Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.0

    MEDIUM
    CVE-2005-2243

    Memory leak in inetinfo.exe in Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1, when Multi Level Admin (MLA) is enabled, allows remote attackers to cause a denial of service (memory consumpt... Read more

    Affected Products : call_manager
    • Published: Jul. 12, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2221

    Multiple SQL injection vulnerabilities in Dragonfly Commerce allows remote attackers to modify SQL statements and possibly execute arbitrary SQL commands via the (1) key parameter to dc_Categoriesview.asp, (2) dc_productslist_Clearance.asp, (3) PID parame... Read more

    Affected Products : dragonfly_commerce
    • Published: Jul. 12, 2005
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2005-2233

    Buffer overflow in multiple "p" commands in IBM AIX 5.1, 5.2 and 5.3 might allow local users to execute arbitrary code via long command line arguments to (1) penable or other hard-linked files including (2) pdisable, (3) pstart, (4) phold, (5) pdelay, or ... Read more

    Affected Products : aix
    • Published: Jul. 12, 2005
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2005-2219

    Hosting Controller 6.1 Hotfix 2.1 allows remote authenticated users to perform unauthorized actions, such as modifying the credit limit, via a direct request to AccountActions.asp and modifying the CreditLimit parameter in an UpdateCreditLimit action.... Read more

    Affected Products : hosting_controller
    • Published: Jul. 12, 2005
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2005-2234

    Buffer overflow in the getlvname command in IBM AIX 5.1, 5.2 and 5.3, might allow local users to execute arbitrary code via long command line arguments.... Read more

    Affected Products : aix
    • Published: Jul. 12, 2005
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2005-2235

    Buffer overflow in the diagTasksWebSM command in IBM AIX 5.1, 5.2 and 5.3, might allow local users to execute arbitrary code via long command line arguments.... Read more

    Affected Products : aix
    • Published: Jul. 12, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-2228

    Web Wiz Forums 7.9 and 8.0 allows remote attackers to view message titles of a hidden forum.... Read more

    Affected Products : web_wiz_forums
    • Published: Jul. 12, 2005
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2005-2227

    Softiacom wMailserver 1.0 stores passwords in plaintext in the Darsite\MAILSRV\Admin key, which allows local users to gain administrator privileges.... Read more

    Affected Products : wmailserver
    • Published: Jul. 12, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2229

    Blog Torrent 0.92 and earlier stores sensitive files under the web document root in the (1) data or (2) torrents directories with insufficient access control, which allows remote attackers to obtain sensitive information such as account names and password... Read more

    Affected Products : blog_torrent
    • Published: Jul. 12, 2005
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2005-2236

    Format string vulnerability in the paginit command in IBM AIX 5.3, and possibly other versions, might allow local users to execute arbitrary code via format strings in command line arguments.... Read more

    Affected Products : aix
    • Published: Jul. 12, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-2226

    Microsoft Outlook Express 6.0 leaks the default news server account when a user responds to a "watched" conversation thread, which could allow remote attackers to obtain sensitive information.... Read more

    Affected Products : outlook_express
    • Published: Jul. 12, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2245

    Unknown vulnerability in F5 BIG-IP 9.0.2 through 9.1 allows attackers to "subvert the authentication of SSL transactions," via unknown attack vectors, possibly involving NATIVE ciphers.... Read more

    Affected Products : tmos
    • Published: Jul. 12, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-2239

    oftpd 0.3.7 allows remote attackers to cause a denial of service via a USER command with a large number of null (\0) characters.... Read more

    Affected Products : oftpd
    • Published: Jul. 12, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-2208

    PrivaShare 1.1b allows remote attackers to cause a denial of service (crash) via a malformed message.... Read more

    Affected Products : privashare
    • Published: Jul. 11, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-2202

    Cross-site scripting (XSS) vulnerability in the MicroServer Web Server for Xerox WorkCentre Pro Color 2128, 2636, and 3545, version 0.001.04.044 through 0.001.04.504, allows remote attackers to inject arbitrary web script or HTML via unknown vectors.... Read more

    • Published: Jul. 11, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2197

    SQL injection vulnerability in sql.cls.php in Id Board 1.1.3 allows remote attackers to modify SQL queries, as demonstrated using the f parameter to index.php.... Read more

    Affected Products : id_board
    • Published: Jul. 11, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2184

    eRoom 6.x does not properly restrict files that can be attached, which allows remote attackers to execute arbitrary commands via a .lnk file.... Read more

    Affected Products : eroom
    • Published: Jul. 11, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-2179

    PHP remote file inclusion vulnerability in BlogModel.php in Jaws 0.5.2 and earlier allows remote attackers to execute arbitrary PHP code via the path parameter.... Read more

    Affected Products : jaws
    • Published: Jul. 11, 2005
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2005-2187

    McAfee IntruShield Security Management System allows remote authenticated users to access the "Generate Reports" feature and modify alerts by setting the Access option to true, as demonstrated using the (1) fullAccess or (2) fullAccessRight parameter in r... Read more

    • Published: Jul. 11, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2183

    class.xmail.php in PhpXmail 0.7 through 1.1 does not properly handle large passwords, which prevents an error message from being returned and allows remote attackers to bypass authentication and gain unauthorized access.... Read more

    Affected Products : phpxmail
    • Published: Jul. 11, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 292802 Results