Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2005-1966

    The eTrace_validaddr function in eTrace plugin for e107 portal allows remote attackers to execute arbitrary commands via shell metacharacters after a valid argument to the etrace_host parameter.... Read more

    Affected Products : e107
    • Published: Jun. 10, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1942

    Cisco switches that support 802.1x security allow remote attackers to bypass port security and gain access to the VLAN via spoofed Cisco Discovery Protocol (CDP) messages.... Read more

    Affected Products : catalyst
    • Published: Jun. 10, 2005
    • Modified: Apr. 03, 2025

  • 4.5

    MEDIUM
    CVE-2005-1876

    Direct code injection vulnerability in CuteNews 1.3.6 and earlier allows remote attackers with administrative privileges to execute arbitrary PHP code via certain inputs that are injected into a template (.tpl) file.... Read more

    Affected Products : cutenews
    • Published: Jun. 09, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1894

    Direct code injection vulnerability in FlatNuke 2.5.3 allows remote attackers to execute arbitrary PHP code by placing the code into the Referer header of an HTTP request, which causes the code to be injected into referer.php, which can then be accessed b... Read more

    Affected Products : flatnuke
    • Published: Jun. 09, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1908

    Perception LiteWeb allows remote attackers to bypass access controls for files via an extra leading / (slash) or leading \ (backslash) in the URL.... Read more

    Affected Products : liteweb
    • Published: Jun. 09, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-1947

    Cross-site request forgery (CSRF) vulnerability in Invision Gallery before 1.3.1 allows remote attackers to delete albums and images as another user via a link or IMG tag to the (1) albums or (2) delimg actions.... Read more

    Affected Products : gallery
    • Published: Jun. 09, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-1909

    The web server control panel in 602LAN SUITE 2004 allows remote attackers to make it more difficult for the administrator to read portions of log files via a "</pre><!-" sequence in an HTTP GET request in the logon, possibly due to a cross-site scripting ... Read more

    Affected Products : 602lan_suite
    • Published: Jun. 09, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-1870

    PHP remote file inclusion vulnerability in childwindow.inc.php in Popper 1.41-r2 and earlier allows remote attackers to execute arbitrary PHP code via the form parameter.... Read more

    Affected Products : popper
    • Published: Jun. 09, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1867

    Symantec Brightmail AntiSpam before 6.0.2 has a hard-coded database administrator password, which allows remote attackers to gain privileges.... Read more

    Affected Products : brightmail_antispam
    • Published: Jun. 09, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-1864

    PHP remote file inclusion vulnerability in cal_admintop.php in Calendarix Advanced 1.5 allows remote attackers to execute arbitrary PHP code via the calpath parameter.... Read more

    Affected Products : calendarix_advanced
    • Published: Jun. 09, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2005-1897

    Unknown vulnerability in FlexCast Audio Video Streaming Server before 2.0 has unknown impact and attack vectors.... Read more

    • Published: Jun. 09, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1871

    Unknown vulnerability in the privilege system in Drupal 4.4.0 through 4.6.0, when public registration is enabled, allows remote attackers to gain privileges, due to an "input check" that "is not implemented properly."... Read more

    Affected Products : drupal
    • Published: Jun. 09, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1948

    Multiple SQL injection vulnerabilities in Invision Gallery before 1.3.1 allow remote attackers to execute arbitrary SQL commands via (1) the comment parameter in an editcomment action or (2) the rating parameter when voting on a photo.... Read more

    Affected Products : invision_gallery
    • Published: Jun. 09, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-1901

    Multiple cross-site scripting (XSS) vulnerabilities in Sawmill before 7.1.6 allow remote attackers to inject arbitrary web script or HTML via (1) the username in the Add User window or (2) the license key in the Licensing page.... Read more

    Affected Products : sawmill
    • Published: Jun. 09, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1865

    Multiple SQL injection vulnerabilities in Calendarix Advanced 1.5 allow remote attackers to execute arbitrary SQL commands via the catview parameter to (1) cal_week.php, (2) cal_cat.php, or (3) cal_day.php, or (4) id parameter to cal_pophols.php.... Read more

    Affected Products : calendarix_advanced
    • Published: Jun. 09, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-1883

    global.php in YaPiG 0.92b allows remote attackers to include arbitrary local files via the BASE_DIR parameter.... Read more

    Affected Products : yapig
    • Published: Jun. 09, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1950

    hints.pl in Webhints 1.03 allows remote attackers to execute arbitrary commands via shell metacharacters in the argument.... Read more

    Affected Products : webhints
    • Published: Jun. 09, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-1896

    Directory traversal vulnerability in thumb.php in FlatNuke 2.5.3 allows remote attackers to read arbitrary images or obtain the installation path via the image parameter.... Read more

    Affected Products : flatnuke
    • Published: Jun. 09, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1900

    Sawmill before 7.1.6 allows remote attackers to bypass authentication and (1) gain administrative privileges or (2) add a license.... Read more

    Affected Products : sawmill
    • Published: Jun. 09, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1868

    I-Man 0.9, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code by uploading a file attachment with a .php extension.... Read more

    Affected Products : i-man
    • Published: Jun. 09, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 293350 Results