Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.0

    MEDIUM
    CVE-2005-2265

    Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 allows remote attackers to cause a denial of service (access violation and crash), and possibly execute arbitrary code, by calling InstallVersion.compareTo with an object instead of a ... Read more

    Affected Products : firefox mozilla
    • Published: Jul. 13, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-2263

    The InstallTrigger.install method in Firefox before 1.0.5 and Mozilla before 1.7.9 allows remote attackers to execute a callback function in the context of another domain by forcing a page navigation after the install method has been called, which causes ... Read more

    Affected Products : firefox mozilla
    • Published: Jul. 13, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2267

    Firefox before 1.0.5 allows remote attackers to steal information and possibly execute arbitrary code by using standalone applications such as Flash and QuickTime to open a javascript: URL, which is run in the context of the previous page, and may lead to... Read more

    Affected Products : firefox
    • Published: Jul. 13, 2005
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2005-2255

    Directory traversal vulnerability in PhpAuction 2.5 allows remote attackers to read arbitrary files, include local PHP files, or obtain sensitive path information via ".." sequences in the lan parameter to (1) index.php or (2) admin/index.php.... Read more

    Affected Products : phpauction
    • Published: Jul. 13, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2258

    PHP remote file inclusion vulnerability in photolist.inc.php in Squito Gallery 1.33 allows remote attackers to execute arbitrary code via the photoroot parameter.... Read more

    Affected Products : squito_gallery
    • Published: Jul. 13, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2261

    Firefox before 1.0.5, Thunderbird before 1.0.5, Mozilla before 1.7.9, Netscape 8.0.2, and K-Meleon 0.9 runs XBL scripts even when Javascript has been disabled, which makes it easier for remote attackers to bypass such protection.... Read more

    Affected Products : firefox thunderbird mozilla
    • Published: Jul. 13, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-2266

    Firefox before 1.0.5 and Mozilla before 1.7.9 allows a child frame to call top.focus and other methods in a parent frame, even when the parent is in a different domain, which violates the same origin policy and allows remote attackers to steal sensitive i... Read more

    Affected Products : firefox mozilla
    • Published: Jul. 13, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2270

    Firefox before 1.0.5 and Mozilla before 1.7.9 does not properly clone base objects, which allows remote attackers to execute arbitrary code by navigating the prototype chain to reach a privileged object.... Read more

    Affected Products : firefox mozilla
    • Published: Jul. 13, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-2223

    Unknown vulnerability in the SMTP service in MailEnable Standard before 1.9 and Professional before 1.6 allows remote attackers to cause a denial of service (crash) during authentication.... Read more

    • Published: Jul. 12, 2005
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2005-2237

    Format string vulnerability in the swcons command in IBM AIX 5.3, and possibly other versions, might allow local users to execute arbitrary code via long command line arguments.... Read more

    Affected Products : aix
    • Published: Jul. 12, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-2239

    oftpd 0.3.7 allows remote attackers to cause a denial of service via a USER command with a large number of null (\0) characters.... Read more

    Affected Products : oftpd
    • Published: Jul. 12, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-2240

    xpvm.tcl in xpvm 1.2.5 allows local users to overwrite arbitrary files via a symlink attack on the xpvm.trace.$user temporary file.... Read more

    Affected Products : xpvm
    • Published: Jul. 12, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-2215

    Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.x before 1.4.6 and 1.5 before 1.5beta3 allows remote attackers to inject arbitrary web script or HTML via a parameter in the page move template, a different vulnerability than CVE-2005-1888.... Read more

    Affected Products : mediawiki
    • Published: Jul. 12, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2005-2247

    Multiple unknown vulnerabilities in Moodle before 1.5.1 have unknown impact and attack vectors.... Read more

    Affected Products : moodle
    • Published: Jul. 12, 2005
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2005-1859

    Unknown vulnerability in arshell in the Array Service (arrayd) for SGI ProPack 3 with SP 5 and 6, and SGI ProPack 4, allows local users to execute arbitrary shells as root on other hosts in the cluster or array.... Read more

    Affected Products : propack
    • Published: Jul. 12, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-0564

    Stack-based buffer overflow in Microsoft Word 2000 and Word 2002, and Microsoft Works Suites 2000 through 2004, might allow remote attackers to execute arbitrary code via a .doc file with long font information.... Read more

    Affected Products : word
    • Published: Jul. 12, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2005-2222

    Unknown vulnerability in the HTTPMail service in MailEnable Professional before 1.6 has unknown impact and attack vectors.... Read more

    Affected Products : mailenable_professional
    • Published: Jul. 12, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-2242

    Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1 allows remote attackers to cause a denial of service (memory consumption and restart) via crafted packets to (1) the CTI Manager (ctimgr.exe) ... Read more

    Affected Products : call_manager
    • Published: Jul. 12, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-2217

    Dansie Shopping Cart stores the vars.dat file under the web root with insufficient access control, which might allow remote attackers to obtain sensitive information such as program variables.... Read more

    Affected Products : dansie_shopping_cart
    • Published: Jul. 12, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-2241

    Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1 does not quickly time out Realtime Information Server Data Collection (RISDC) sockets, which results in a "resource leak" that allows remote a... Read more

    Affected Products : call_manager
    • Published: Jul. 12, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 292792 Results