Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2005-1424

    StumbleInside GoText 1.01 stores sensitive username, mail address,and phone number information in plaintext in the GoText.bin file, which allows local users to obtain that information.... Read more

    Affected Products : gotext
    • EPSS Score: %0.17
    • Published: May. 03, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1429

    SQL injection vulnerability in login.asp in WWWguestbook 1.1 allows remote attackers to execute arbitrary SQL commands via the password parameter.... Read more

    Affected Products : wwwguestbook
    • EPSS Score: %0.49
    • Published: May. 03, 2005
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2005-1393

    Multiple buffer overflows in ArcGIS for ESRI ArcInfo Workstation 9.0 allow local users to execute arbitrary code via long command line arguments to (1) asmaster, (2) asuser, (3) asutility, (4) se, or (5) asrecovery.... Read more

    Affected Products : arcinfo_workstation
    • EPSS Score: %0.09
    • Published: May. 03, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-1404

    MyPHP Forum 1.0 allows remote attackers to spoof the username by modifying the (1) nbuser parameter to post.php or (2) sender parameter to privmsg.php.... Read more

    Affected Products : myphp_forum
    • EPSS Score: %0.98
    • Published: May. 03, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-1402

    Integer signedness error in certain older versions of the NeL library, as used in Mtp-Target 1.2.2 and earlier, and possibly other products, allows remote attackers to cause a denial of service (memory consumption or server crash) via a negative value in ... Read more

    Affected Products : mtp-target
    • EPSS Score: %5.90
    • Published: May. 03, 2005
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2005-1414

    ExoticSoft FilePocket 1.2 stores sensitive proxy information, including proxy passwords, in plaintext in the registry, which allows local users to gain privileges.... Read more

    Affected Products : filepocket
    • EPSS Score: %0.15
    • Published: May. 03, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-1421

    Directory traversal vulnerability in Raysoft/Raybase Video Cam Server 1.0.0 beta allows remote attackers to read arbitrary files via ".." (dot dot) sequences in an HTTP request.... Read more

    Affected Products : video_cam_server
    • EPSS Score: %0.25
    • Published: May. 03, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1401

    Format string vulnerability in the client for Mtp-Target 1.2.2 and earlier allows remote attackers to execute arbitrary code via game messages or other text.... Read more

    Affected Products : mtp-target
    • EPSS Score: %12.89
    • Published: May. 03, 2005
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2005-1380

    Cross-site scripting (XSS) vulnerability in BEA Admin Console 8.1 allows remote attackers to execute arbitrary web script or HTML via the server parameter to a JndiFramesetAction action.... Read more

    Affected Products : weblogic_server
    • EPSS Score: %1.28
    • Published: May. 03, 2005
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2005-1379

    The LAM runtime environment package (lam-runtime-7.0.6-2mdk) on Mandrake Linux installs the mpi user without a password, which allows local users to gain privileges.... Read more

    Affected Products : mandrake_lam-runtime
    • EPSS Score: %0.06
    • Published: May. 03, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1375

    Multiple SQL injection vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to execute arbitrary SQL commands via (1) learningPath.php, (2) learningPathAdmin.php, (3) learnPath_details.php, (4) mo... Read more

    Affected Products : claroline
    • EPSS Score: %1.32
    • Published: May. 03, 2005
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2005-1374

    Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to inject arbitrary web script or HTML via (1) exercise_result.php, (2) exercice_submit.php, (3) agenda.php... Read more

    Affected Products : claroline
    • EPSS Score: %2.57
    • Published: May. 03, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1373

    Multiple SQL injection vulnerabilities in index.php in Dream4 Koobi CMS 4.2.3 allow remote attackers to execute arbitrary SQL commands via the (1) q or (2) p parameters.... Read more

    Affected Products : koobi_cms
    • EPSS Score: %1.04
    • Published: May. 03, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1435

    Open WebMail (OWM) before 2.51 20050430 allows remote authenticated users to execute arbitrary commands via shell metacharacters in a filename.... Read more

    Affected Products : open_webmail
    • EPSS Score: %1.32
    • Published: May. 03, 2005
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2005-1436

    Multiple cross-site scripting (XSS) vulnerabilities in osTicket allow remote attackers to inject arbitrary web script or HTML via (1) the t parameter to view.php, (2) the osticket_title parameter to header.php, (3) the em parameter to admin_login.php, (4)... Read more

    Affected Products : osticket
    • EPSS Score: %2.08
    • Published: May. 03, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1439

    Directory traversal vulnerability in attachments.php in osTicket allows remote attackers to read arbitrary files via .. sequences in the file parameter.... Read more

    Affected Products : osticket
    • EPSS Score: %0.48
    • Published: May. 03, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1438

    PHP remote file inclusion vulnerability in main.php in osTicket allows remote attackers to execute arbitrary PHP code via the include_dir parameter.... Read more

    Affected Products : osticket
    • EPSS Score: %0.72
    • Published: May. 03, 2005
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2005-1443

    Multiple cross-site scripting (XSS) vulnerabilities in index.php for Invision Power Board (IPB) 2.0.3 and 2.1 Alpha 2 allows remote attackers to inject arbitrary web script or HTML via the (1) act, (2) Members, (3) calendar, or (4) HID parameters.... Read more

    Affected Products : invision_power_board
    • EPSS Score: %1.04
    • Published: May. 03, 2005
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2005-1448

    Cross-site scripting (XSS) vulnerability in the BBCode plugin for Serendipity before 0.8 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.... Read more

    Affected Products : serendipity
    • EPSS Score: %1.01
    • Published: May. 03, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1417

    Multiple SQL injection vulnerabilities in MaxWebPortal 2.x, 1.35, and other versions allow remote attackers to execute arbitrary SQL commands via (1) article_popular.asp, (2) arguments to dl_popular.asp, (3) arguments to links_popular.asp, (4) arguments t... Read more

    Affected Products : maxwebportal
    • EPSS Score: %0.45
    • Published: May. 03, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 292095 Results