Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2005-2270

    Firefox before 1.0.5 and Mozilla before 1.7.9 does not properly clone base objects, which allows remote attackers to execute arbitrary code by navigating the prototype chain to reach a privileged object.... Read more

    Affected Products : firefox mozilla
    • Published: Jul. 13, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-2266

    Firefox before 1.0.5 and Mozilla before 1.7.9 allows a child frame to call top.focus and other methods in a parent frame, even when the parent is in a different domain, which violates the same origin policy and allows remote attackers to steal sensitive i... Read more

    Affected Products : firefox mozilla
    • Published: Jul. 13, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-2095

    options_identities.php in SquirrelMail 1.4.4 and earlier uses the extract function to process the $_POST variable, which allows remote attackers to modify or read the preferences of other users, conduct cross-site scripting XSS) attacks, and write arbitra... Read more

    Affected Products : enterprise_linux squirrelmail
    • Published: Jul. 13, 2005
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2005-2255

    Directory traversal vulnerability in PhpAuction 2.5 allows remote attackers to read arbitrary files, include local PHP files, or obtain sensitive path information via ".." sequences in the lan parameter to (1) index.php or (2) admin/index.php.... Read more

    Affected Products : phpauction
    • Published: Jul. 13, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2260

    The browser user interface in Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 does not properly distinguish between user-generated events and untrusted synthetic events, which makes it easier for remote attackers to perform dangerou... Read more

    Affected Products : firefox mozilla
    • Published: Jul. 13, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2252

    PhpAuction 2.5 allows remote attackers to bypass authentication and gain privileges as another user by setting the PHPAUCTION_RM_ID cookie to the user ID.... Read more

    Affected Products : phpauction
    • Published: Jul. 13, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-2254

    Multiple cross-site scripting (XSS) vulnerabilities in PhpAuction 2.5 allow remote attackers to inject arbitrary web script or HTML via the lan parameter to (1) index.php or (2) admin/index.php, or (3) the auction_id parameter to profile.php. NOTE: there... Read more

    Affected Products : phpauction
    • Published: Jul. 13, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2251

    PHP remote file inclusion vulnerability in secure.php in PHPSecurePages (phpSP) 0.28beta and earlier allows remote attackers to execute arbitrary code via the cfgProgDir parameter, a variant of CVE-2001-1468.... Read more

    Affected Products : phpsecurepages
    • Published: Jul. 13, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2005-2259

    The dispallclosed2 function in dispallclosed.pl for multiple USANet Creations products, including (1) USANet Shopping Mall Software, (2) Domain Name Auction Software, (3) Standard Classified Ads Software, and (4) MakeBid Reverse Auction allows remote atta... Read more

    • Published: Jul. 13, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-2273

    Opera 7.x and 8 before 8.01 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing V... Read more

    Affected Products : opera_browser
    • Published: Jul. 13, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-2272

    Safari version 2.0 (412) does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vuln... Read more

    Affected Products : safari
    • Published: Jul. 13, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-2263

    The InstallTrigger.install method in Firefox before 1.0.5 and Mozilla before 1.7.9 allows remote attackers to execute a callback function in the context of another domain by forcing a page navigation after the install method has been called, which causes ... Read more

    Affected Products : firefox mozilla
    • Published: Jul. 13, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2267

    Firefox before 1.0.5 allows remote attackers to steal information and possibly execute arbitrary code by using standalone applications such as Flash and QuickTime to open a javascript: URL, which is run in the context of the previous page, and may lead to... Read more

    Affected Products : firefox
    • Published: Jul. 13, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-2268

    Firefox before 1.0.5 and Mozilla before 1.7.9 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog... Read more

    Affected Products : firefox mozilla
    • Published: Jul. 13, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2005-2249

    Multiple unknown vulnerabilities in Jinzora 2.0.1 have unknown impact and attack vectors, possibly involving a PHP file inclusion vulnerability.... Read more

    Affected Products : jinzora
    • Published: Jul. 13, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2264

    Firefox before 1.0.5 allows remote attackers to steal sensitive information by opening a malicious link in the Firefox sidebar using the _search target, then injecting script into other pages via a data: URL.... Read more

    Affected Products : firefox
    • Published: Jul. 13, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-2248

    Directory traversal vulnerability in DownloadProtect before 1.0.3 allows remote attackers to read files above the download folder.... Read more

    Affected Products : downloadprotect
    • Published: Jul. 13, 2005
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2005-2262

    Firefox 1.0.3 and 1.0.4, and Netscape 8.0.2, allows remote attackers to execute arbitrary code by tricking the user into using the "Set As Wallpaper" (in Firefox) or "Set as Background" (in Netscape) context menu on an image URL that is really a javascrip... Read more

    Affected Products : firefox
    • Published: Jul. 13, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-2271

    iCab 2.9.8 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability."... Read more

    Affected Products : icab
    • Published: Jul. 13, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2261

    Firefox before 1.0.5, Thunderbird before 1.0.5, Mozilla before 1.7.9, Netscape 8.0.2, and K-Meleon 0.9 runs XBL scripts even when Javascript has been disabled, which makes it easier for remote attackers to bypass such protection.... Read more

    Affected Products : firefox thunderbird mozilla
    • Published: Jul. 13, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 293308 Results