Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2005-4536

    Mail::Audit module in libmail-audit-perl 2.1-5, when logging is enabled without a default log file specified, uses predictable log filenames, which allows local users to overwrite arbitrary files via a symlink attack on the [PID]-audit.log temporary file.... Read more

    Affected Products : libmail-audit-perl
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-4792

    SQL injection vulnerability in index.php in Appalachian State University phpWebSite 0.10.1 and earlier allows remote attackers to execute arbitrary SQL commands via the module parameter. NOTE: the provenance of this information is unknown; the details ar... Read more

    Affected Products : phpwebsite
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-4591

    Heap-based buffer overflow in bogofilter 0.96.2, 0.95.2, 0.94.14, 0.94.12, and other versions from 0.93.5 to 0.96.2, when using Unicode databases, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via "invali... Read more

    Affected Products : email_filter
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2005-4658

    Multiple cross-site scripting (XSS) vulnerabilities in ASP-Programmers.com ASPKnowledgebase allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in the administrative interface.... Read more

    Affected Products : aspknowledgebase
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-0036

    The DNS implementation in DeleGate 8.10.2 and earlier allows remote attackers to cause a denial of service via a compressed DNS packet with a label length byte with an incorrect offset, which could trigger an infinite loop.... Read more

    Affected Products : delegate delegate
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-1753

    ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun st... Read more

    Affected Products : javamail
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-0038

    The DNS implementation of PowerDNS 2.9.16 and earlier allows remote attackers to cause a denial of service via a compressed DNS packet with a label length byte with an incorrect offset, which could trigger an infinite loop.... Read more

    Affected Products : powerdns recursor
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-4754

    BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier allow remote attackers to obtain sensitive information (intranet IP addresses) via unknown attack vectors involving "network address translation."... Read more

    Affected Products : weblogic_server
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-0985

    Unspecified vulnerability in the Mac OS X kernel before 10.3.8 allows local users to cause a denial of service (temporary hang) via unspecified attack vectors related to the fan control unit (FCU) driver.... Read more

    Affected Products : mac_os_x
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2005-1755

    PHP remote file inclusion vulnerability in poll_vote.php in PHP Poll Creator 1.01 allows remote attackers to execute arbitrary PHP code via the relativer_pfad parameter.... Read more

    Affected Products : php_poll_creator
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2005-1752

    viewFile.php in the scm component of Gforge before 4.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the file_name parameter.... Read more

    Affected Products : gforge
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-4615

    SQL injection vulnerability in news.php in DapperDesk 3.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter.... Read more

    Affected Products : dapperdesk
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-4608

    SQL injection vulnerability in index.php in BugPort 1.147 allows remote attackers to execute arbitrary SQL commands via the (1) devWherePair[0], (2) orderBy, and (3) where parameters.... Read more

    Affected Products : bugport
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3540

    Buffer overflow in petris before 1.0.1 allows remote attackers to execute arbitrary code via unspecified attack vectors.... Read more

    Affected Products : petris
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-1754

    JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes refere... Read more

    Affected Products : javamail apache_tomcat
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-4624

    The m_join function in channel.c for PTnet ircd 1.5 and 1.6 allows remote attackers to cause a denial of service (memory exhaustion that triggers a daemon restart) via a large number of requests to join a "charmed channel" such as PTnet, #PTnoticias and #... Read more

    Affected Products : ptnet_ircd
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-4712

    CRLF injection vulnerability in process_signup.php in PHP Handicapper allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the login parameter. NOTE: the vendor has disputed CVE-2005-3497, and it is possible that the dispute was... Read more

    Affected Products : php_handicapper
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-4703

    Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp usin... Read more

    Affected Products : tomcat
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-4631

    SQL injection vulnerability in index.php in Zina 0.12.07 and earlier allows remote attackers to execute arbitrary SQL commands via the p parameter.... Read more

    Affected Products : zina
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2005-4639

    Buffer overflow in the CA-driver (dst_ca.c) for TwinHan DST Frontend/Card in Linux kernel 2.6.12 and other versions before 2.6.15 allows local users to cause a denial of service (crash) and possibly execute arbitrary code by "reading more than 8 bytes int... Read more

    Affected Products : linux_kernel
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 294836 Results