Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2005-2664

    Whisper 32 1.16, and possibly earlier versions, stores passwords in plaintext in memory, which allows local users to obtain the password using a debugger or another mechanism to read process memory.... Read more

    Affected Products : whisper32
    • Published: Aug. 23, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-2648

    Directory traversal vulnerability in index.php in W-Agora 4.2.0 and earlier allows remote attackers to read arbitrary files via the site parameter.... Read more

    Affected Products : w-agora
    • Published: Aug. 23, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2682

    aspell_setup.php in the SpellChecker plugin in DTLink AreaEdit before 0.4.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the dictionary parameter (aka the lang variable).... Read more

    Affected Products : areaedit
    • Published: Aug. 23, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-2650

    Cross-site scripting (XSS) vulnerability in sign.asp in Emefa Guestbook 1.2 allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) location, and (3) email parameters.... Read more

    Affected Products : emefa_guestbook
    • Published: Aug. 23, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-2643

    Tor 0.1.0.13 and earlier, and experimental versions 0.1.1.4-alpha and earlier, does not reject certain weak keys when using ephemeral Diffie-Hellman (DH) handshakes, which allows malicious Tor servers to obtain the keys that a client uses for other system... Read more

    Affected Products : tor tor
    • Published: Aug. 23, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2637

    Multiple SQL injection vulnerabilities in PHPFreeNews 1.40 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) Match or (2) CatID parameter to SearchResults.php, or (3) the password to AccessControl.php.... Read more

    Affected Products : phpfreenews
    • Published: Aug. 23, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2642

    Buffer overflow in the mutt_decode_xbit function in Handler.c for Mutt 1.5.10 allows remote attackers to execute arbitrary code, possibly due to interactions with libiconv or gettext.... Read more

    Affected Products : mutt
    • Published: Aug. 23, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2675

    Note: the vendor has disputed this issue. Multiple SQL injection vulnerabilities in Land Down Under (LDU) 800 allow remote attackers to execute arbitrary SQL commands via the (1) s or (2) m parameter to forums.php, (3) o, (4) w, (5) s, or (6) p parameter ... Read more

    Affected Products : land_down_under
    • Published: Aug. 23, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2639

    Buffer overflow in Chris Moneymaker's World Poker Championship 1.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long nickname.... Read more

    • Published: Aug. 23, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-2621

    index.php in ECW-Shop 6.0.2 allows remote attackers to obtain sensitive information via the (1) min or (2) max parameter with a "'" (single quote), which reveals the path in an error message, possibly due to a SQL injection vulnerability.... Read more

    Affected Products : ecw-shop
    • Published: Aug. 19, 2005
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2005-2508

    dsidentity in Directory Services in Mac OS X 10.4.2 allows local users to add or remove user accounts.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • Published: Aug. 19, 2005
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2005-2510

    The Server Admin tool in servermgr_ipfilter for Mac OS X 10.4 to 10.4.2, when using multiple subnets and Address Groups, does not always properly write firewall rules to the Active Rules when certain conditions occur, which could result in firewall polici... Read more

    Affected Products : mac_os_x_server
    • Published: Aug. 19, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-2624

    Eval injection vulnerability in CPAINT 1.3-SP allows remote attackers to execute arbitrary ASP code via the cpaint_argument[] parameter to (1) calculator.asp or (2) cpaintfile.asp, which is directly fed into an eval statement.... Read more

    Affected Products : cpaint
    • Published: Aug. 19, 2005
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2005-2502

    Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2, as used in applications such as TextEdit, allows external user-assisted attackers to execute arbitrary code via a crafted Microsoft Word file.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • Published: Aug. 19, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2625

    Incomplete blacklist vulnerability in the checkBlacklist function in CPAINT allows remote attackers to execute arbitrary commands via the (1) ExecuteGlobal function or (2) GetRef statement, which is not included in the blacklist.... Read more

    Affected Products : cpaint
    • Published: Aug. 19, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-2623

    ECW-Shop 6.0.2 allows remote attackers to reduce the total cost of their shopping cart by specifying a negative quantity for an item, which causes the price of the item to be subtracted from the total cost.... Read more

    Affected Products : ecw-shop
    • Published: Aug. 19, 2005
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2005-2504

    The System Profiler in Mac OS X 10.4.2 labels a Bluetooth device with "Requires Authentication: No" even when the user has selected the "Require pairing for security" option, which could confuse users about which setting is valid.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • Published: Aug. 19, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2627

    Multiple integer underflows in Kismet before 2005-08-R1 allow remote attackers to execute arbitrary code via (1) kernel headers in a pcap file or (2) data frame dissection, which leads to heap-based buffer overflows.... Read more

    Affected Products : kismet
    • Published: Aug. 19, 2005
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2005-2503

    AppKit for Mac OS X 10.3.9 and 10.4.2 allows attackers with physical access to create local accounts by forcing a particular error to occur at the login window.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • Published: Aug. 19, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-2127

    Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use ... Read more

    • Published: Aug. 19, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 294848 Results