Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.0

    MEDIUM
    CVE-2005-0677

    index.php for Zorum 3.5 allows remote attackers to perform certain actions as other users by modifying the id parameter.... Read more

    Affected Products : zorum
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-0659

    phpBB 2.0.13 and earlier allows remote attackers to obtain sensitive information via a direct request to oracle.php, which reveals the path in a PHP error message.... Read more

    Affected Products : phpbb
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-0578

    Firefox before 1.0.1 and Mozilla Suite before 1.7.6 use a predictable filename for the plugin temporary directory, which allows local users to delete arbitrary files of other users via a symlink attack on the plugtmp directory.... Read more

    Affected Products : firefox mozilla
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-0469

    Buffer overflow in the slc_add_reply function in various BSD-based Telnet clients, when handling LINEMODE suboptions, allows remote attackers to execute arbitrary code via a reply with a large number of Set Local Character (SLC) commands.... Read more

    Affected Products : telnet
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-0531

    The atm_get_addr function in addr.c for Linux kernel 2.6.10 and 2.6.11 before 2.6.11-rc4 may allow local users to trigger a buffer overflow via negative arguments.... Read more

    Affected Products : linux_kernel
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2005-0653

    phpMyAdmin 2.6.1 does not properly grant permissions on tables with an underscore in the name, which grants remote authenticated users more privileges than intended.... Read more

    Affected Products : phpmyadmin
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-0724

    paFileDB 3.1 and earlier allows remote attackers to obtain sensitive information via (1) an invalid str parameter to pafiledb.php, or a direct request to (2) viewall.php, (3) stats.php, (4) search.php, (5) rate.php, (6) main.php, (7) license.php, (8) cate... Read more

    Affected Products : pafiledb
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-0760

    The TIFF decoder in ImageMagick before 6.0 allows remote attackers to cause a denial of service (crash) via a crafted TIFF file.... Read more

    Affected Products : imagemagick
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-0766

    Unknown vulnerability in the sFlow dissector in Ethereal 0.9.14 through 0.10.9 allows remote attackers to cause a denial of service (application crash).... Read more

    Affected Products : enterprise_linux ethereal
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-0781

    SQL injection vulnerability in (1) viewall.php and (2) category.php in paFileDB 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the start parameter to pafiledb.php.... Read more

    Affected Products : pafiledb
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2005-0941

    The StgCompObjStream::Load function in OpenOffice.org OpenOffice 1.1.4 and earlier allocates memory based on 16 bit length values, but process memory using 32 bit values, which allows remote attackers to cause a denial of service and possibly execute arbi... Read more

    Affected Products : openoffice
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-0961

    Cross-site scripting (XSS) vulnerability in Horde 3.0.4 before 3.0.4-RC2 allows remote attackers to inject arbitrary web script or HTML via the parent frame title.... Read more

    Affected Products : application_framework
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-0977

    The shmem_nopage function in shmem.c for the tmpfs driver in Linux kernel 2.6 does not properly verify the address argument, which allows local users to cause a denial of service (kernel crash) via an invalid address.... Read more

    Affected Products : linux_kernel
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 7.1

    HIGH
    CVE-2005-1020

    Secure Shell (SSH) 2 in Cisco IOS 12.0 through 12.3 allows remote attackers to cause a denial of service (device reload) (1) via a username that contains a domain name when using a TACACS+ server to authenticate, (2) when a new SSH session is in the login... Read more

    Affected Products : ios
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.7

    MEDIUM
    CVE-2005-1111

    Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete.... Read more

    Affected Products : ubuntu_linux debian_linux cpio
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-1120

    Multiple cross-site scripting (XSS) vulnerabilities in IlohaMail 0.8.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the e-mail (1) body, (2) filename, or (3) MIME type.... Read more

    Affected Products : ilohamail
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-1127

    Format string vulnerability in the log function in Net::Server 0.87 and earlier, as used in Postfix Greylisting Policy Server (Postgrey) 1.18 and earlier, and possibly other products, allows remote attackers to cause a denial of service (crash) via format... Read more

    Affected Products : postgrey
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-1166

    The DNTUS26 process in Dameware NT Utilities and the DWRCS process in MiniRemote Control 4.9 and earlier stores the username and password in cleartext in memory, which could allow attackers to obtain sensitive information.... Read more

    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1195

    Multiple heap-based buffer overflows in the code used to handle (1) MMS over TCP (MMST) streams or (2) RealMedia RTSP streams in xine-lib before 1.0, and other products that use xine-lib such as MPlayer 1.0pre6 and earlier, allow remote malicious servers ... Read more

    Affected Products : mplayer xine-lib
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2005-1202

    Multiple cross-site scripting (XSS) vulnerabilities in eGroupware before 1.0.0.007 allow remote attackers to inject arbitrary web script or HTML via the (1) ab_id, (2) page, (3) type, or (4) lang parameter to index.php or (5) category_id parameter.... Read more

    Affected Products : egroupware
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 293261 Results