Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.6

    MEDIUM
    CVE-2005-1636

    mysql_install_db in MySQL 4.1.x before 4.1.12 and 5.x up to 5.0.4 creates the mysql_install_db.X file with a predictable filename and insecure permissions, which allows local users to execute arbitrary SQL commands by modifying the file's contents.... Read more

    Affected Products : mysql mysql
    • Published: May. 17, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-1641

    mod_channel in The Ignition Project ignitionServer 0.3.0 to 0.3.6, and possibly earlier versions, does not allow protected operators to access channels that have been locked out by a key, which allows IRC users to cause a denial of service.... Read more

    Affected Products : ignitionserver
    • Published: May. 17, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-1634

    Multiple cross-site scripting (XSS) vulnerabilities in JGS-XA JGS-Portal 3.0.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) anzahl_beitraege parameter to jgs_portal.php, (2) year parameter to jgs_portal_statistik.p... Read more

    Affected Products : jgs-portal
    • Published: May. 17, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1629

    SQL injection vulnerability in member.php for Photopost PHP Pro allows remote attackers to execute arbitrary SQL commands via the verifykey parameter.... Read more

    Affected Products : photopost_php_pro
    • Published: May. 17, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1628

    apage.cgi in WebAPP 0.9.9.2.1, and possibly earlier versions, allows remote attackers to execute arbitrary commands via shell metacharacters in the f parameter.... Read more

    Affected Products : webapp
    • Published: May. 17, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-1631

    booby.php in Booby 1.0.0 and earlier allows remote attackers to view private bookmarks by guessing item IDs.... Read more

    Affected Products : booby
    • Published: May. 17, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1639

    SQL injection vulnerability in Sigmaweb.DLL in Sigma ISP Manager 6.6 allows remote attackers to execute arbitrary SQL commands via the (1) username, (2) password, or (3) domain fields.... Read more

    Affected Products : sigma_isp_manager
    • Published: May. 17, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-1627

    Unknown vulnerability in Viewglob before 2.0.1, related to "a potential security issue with the Viewglob display and ssh X forwarding," has unknown impact.... Read more

    Affected Products : viewglob
    • Published: May. 17, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-1599

    Cross-site scripting (XSS) vulnerability in Kryloff Technologies Subject Search Server (SSServer) 1.1 allows remote attackers to inject arbitrary web script or HTML via the "Search For" field.... Read more

    Affected Products : subject_search_server
    • Published: May. 16, 2005
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2005-1605

    Cross-site scripting (XSS) vulnerability in the guestbook for SiteStudio 1.6 allows remote attackers to inject arbitrary web script or HTML via the name field to (1) psoft.guestbook.GuestBookServ in Standalone Site Studio or (2) E-Guest_sign.pl in Integra... Read more

    Affected Products : sitestudio
    • Published: May. 16, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1367

    Pico Server (pServ) 3.2 and earlier allows local users to read arbitrary files as the pServ user via a symlink to a file outside of the web document root.... Read more

    Affected Products : pico_server
    • Published: May. 16, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1602

    SQL injection vulnerability in login.asp for Net56 Browser Based File Manager 1.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the password field.... Read more

    Affected Products : file_manager
    • Published: May. 16, 2005
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2005-1610

    Cross-site scripting (XSS) vulnerability in security.php for Tru-Zone NukeET 3.0 and 3.1 allows remote attackers to inject arbitrary web script or HTML via a base64 encoded Codigo parameter.... Read more

    Affected Products : nukeet
    • Published: May. 16, 2005
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2005-1590

    The Altiris Client Service for Windows (ACLIENT.EXE) 6.0.88 allows local users to disable password protection and access the administrative interface by finding and showing the "Altiris Client Service" hidden window, disabling the password protection, dis... Read more

    Affected Products : deployment_solution client_service
    • Published: May. 16, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1598

    SQL injection vulnerability in Invision Power Board (IPB) 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via a crafted cookie password hash (pass_hash) that modifies the internal $pid variable.... Read more

    Affected Products : invision_power_board invision_board
    • Published: May. 16, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1616

    viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 allows remote attackers to obtain sensitive information via an invalid (1) id or possibly (2) postorder parameter, which reveals the path in an error message when a file can not be opened.... Read more

    Affected Products : ultimate_php_board
    • Published: May. 16, 2005
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2005-1614

    Cross-site scripting (XSS) vulnerability in viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 allows remote attackers to inject arbitrary web script or HTML via the postorder parameter.... Read more

    Affected Products : ultimate_php_board
    • Published: May. 16, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1193

    The bbencode_second_pass and make_clickable functions in bbcode.php for phpBB before 2.0.15, as used in viewtopic.php, privmsg.php, and other scripts, allow remote attackers to execute arbitrary script via a BBcode tag with a (1) javascript:, (2) applet:,... Read more

    Affected Products : phpbb
    • Published: May. 16, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1604

    PHP Advanced Transfer Manager (phpATM) 1.21 allows remote attackers to upload arbitrary files via filenames containing multiple file extensions, as demonstrated using a filename ending in "php.ns", which allows execution of arbitrary PHP code.... Read more

    Affected Products : php_advanced_transfer_manager
    • Published: May. 16, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-1608

    Multiple unknown vulnerabilities in the Blocks module in Spidean AutoTheme 1.7 and AT-Lite for PostNuke have unknown impact.... Read more

    Affected Products : at-lite autotheme
    • Published: May. 16, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 293436 Results