Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2005-4846

    Format string vulnerability in Logger.cc for Spey 0.3.3 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in a syslog call.... Read more

    Affected Products : spey
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 3.5

    LOW
    CVE-2005-4855

    Unrestricted file upload vulnerability in eZ publish 3.5 before 3.5.5, 3.6 before 3.6.2, 3.7 before 3.7.0rc2, and 3.8 before 20050922 does not restrict Image datatype uploads to image content types, which allows remote authenticated users to upload certai... Read more

    Affected Products : ez_publish
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-4683

    PADL MigrationTools 46, when a failure occurs, stores contents of /etc/shadow in a world-readable /tmp/nis.$$.ldif file, and possibly other sensitive information in other temporary files, which are not properly managed by (1) migrate_all_online.sh, (2) mi... Read more

    Affected Products : migrationtools
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-4719

    Multiple SQL injection vulnerabilities in Sysbotz Systems Panel 1.0.6 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the cid parameter in knowledgebase/index.php, (2) the aid parameter in knowledgebase/view.php, (3) the cid p... Read more

    Affected Products : systems_panel
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-4729

    SQL injection vulnerability in show.php in VBZooM Forum allows remote attackers to execute arbitrary SQL commands via the SubjectID parameter.... Read more

    Affected Products : vbzoom
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2005-4600

    Directory traversal vulnerability in tiny_mce_gzip.php in TinyMCE Compressor PHP before 1.06 allows remote attackers to read or include arbitrary files via a trailing null byte (%00) in the (1) theme, (2) language, (3) plugins, or (4) lang parameter.... Read more

    Affected Products : tinymce_compressor_php
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-4674

    Multiple SQL injection vulnerabilities in list.php in Complete PHP Counter allow remote attackers to execute arbitrary SQL commands via the (1) c or (2) s parameter.... Read more

    Affected Products : complete_php_counter
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2005-4829

    VirtueMart before 1.0.1 does not properly handle errors when a user is forbidden to read a requested page, which has unknown impact and remote attack vectors.... Read more

    Affected Products : virtuemart
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2464

    login.php in PCXP/TOPPE CMS allows remote attackers to bypass authentication and gain privileges by modifying the cookie to match the target userid.... Read more

    Affected Products : pcxp_toppe_cms
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-4614

    Multiple SQL injection vulnerabilities in digiSHOP 3.1.17 and earlier allow remote attackers to execute arbitrary SQL commands or obtain the full installation path via (1) the c parameter in cart.php and (2) unspecified search module parameters.... Read more

    Affected Products : digishop
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-4749

    HTTP request smuggling vulnerability in BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier allows remote attackers to inject arbitrary HTTP headers via unspecified attack vectors.... Read more

    Affected Products : weblogic_server
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-4809

    Mozilla Firefox 1.0.1 and possibly other versions, including Mozilla and Thunderbird, allows remote attackers to spoof the URL in the Status Bar via an A HREF tag that contains a TABLE tag that contains another A tag.... Read more

    Affected Products : firefox thunderbird mozilla
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-4637

    Multiple cross-site scripting (XSS) vulnerabilities in index.php in Kayako SupportSuite 3.00.26 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) nav parameter in the downloads module, (2) Full Name and (3) Email fields... Read more

    Affected Products : supportsuite
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-4686

    PunBB 1.2.9, when used alone or with F-ART BLOG:CMS, includes config.php before calling the unregister_globals function, which allows attackers to obtain unspecified sensitive information.... Read more

    Affected Products : punbb
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-4706

    Unspecified vulnerability in the "privilege management" feature of Sun Solaris 10 allows local users to cause a denial of service (panic) via unknown vectors that trigger a null dereference in the secpolicy_fs_common function.... Read more

    Affected Products : solaris
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 5.8

    MEDIUM
    CVE-2005-2465

    Cross-site scripting (XSS) vulnerability in pm.php in PCXP/TOPPE CMS allows remote attackers to inject arbitrary web script or HTML via the msg variable.... Read more

    Affected Products : pc-experience toppe_cms
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-4854

    eZ publish 3.5 through 3.7 before 20050830 does not use a folder's read permissions to restrict notifications, which allows remote authenticated users to obtain sensitive information about changes to content in arbitrary folders.... Read more

    Affected Products : ez_publish
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-4741

    NetBSD 1.6, NetBSD 2.0 through 2.1, and NetBSD-current before 20051031 allows local users to gain privileges by attaching a debugger to a setuid/setgid (P_SUGID) process that performs an exec without a reset of real credentials.... Read more

    Affected Products : netbsd
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-3659

    nsrd.exe in EMC Legato NetWorker 7.1.x before 7.1.4 and 7.2.x before 7.2.1.Build.314, and other products such as Sun Solstice Backup (SBU) 6.0 and 6.1 and StorEdge Enterprise Backup Software (EBS) 7.1 through 7.2L, allows remote attackers to cause a denia... Read more

    Affected Products : legato_networker
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-4813

    Unspecified vulnerability in Report Application Server (Crystalras.exe) before 11.0.0.1370, as used in Business Objects Crystal Reports XI, Crystal Reports Server XI, and BusinessObjects Enterprise XI, allows remote attackers to cause a denial of service ... Read more

    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 294799 Results