Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2005-1513

    Integer overflow in the stralloc_readyplus function in qmail, when running on 64 bit platforms with a large amount of virtual memory, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large SMTP request.... Read more

    Affected Products : ubuntu_linux debian_linux qmail
    • Published: May. 11, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-1515

    Integer signedness error in the qmail_put and substdio_put functions in qmail, when running on 64 bit platforms with a large amount of virtual memory, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large num... Read more

    Affected Products : qmail
    • Published: May. 11, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1500

    Multiple SQL injection vulnerabilities in myBloggie 2.1.1 allow remote attackers to execute arbitrary SQL commands via (1) the keyword parameter in search.php; or (2) the date_no parameter in viewdate mode, (3) the cat_id parameter in viewcat mode, the (4... Read more

    Affected Products : mybloggie
    • Published: May. 11, 2005
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2005-1502

    Cross-site scripting (XSS) vulnerability in MidiCart PHP Shopping Cart allows remote attackers to inject arbitrary web script or HTML via the (1) searchstring parameter to search_list.php or the (2) secondgroup or (3) maingroup parameters to item_list.php... Read more

    Affected Products : midicart_php_shopping_cart
    • Published: May. 11, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-1518

    Unknown vulnerability in Solaris 7 through 9, when using Federated Naming Services (FNS), autofs, and FNS X.500 configuration, allows local users to cause a denial of service (automountd crash) when "accessing" /xfn/_x500.... Read more

    Affected Products : solaris sunos
    • Published: May. 11, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2005-1559

    The web module in Neteyes Nexusway allows remote attackers to execute arbitrary commands via hex-encoded shell metacharacters in the ip parameter for (1) nslookup.cgi or (2) ping.cgi.... Read more

    Affected Products : nexusway
    • Published: May. 11, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1558

    The web module in Neteyes Nexusway allows remote attackers to bypass authentication and gain administrator privileges by setting the cyclone500_auth cookie.... Read more

    Affected Products : nexusway
    • Published: May. 11, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1517

    Unknown vulnerability in Cisco Firewall Services Module (FWSM) 2.3.1 and earlier, when using URL, FTP, or HTTPS filtering exceptions, allows certain TCP packets to bypass access control lists (ACLs).... Read more

    Affected Products : firewall_services_module
    • Published: May. 11, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1588

    SQL injection vulnerability in index.php for Quick.cart 0.3.0 allows remote attackers to execute arbitrary SQL commands via the iCategory parameter. NOTE: the vendor has privately disputed this issue, saying that Quick.cart does not even use SQL and ther... Read more

    Affected Products : quick.cart
    • Published: May. 11, 2005
    • Modified: Apr. 03, 2025

  • 1.9

    LOW
    CVE-2005-1488

    Multiple cross-site scripting (XSS) vulnerabilities in Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) the E-mail address, Note, or Public Certificate fields to address.ht... Read more

    Affected Products : web_mail mail_server
    • Published: May. 11, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1585

    Multiple SQL injection vulnerabilities in Quick.Forum 2.1.6 allow remote attackers to execute arbitrary SQL commands via the (1) iCategory or (2) page parameter to index.php, or (3) iCategory parameter in the query string to the forum directory.... Read more

    Affected Products : quick.forum
    • Published: May. 11, 2005
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2005-1496

    The DBMS_Scheduler in Oracle 10g allows remote attackers with CREATE JOB privileges to gain additional privileges by changing SESSION_USER to the SYS user.... Read more

    • Published: May. 11, 2005
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2005-1508

    Multiple cross-site scripting (XSS) vulnerabilities in PwsPHP 1.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) month or (2) annee parameters to the news module, (3) nbractif or (4) annee parameters to the stats module, (5) i... Read more

    Affected Products : pwsphp
    • Published: May. 11, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-1557

    Multiple cross-site scripting (XSS) vulnerabilities in WebApp Guestbook PRO 3.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) content of a message.... Read more

    Affected Products : guestbook_pro
    • Published: May. 11, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1516

    DList (dlist.exe) in DMail 3.1a allows remote attackers to bypass authentication, read log files, and shutdown the system via a sendlog command with an incorrect password hash, which is not properly handled by the _cmd_sendlog function.... Read more

    Affected Products : dmail
    • Published: May. 11, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-1493

    Directory traversal vulnerability in SimpleCam 1.2 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the URL.... Read more

    Affected Products : simplecam
    • Published: May. 11, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-1494

    Multiple cross-site scripting (XSS) vulnerabilities in admin.cgi in MegaBook 2.0 and 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) entryid or (2) password parameter.... Read more

    Affected Products : megabook
    • Published: May. 11, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1510

    PwsPHP 1.2.2 allows remote attackers to obtain sensitive information via a direct request to the admin directory, which reveals the path in an error message.... Read more

    Affected Products : pwsphp
    • Published: May. 11, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-1486

    Multiple cross-site scripting vulnerabilities in FishCart 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) trackingnum, (2) reqagree, or (3) m parameter to upstracking.php or (4) nlst parameter to display.php. NOTE: the vendo... Read more

    Affected Products : fishcart
    • Published: May. 11, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-1504

    GameSpy SDK CD-Key Validation Toolkit, as used by many online games, allows remote attackers to bypass the CD key validation by sending a spoofed \disc\ command, which tells the server the CD key is no longer in use.... Read more

    Affected Products : cd-key_validation_system
    • Published: May. 11, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 293179 Results