Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.0

    MEDIUM
    CVE-2005-1484

    Directory traversal vulnerability in Golden FTP server pro 2.52 allows remote attackers to read arbitrary files via a "\.." (backward slash dot dot) with a leading '"' (double quote) in the GET command.... Read more

    Affected Products : golden_ftp_server
    • EPSS Score: %0.24
    • Published: May. 11, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1482

    ArticleLive 2005 allows remote attackers to gain privileges by modifying the (1) auth and (2) userId fields in a cookie.... Read more

    Affected Products : articlelive
    • EPSS Score: %1.53
    • Published: May. 11, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1478

    Format string vulnerability in dSMTP (dsmtp.exe) in DMail 3.1a allows remote attackers to execute arbitrary code via format string specifiers in the xtellmail command.... Read more

    Affected Products : dmail
    • EPSS Score: %6.20
    • Published: May. 11, 2005
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2005-1519

    Squid 2.5 STABLE9 and earlier, when the DNS client port is unfiltered and the environment does not prevent IP spoofing, allows remote attackers to spoof DNS lookups.... Read more

    Affected Products : squid
    • EPSS Score: %24.58
    • Published: May. 11, 2005
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2005-1496

    The DBMS_Scheduler in Oracle 10g allows remote attackers with CREATE JOB privileges to gain additional privileges by changing SESSION_USER to the SYS user.... Read more

    • EPSS Score: %5.21
    • Published: May. 11, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1588

    SQL injection vulnerability in index.php for Quick.cart 0.3.0 allows remote attackers to execute arbitrary SQL commands via the iCategory parameter. NOTE: the vendor has privately disputed this issue, saying that Quick.cart does not even use SQL and ther... Read more

    Affected Products : quick.cart
    • EPSS Score: %0.45
    • Published: May. 11, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1558

    The web module in Neteyes Nexusway allows remote attackers to bypass authentication and gain administrator privileges by setting the cyclone500_auth cookie.... Read more

    Affected Products : nexusway
    • EPSS Score: %0.59
    • Published: May. 11, 2005
    • Modified: Apr. 03, 2025

  • 1.9

    LOW
    CVE-2005-1488

    Multiple cross-site scripting (XSS) vulnerabilities in Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) the E-mail address, Note, or Public Certificate fields to address.ht... Read more

    Affected Products : web_mail mail_server
    • EPSS Score: %0.05
    • Published: May. 11, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1517

    Unknown vulnerability in Cisco Firewall Services Module (FWSM) 2.3.1 and earlier, when using URL, FTP, or HTTPS filtering exceptions, allows certain TCP packets to bypass access control lists (ACLs).... Read more

    Affected Products : firewall_services_module
    • EPSS Score: %0.39
    • Published: May. 11, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-1493

    Directory traversal vulnerability in SimpleCam 1.2 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the URL.... Read more

    Affected Products : simplecam
    • EPSS Score: %6.02
    • Published: May. 11, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2005-1560

    The SSH module in Neteyes Nexusway allows remote attackers to execute arbitrary commands via shell metacharacters in arguments to certain commands, as demonstrated using ping and traceroute.... Read more

    Affected Products : nexusway
    • EPSS Score: %2.42
    • Published: May. 11, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1509

    SQL injection vulnerability in profil.php in PwsPHP 1.2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.... Read more

    Affected Products : pwsphp
    • EPSS Score: %0.62
    • Published: May. 11, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1506

    SQL injection vulnerability in out.php in CJ Ultra (CJUltra) Plus 1.0.3 and 1.0.4 allows remote attackers to execute arbitrary SQL commands via the perm parameter.... Read more

    Affected Products : ultra_plus
    • EPSS Score: %0.33
    • Published: May. 11, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-1483

    Multiple cross-site scripting (XSS) vulnerabilities in ArticleLive 2005 allow remote attackers to inject arbitrary web script or HTML via the (1) Query, (2) Username, (3) LastName, (4) Biography, or (5) BlogId parameter.... Read more

    Affected Products : articlelive
    • EPSS Score: %0.67
    • Published: May. 11, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-1557

    Multiple cross-site scripting (XSS) vulnerabilities in WebApp Guestbook PRO 3.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) content of a message.... Read more

    Affected Products : guestbook_pro
    • EPSS Score: %0.68
    • Published: May. 11, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1501

    MidiCart PHP Shopping Cart allows remote attackers to obtain sensitive information via a direct request to (1) search_list.php, (2) item_list.php, or (3) item_show.php, which reveal the path in a PHP error message.... Read more

    Affected Products : midicart_php_shopping_cart
    • EPSS Score: %0.74
    • Published: May. 11, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1512

    The Admin panel in PwsPHP 1.2.2 does not properly verify uploaded picture files, which allows remote attackers to upload and possibly execute arbitrary files.... Read more

    Affected Products : pwsphp
    • EPSS Score: %0.74
    • Published: May. 11, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-1485

    Golden FTP Server Pro 2.52 allows remote attackers to obtain sensitive information via a GET request for a file that does not exist, which reveals the absolute path of the FTP server in the resulting FTP error message.... Read more

    Affected Products : golden_ftp_server
    • EPSS Score: %0.39
    • Published: May. 11, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-1497

    index.php in myBloggie 2.1.1 allows remote attackers to obtain sensitive information via an invalid post_id parameter, which reveals the path in an error message.... Read more

    Affected Products : mybloggie
    • EPSS Score: %0.39
    • Published: May. 11, 2005
    • Modified: Apr. 03, 2025

  • 9.8

    CRITICAL
    CVE-2005-1513

    Integer overflow in the stralloc_readyplus function in qmail, when running on 64 bit platforms with a large amount of virtual memory, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large SMTP request.... Read more

    Affected Products : ubuntu_linux debian_linux qmail
    • EPSS Score: %17.48
    • Published: May. 11, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 291775 Results