Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2005-2814

    Cross-site scripting (XSS) vulnerability in FlatNuke 2.5.6 allows remote attackers to inject arbitrary web script or HTML via the usr parameter in a vis_reg operation to index.php.... Read more

    Affected Products : flatnuke
    • Published: Sep. 07, 2005
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2005-2810

    Multiple stack-based buffer overflows in urban before 1.5.3 allow local users to gain privileges via a long HOME environment variable to (1) config.cc, (2) game.cc, (3) highscor.cc, or (4) meny.cc.... Read more

    Affected Products : urban
    • Published: Sep. 07, 2005
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2005-2815

    print.php in FlatNuke 2.5.6 allows remote attackers to obtain sensitive information (path disclosure on error) or cause a denial of service (resource consumption) via an MS-DOS device name in the news parameter to print.php, such as (1) AUX, (2) CON, (3) ... Read more

    Affected Products : flatnuke
    • Published: Sep. 07, 2005
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2005-2807

    frox 0.7.18, when running setuid root, does not properly drop privileges when reading a configuration file, which allows local users to read portions of arbitrary files via the -f command line option.... Read more

    Affected Products : frox
    • Published: Sep. 07, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-2813

    Directory traversal vulnerability in FlatNuke 2.5.6 and possibly earlier allows remote attackers to read arbitrary files via ".." sequences and "%00" (trailing null byte) characters in the id parameter to the read mod in index.php.... Read more

    Affected Products : flatnuke
    • Published: Sep. 07, 2005
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2005-2494

    kcheckpass in KDE 3.2.0 up to 3.4.2 allows local users to gain root access via a symlink attack on lock files.... Read more

    Affected Products : enterprise_linux kde
    • Published: Sep. 06, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-2656

    Polygen before 1.0.6 generates precompiled grammar objects with world-writable permissions, which allows local users to cause a denial of service (disk consumption) and possibly perform other unauthorized activities.... Read more

    Affected Products : polygen
    • Published: Sep. 06, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2005-2700

    ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote attackers to bypass intended a... Read more

    Affected Products : ubuntu_linux debian_linux http_server
    • Published: Sep. 06, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2763

    Multiple format string vulnerabilities in OpenTTD before 0.4.0.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.... Read more

    Affected Products : openttd
    • Published: Sep. 06, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-2806

    client.cpp in BNBT EasyTracker 7.7r3.2004.10.27 and earlier allows remote attackers to cause a denial of service (application hang) via an HTTP header containing only a ":" (colon), possibly leading to an integer signedness error due to a missing field na... Read more

    Affected Products : bnbt
    • Published: Sep. 06, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-2805

    forum_post.php in e107 0.6 allows remote attackers to post to non-existent forums by modifying the forum number.... Read more

    Affected Products : e107
    • Published: Sep. 06, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-2803

    Cross-site scripting (XSS) vulnerability in Hiki 0.8.1 to 0.8.2 allows remote attackers to inject arbitrary web script or HTML via a page name in a Login link, a different vulnerability than CVE-2005-2336.... Read more

    Affected Products : hiki
    • Published: Sep. 06, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-2336

    Cross-site scripting (XSS) vulnerability in Hiki 0.8.0 to 0.8.2 allows remote attackers to inject arbitrary web script or HTML via "missing pages" in which the page name is not properly escaped, a different vulnerability than CVE-2005-2803.... Read more

    Affected Products : hiki
    • Published: Sep. 06, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-2797

    OpenSSH 4.0, and other versions before 4.2, does not properly handle dynamic port forwarding ("-D" option) when a listen address is not provided, which may cause OpenSSH to enable the GatewayPorts functionality.... Read more

    Affected Products : openssh
    • Published: Sep. 06, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2801

    xattr.c in the ext2 and ext3 file system code for Linux kernel 2.6 does not properly compare the name_index fields when sharing xattr blocks, which could prevent default ACLs from being applied.... Read more

    Affected Products : linux_kernel enterprise_linux
    • Published: Sep. 06, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-2798

    sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, allows GSSAPI credentials to be delegated to clients who log in using non-GSSAPI methods, which could cause those credentials to be exposed to untrusted users or hosts.... Read more

    Affected Products : openssh
    • Published: Sep. 06, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-2800

    Memory leak in the seq_file implementation in the SCSI procfs interface (sg.c) in Linux kernel 2.6.13 and earlier allows local users to cause a denial of service (memory consumption) via certain repeated reads from the /proc/scsi/sg/devices file, which is... Read more

    Affected Products : linux_kernel enterprise_linux
    • Published: Sep. 06, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2788

    Multiple SQL injection vulnerabilities in Land Down Under (LDU) 801 and earlier allow remote attackers to execute arbitrary SQL commands via the c parameter to (1) events.php, (2) index.php, or (3) list.php.... Read more

    Affected Products : land_down_under
    • Published: Sep. 02, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-2791

    BFCommand & Control Server Manager BFCC 1.22_A and earlier, and BFVCC 2.14_B and earlier, allows remote attackers to cause a denial of service (refused new connections) via a series of connections and disconnections without sending the login command.... Read more

    Affected Products : bfcc bfvcc
    • Published: Sep. 02, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2777

    Looking Glass 20040427 allows remote attackers to execute arbitrary commands via shell metacharacters in the DNS lookup query field.... Read more

    Affected Products : looking_glass
    • Published: Sep. 02, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 293352 Results