Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2005-3899

    The automatic update feature in Google Talk allows remote attackers to cause a denial of service (CPU and memory consumption) by poisoning a target's DNS cache and causing a large update file to be sent, which consumes large amounts of CPU and memory duri... Read more

    Affected Products : talk
    • Published: Nov. 29, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-3892

    Gadu-Gadu 7.20 allows remote attackers to eavesdrop on a user via a web page that accesses the EasycallLite.oce ActiveX control, which can initiate an outgoing phone call and listen to the microphone.... Read more

    Affected Products : gadu-gadu_instant_messenger
    • Published: Nov. 29, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2123

    Multiple integer overflows in the Graphics Rendering Engine (GDI32.DLL) in Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allow remote attackers to execute arbitrary code via crafted Windows Metafile (WMF) and Enhanced Metafile (EMF) format images ... Read more

    • Published: Nov. 29, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3893

    Multiple SQL injection vulnerabilities in index.pl in Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) user parameter in the Login ... Read more

    Affected Products : otrs
    • Published: Nov. 29, 2005
    • Modified: Apr. 03, 2025

  • 7.8

    HIGH
    CVE-2005-3897

    Apple Safari 2.0.2 allows remote attackers to cause a denial of service (system slowdown) via a Javascript BODY onload event that calls the window function.... Read more

    Affected Products : safari
    • Published: Nov. 29, 2005
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2005-3886

    Unspecified vulnerability in Cisco Security Agent (CSA) 4.5.0 and 4.5.1 agents, when running on Windows systems, allows local users to bypass protections and gain system privileges by executing certain local software.... Read more

    Affected Products : security_agent
    • Published: Nov. 29, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-3885

    The ps2epsi extension shell script (ps2epsi.sh) in Inkscape before 0.41 allows local users to overwrite arbitrary files via a symlink attack on the tmpepsifile.epsi temporary file.... Read more

    Affected Products : inkscape
    • Published: Nov. 29, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3870

    Multiple SQL injection vulnerabilities in edmobbs9r.php in edmoBBS 0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) table and (2) messageID parameters.... Read more

    Affected Products : edmobbs
    • Published: Nov. 29, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3874

    SQL injection vulnerability in netzbr.php in Netzbrett 1.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the p_entry parameter in an entry command to index.php.... Read more

    Affected Products : netzbrett
    • Published: Nov. 29, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3879

    Multiple SQL injection vulnerabilities in Softbiz Resource Repository Script 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) sbres_id parameter in (a) details_res.php, (b) refer_friend.php, and (c) report_link.php, and... Read more

    Affected Products : resource_repository_script
    • Published: Nov. 29, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3876

    Multiple SQL injection vulnerabilities in adcbrowres.php in AD Center ADC2000 NG Pro 1.2 and NG Pro Lite allow remote attackers to execute arbitrary SQL commands via the (1) cat and (2) lang parameters.... Read more

    Affected Products : adc2000_ng_pro adc2000_ng_pro_lite
    • Published: Nov. 29, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3881

    SQL injection vulnerability in search.php in AtlantisFAQ Knowledge Base Software 2.03 and earlier allows remote attackers to execute arbitrary SQL commands via the searchStr parameter.... Read more

    Affected Products : altantis_knowledge_base_software
    • Published: Nov. 29, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3884

    Multiple SQL injection vulnerabilities in the search action in Zainu 2.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) term and (2) start parameters to index.php.... Read more

    Affected Products : zainu
    • Published: Nov. 29, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3872

    Multiple SQL injection vulnerabilities in Ugroup 2.6.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) FORUM_ID parameter in forum.php, and the (2) TOPIC_ID, (3) FORUM_ID, and (4) CAT_ID parameters in topic.php.... Read more

    Affected Products : ugroup
    • Published: Nov. 29, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-3869

    Cross-site scripting (XSS) vulnerability in index.php in Google API Search 1.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via hex-encoded values in the REQ parameter.... Read more

    Affected Products : api_search
    • Published: Nov. 29, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3868

    Multiple SQL injection vulnerabilities in K-Search 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) term, (2) id, (3) stat, and (4) source parameters to index.php, and (5) through the image parameters with an add reques... Read more

    Affected Products : k-search
    • Published: Nov. 29, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3863

    Stack-based buffer overflow in kkstrtext.h in ktools library 0.3 and earlier, as used in products such as (1) centericq, (2) orpheus, (3) motor, and (4) groan, allows local users or remote attackers to execute arbitrary code via a long parameter to the VG... Read more

    Affected Products : ktools
    • Published: Nov. 29, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3873

    SQL injection vulnerability in topic.php in ShockBoard 3.0 and 4.0 allows remote attackers to execute arbitrary SQL commands via the offset parameter.... Read more

    Affected Products : shockboard
    • Published: Nov. 29, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3877

    Multiple SQL injection vulnerabilities in Simple Document Management System (SDMS) 2.0-CVS and earlier allow remote attackers to execute arbitrary SQL commands via the (1) folder_id parameter in list.php and (2) mid parameter in a view action to messages.... Read more

    Affected Products : simple_document_management_system
    • Published: Nov. 29, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-3871

    Multiple SQL injection vulnerabilities in Joels Bulletin board (JBB) 0.9.9rc3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) nr parameter in topiczeigen.php, (2) forum and (3) zeigeseite parameters in showforum.php, (4) f... Read more

    Affected Products : jbb
    • Published: Nov. 29, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 294740 Results