Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.0

    MEDIUM
    CVE-2005-4201

    Directory traversal vulnerability in My Album Online 1.0 allows remote attackers to access arbitrary files via ".../" (triple dot) sequences in unspecified vectors.... Read more

    Affected Products : my_album_online
    • Published: Dec. 13, 2005
    • Modified: Apr. 03, 2025

  • 3.5

    LOW
    CVE-2005-4189

    Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith H3 before 2.0.6 allow remote authenticated users to inject arbitrary web script or HTML via (1) the Calendar name field when creating calendars, (2) event title field when deleting eve... Read more

    Affected Products : kronolith_h3
    • Published: Dec. 13, 2005
    • Modified: Apr. 03, 2025

  • 3.5

    LOW
    CVE-2005-4192

    Multiple cross-site scripting (XSS) vulnerabilities in templates/notepads/notepads.inc in Horde Mnemo Note Manager H3 before 2.0.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) the notepad's name or (2) description, when ... Read more

    Affected Products : mnemo_note_manager_h3
    • Published: Dec. 13, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-4202

    Multiple directory traversal vulnerabilities in LogiSphere 0.9.9j allow remote attackers to access arbitrary files via (1) .. (dot dot), (2) "..." (triple dot), and (3) "..//" sequences in the URL, (4) "../" sequences in the source parameter to viewsource... Read more

    Affected Products : logisphere
    • Published: Dec. 13, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-4210

    Opera before 8.51, when running on Windows with Input Method Editor (IME) installed, allows remote attackers to cause a denial of service (persistent application crash) by bookmarking a site with a long title.... Read more

    Affected Products : opera_browser
    • Published: Dec. 13, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-4199

    Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) before 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) month, (2) day, and (3) year parameters in an addevent action in calendar.php; (4) threadmode and (5) showcode... Read more

    Affected Products : mybb
    • Published: Dec. 13, 2005
    • Modified: Apr. 03, 2025

  • 3.5

    LOW
    CVE-2005-4190

    Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework before 3.0.8 allow remote authenticated users to inject arbitrary web script or HTML via multiple vectors, as demonstrated by (1) the identity field, (2) Category and (3) L... Read more

    Affected Products : horde_application_framework
    • Published: Dec. 13, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-4197

    tunnelform.yaws in Nortel SSL VPN 4.2.1.6 allows remote attackers to execute arbitrary commands via a link in the a parameter, which is executed with extra privileges in a cryptographically signed Java Applet.... Read more

    Affected Products : ssl_vpn
    • Published: Dec. 13, 2005
    • Modified: Apr. 03, 2025

  • 6.1

    MEDIUM
    CVE-2005-4206

    Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to redirect users to other URLs and conduct phishing attacks via a modified url parameter to frameset.jsp, which loa... Read more

    Affected Products : academic_suite
    • Published: Dec. 13, 2005
    • Modified: Apr. 03, 2025

  • 6.5

    MEDIUM
    CVE-2005-4178

    Buffer overflow in Dropbear server before 0.47 allows authenticated users to execute arbitrary code via unspecified inputs that cause insufficient memory to be allocated due to an incorrect expression that does not enforce the proper order of operations.... Read more

    Affected Products : debian_linux dropbear_ssh
    • Published: Dec. 12, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-4177

    Cross-site scripting (XSS) vulnerability in book.cfm in Magic Book Personal and Professional 2.0 allows remote attackers to inject arbitrary web script or HTML via the StartRow parameter.... Read more

    • Published: Dec. 12, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-4175

    Insyde BIOS V190 does not clear the keyboard buffer after reading the BIOS password during system startup, which allows local administrators or users to read the password directly from physical memory.... Read more

    Affected Products : insyde_bios
    • Published: Dec. 11, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-4165

    Multiple SQL injection vulnerabilities in ASP-DEV ASP Resources Forum allow remote attackers to execute arbitrary SQL commands via the (1) forum_id parameter to forum.asp, (2) unspecified parameters to register.asp, and (3) the "Search For" field in searc... Read more

    Affected Products : asp_resources_forum
    • Published: Dec. 11, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-4174

    eFiction 1.0, 1.1, and 2.0, in unspecified environments, might allow remote attackers to conduct unauthorized operations by directly accessing (1) install.php or (2) upgrade.php. NOTE: it is unclear whether this is a vulnerability in eFiction itself or t... Read more

    Affected Products : efiction
    • Published: Dec. 11, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-4167

    Cross-site scripting (XSS) vulnerability in eFiction 1.0 and 1.1 allows remote attackers to inject arbitrary web script or HTML via the let parameter in a viewlist action to titles.php.... Read more

    Affected Products : efiction
    • Published: Dec. 11, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-4166

    Cross-site scripting (XSS) vulnerability in password.asp in DUWare DUportal Pro 3.4.3 allows remote attackers to inject arbitrary web script or HTML via the result parameter.... Read more

    Affected Products : duportal_pro
    • Published: Dec. 11, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-4176

    AWARD Bios Modular 4.50pg does not clear the keyboard buffer after reading the BIOS password during system startup, which allows local administrators or users to read the password directly from physical memory.... Read more

    Affected Products : award_bios_modular
    • Published: Dec. 11, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-4171

    The "Upload new image" command in the "Manage Images" eFiction 1.1, when members are allowed to upload images, allows remote attackers to execute arbitrary PHP code by uploading a filename with a .php extension that contains a GIF header, which passes the... Read more

    Affected Products : efiction
    • Published: Dec. 11, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-4173

    eFiction 1.0, 1.1, and 2.0 allows remote attackers to obtain sensitive information by accessing phpinfo.php, which executes the PHP phpinfo function.... Read more

    Affected Products : efiction
    • Published: Dec. 11, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-4172

    eFiction 1.0, 1.1, and 2.0 allows remote attackers to obtain sensitive information via a direct request to storyblock.php without arguments, which leaks the full pathname in the resulting PHP error message.... Read more

    Affected Products : efiction
    • Published: Dec. 11, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 294733 Results