Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2005-1736

    PROMS 0.11 does not properly handle "certain combinations of rights," which gives more rights to users than intended.... Read more

    Affected Products : proms
    • EPSS Score: %0.39
    • Published: May. 24, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1700

    SQL injection vulnerability in pnadmin.php in the Xanthia module in PostNuke 0.760-RC3 allows remote administrators to execute arbitrary SQL commands via the riga[0] parameter.... Read more

    Affected Products : postnuke
    • EPSS Score: %0.27
    • Published: May. 24, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1743

    BEA WebLogic Server and WebLogic Express 8.1 through Service Pack 3 and 7.0 through Service Pack 5 does not properly handle when a security provider throws an exception, which may cause WebLogic to use incorrect identity for the thread, or to fail to audi... Read more

    Affected Products : weblogic_server weblogic_portal
    • EPSS Score: %0.54
    • Published: May. 24, 2005
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2005-1699

    Directory traversal vulnerability in pnadminapi.php in the Xanthia module in PostNuke 0.760-RC3 allows remote administrators to read arbitrary files via a .. (dot dot) in the skin parameter.... Read more

    Affected Products : postnuke
    • EPSS Score: %0.33
    • Published: May. 24, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-1742

    BEA WebLogic Server and WebLogic Express 8.1 SP2 and SP3 allows users with the Monitor security role to "shrink or reset JDBC connection pools."... Read more

    Affected Products : weblogic_server weblogic_portal
    • EPSS Score: %0.41
    • Published: May. 24, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-1749

    Buffer overflow in BEA WebLogic Server and WebLogic Express 6.1 Service Pack 4 allows remote attackers to cause a denial of service (CPU consumption from thread looping).... Read more

    Affected Products : weblogic_server weblogic_portal
    • EPSS Score: %0.83
    • Published: May. 24, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-1746

    The cluster cookie parsing code in BEA WebLogic Server 7.0 through Service Pack 5 attempts to contact any host or port specified in a cookie, even when it is not in the cluster, which allows remote attackers to cause a denial of service (cluster slowdown)... Read more

    Affected Products : weblogic_server weblogic_portal
    • EPSS Score: %0.86
    • Published: May. 24, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2005-1740

    fixproc in Net-snmp 5.x before 5.2.1-r1 creates temporary files insecurely, which allows local users to modify the contents of those files to execute arbitrary commands, or overwrite arbitrary files via a symlink attack.... Read more

    Affected Products : net-snmp
    • EPSS Score: %2.54
    • Published: May. 24, 2005
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2005-1708

    templates.admin.users.user_form_processing in Blue Coat Reporter before 7.1.2 allows authenticated users to gain administrator privileges via an HTTP POST that sets volatile.user.administrator to true.... Read more

    Affected Products : reporter
    • EPSS Score: %0.91
    • Published: May. 24, 2005
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2005-1707

    The fn_show_postinst function in Gentoo webapp-config before 1.10-r14 allows local users to overwrite arbitrary files via a symlink attack on the postinst.txt temporary file.... Read more

    Affected Products : linux_webapp-config
    • EPSS Score: %0.23
    • Published: May. 24, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-1713

    Multiple cross-site scripting (XSS) vulnerabilities in Serendipity 0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) templatedropdown and (2) shoutbox plugins.... Read more

    Affected Products : serendipity
    • EPSS Score: %0.35
    • Published: May. 24, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-1716

    TOPo 2.2 (2.2.178) stores data files in the data directory under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as client IP addresses.... Read more

    Affected Products : topo
    • EPSS Score: %0.42
    • Published: May. 24, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-1733

    Cookie Cart stores the password file under the web document root with insufficient access control, which allows remote attackers to obtain usernames and encrypted passwords via a direct request to passwd.txt.... Read more

    Affected Products : cookie_cart
    • EPSS Score: %0.41
    • Published: May. 24, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1734

    Multiple SQL injection vulnerabilities in PROMS before 0.11 allow remote attackers to execute arbitrary SQL commands via unknown vectors.... Read more

    Affected Products : proms
    • EPSS Score: %0.49
    • Published: May. 24, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2005-1738

    Format string vulnerability in the logPrintBadfile function in delbadfiles.c Iron Bars SHell (ibsh) before 0.3d allows users to "access files outside the home directory" and possibly execute arbitrary code via certain inputs that are not properly handled ... Read more

    Affected Products : iron_bars_shell
    • EPSS Score: %0.89
    • Published: May. 24, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1709

    Unknown vulnerability in Blue Coat Reporter before 7.1.2 allows remote unauthenticated attackers to add a license.... Read more

    Affected Products : reporter
    • EPSS Score: %3.78
    • Published: May. 24, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-1717

    ZyXEL Prestige 650R-31 router running ZyNOS FW v3.40(KO.1) allows remote attackers to cause a denial of service (CPU consumption and network loss) via crafted fragmented IP packets.... Read more

    Affected Products : prestige_650r-31
    • EPSS Score: %0.92
    • Published: May. 24, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-1735

    Multiple cross-site scripting (XSS) vulnerabilities in PROMS before 0.11 allow remote attackers to inject arbitrary web script or HTML via unknown vectors.... Read more

    Affected Products : proms
    • EPSS Score: %0.34
    • Published: May. 24, 2005
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2005-1745

    The UserLogin control in BEA WebLogic Portal 8.1 through Service Pack 3 prints the password to standard output when an incorrect login attempt is made, which could make it easier for attackers to guess the correct password.... Read more

    Affected Products : weblogic_server weblogic_portal
    • EPSS Score: %0.54
    • Published: May. 24, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-1732

    Cookie Cart allows remote attackers to read the Order Notification list via the testmycgi and path parameters to testmy.cgi.... Read more

    Affected Products : cookie_cart
    • EPSS Score: %0.48
    • Published: May. 24, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 292485 Results