Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
  • 5.0

    MEDIUM
    CVE-2005-0655

    auraCMS 1.5 allows remote attackers to obtain sensitive information via an HTTP request with an invalid id parameter to (1) teman.php, (2) hal.php, or (3) arsip.php, which reveals the path in a PHP error message.... Read more

    Affected Products : auracms
    • EPSS Score: %0.46
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025
  • 7.5

    HIGH
    CVE-2005-0541

    consoleConnect.jsp in Cyclades AlterPath Manager (APM) Console Server 1.2.1 allows remote attackers to connect to arbitrary consoles by modifying the consolename parameter.... Read more

    Affected Products : alterpath_manager
    • EPSS Score: %0.74
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025
  • 5.0

    MEDIUM
    CVE-2005-0568

    Soldier of Fortune II 1.03 gold allows remote attackers to cause a denial of service (application crash) via a large cl_guid value, which results in an invalid pointer dereference.... Read more

    Affected Products : soldier_of_fortune_2
    • EPSS Score: %5.49
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025
  • 7.5

    HIGH
    CVE-2005-1221

    SQL injection vulnerability in login.asp for Ecommerce-Carts EcommPro 3.0 allows remote attackers to execute arbitrary SQL commands via the password field.... Read more

    Affected Products : ecommpro
    • EPSS Score: %0.58
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025
  • 5.0

    MEDIUM
    CVE-2005-1329

    owOfflineCC.asp in OneWorldStore allows remote attackers to obtain sensitive information by modifying the idOrder parameter.... Read more

    Affected Products : oneworldstore
    • EPSS Score: %17.86
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025
  • 4.6

    MEDIUM
    CVE-2005-0542

    saveUser.do in Cyclades AlterPath Manager (APM) Console Server 1.2.1 allows local users to gain privileges by setting the adminUser parameter to true.... Read more

    Affected Products : alterpath_manager
    • EPSS Score: %0.07
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025
  • 7.5

    HIGH
    CVE-2005-1364

    Multiple SQL injection vulnerabilities in MetaBid Auctions allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password fields in logIn.asp, or (3) intAuctionID parameter to item.asp.... Read more

    Affected Products : metabid_auctions
    • EPSS Score: %1.04
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025
  • 4.3

    MEDIUM
    CVE-2005-1075

    Multiple cross-site scripting (XSS) vulnerabilities in RadScripts RadBids Gold 2 allow remote attackers to inject arbitrary web script or HTML via (1) the farea parameter to faq.php or the (2) cat, (3) order, or (4) area parameters to index.php.... Read more

    Affected Products : radbids
    • EPSS Score: %0.88
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025
  • 6.4

    MEDIUM
    CVE-2005-1086

    Buffer overflow in the cmdIS.DLL plugin for AN HTTPD Server 1.42n allows remote attackers to execute arbitrary code via an HTTP request with a long User-Agent header.... Read more

    Affected Products : an-httpd
    • EPSS Score: %7.16
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025
  • 4.3

    MEDIUM
    CVE-2005-1104

    Multiple cross-site scripting (XSS) vulnerabilities in Centra 7 allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) first name, or (3) last name fields.... Read more

    Affected Products : centra
    • EPSS Score: %0.30
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025
  • 2.6

    LOW
    CVE-2005-0492

    Adobe Acrobat Reader 6.0.3 and 7.0.0 allows remote attackers to cause a denial of service (application crash) via a PDF file that contains a negative Count value in the root page node.... Read more

    Affected Products : acrobat_reader
    • EPSS Score: %1.79
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025
  • 5.0

    MEDIUM
    CVE-2005-1164

    Yager 5.24 and earlier allows remote attackers to cause a denial of service (application hang) via a packet with a game header that provides less data than indicated by the length.... Read more

    Affected Products : yager_game
    • EPSS Score: %8.72
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025
  • 7.5

    HIGH
    CVE-2005-0332

    Directory traversal vulnerability in DeskNow Mail and Collaboration Server 2.5.12 allows remote attackers to (1) upload and possibly execute files outside the directory via the AttachmentsKey parameter to attachment.do, as demonstrated using JSP pages, or... Read more

    • EPSS Score: %1.63
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025
  • 5.0

    MEDIUM
    CVE-2005-1184

    The TCP/IP stack in multiple operating systems allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the correct sequence number but the wrong Acknowledgement number, which generates a large number of "keep alive" pa... Read more

    • EPSS Score: %44.26
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025
  • 5.0

    MEDIUM
    CVE-2005-0344

    Directory traversal vulnerability in 602LAN SUITE 2004.0.04.1221 allows remote authenticated users to upload and execute arbitrary files via a .. (dot dot) in the filename parameter.... Read more

    Affected Products : 602lan_suite
    • EPSS Score: %5.11
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025
  • 7.5

    HIGH
    CVE-2005-0338

    Buffer overflow in Savant Web Server 3.1 allows remote attackers to execute arbitrary code via a long HTTP request.... Read more

    Affected Products : savant_webserver
    • EPSS Score: %10.48
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025
  • 7.5

    HIGH
    CVE-2005-0825

    Buffer overflow in LTris before 1.0.10 allows local users to execute arbitrary code via a crafted highscores file.... Read more

    Affected Products : ltris
    • EPSS Score: %1.20
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025
  • 5.0

    MEDIUM
    CVE-2005-0853

    betaparticle blog (bp blog) stores the database under the web root, which allows remote attackers to obtain sensitive information via a direct request to (1) dbBlogMX.mdb for versions before 3.0, or (2) Blog.mdb for versions 3.0 and later. NOTE: it was l... Read more

    Affected Products : betaparticle_blog
    • EPSS Score: %13.24
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025
  • 5.0

    MEDIUM
    CVE-2005-1198

    Directory traversal vulnerability in apexec.pl for Anaconda Foundation Directory allows remote attackers to read arbitrary files via hex-encoded null characters (%00) in the middle of ".." sequences in the template parameter.... Read more

    Affected Products : foundation_directory
    • EPSS Score: %0.21
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025
  • 5.0

    MEDIUM
    CVE-2005-0573

    Gaim 1.1.3 on Windows systems allows remote attackers to cause a denial of service (client crash) via a file transfer in which the filename contains "(" or ")" (parenthesis) characters.... Read more

    Affected Products : gaim
    • EPSS Score: %0.66
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 291750 Results