded in a log file but not properly handled when the administrator uses "View Control Panel Log" to read... Read more

    Affected Products : greymatter_forum
    • Published: Sep. 07, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2819

    DownFile 1.3 allows remote attackers to gain administrator privileges via a direct request to (1) update.php, (2) del.php, and (3) add_form.php.... Read more

    Affected Products : downfile
    • Published: Sep. 07, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-2820

    Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows remote attackers to inject arbitrary web script or HTML via an e-mail message containing Internet Explorer "Conditional Comments" such as "[if]" and "[endif]".... Read more

    Affected Products : sqwebmail
    • Published: Sep. 07, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-2817

    Simple Machines Forum (SMF) 1-0-5 and earlier supports the use of URLs for avatar images, which allows remote attackers to monitor sensitive information of forum visitors such as IP address and user agent, as demonstrated using a PHP script on a malicious... Read more

    Affected Products : simple_machines_forum
    • Published: Sep. 07, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-2818

    Cross-site scripting (XSS) vulnerability in DownFile 1.3 allows remote attackers to inject arbitrary web script or HTML via the id parameter to (1) email.php,(2) index.php, (3) del.php, or (4) add_form.php.... Read more

    Affected Products : downfile
    • Published: Sep. 07, 2005
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2005-2815

    print.php in FlatNuke 2.5.6 allows remote attackers to obtain sensitive information (path disclosure on error) or cause a denial of service (resource consumption) via an MS-DOS device name in the news parameter to print.php, such as (1) AUX, (2) CON, (3) ... Read more

    Affected Products : flatnuke
    • Published: Sep. 07, 2005
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2005-2810

    Multiple stack-based buffer overflows in urban before 1.5.3 allow local users to gain privileges via a long HOME environment variable to (1) config.cc, (2) game.cc, (3) highscor.cc, or (4) meny.cc.... Read more

    Affected Products : urban
    • Published: Sep. 07, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-2814

    Cross-site scripting (XSS) vulnerability in FlatNuke 2.5.6 allows remote attackers to inject arbitrary web script or HTML via the usr parameter in a vis_reg operation to index.php.... Read more

    Affected Products : flatnuke
    • Published: Sep. 07, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 292835 Results