Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2005-0048

    Microsoft Windows XP SP2 and earlier, 2000 SP3 and SP4, Server 2003, and older operating systems allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IP packets with malformed options, aka the "IP Validation... Read more

    Affected Products : windows_2000 windows_xp
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-0008

    Unknown vulnerability in the DNP dissector in Ethereal 0.10.5 through 0.10.8 allows remote attackers to cause "memory corruption."... Read more

    Affected Products : ethereal
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-0459

    phpMyAdmin 2.6.2-dev, and possibly earlier versions, allows remote attackers to determine the full path of the web root via a direct request to select_lang.lib.php, which reveals the path in a PHP error message.... Read more

    Affected Products : phpmyadmin
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1203

    Multiple SQL injection vulnerabilities in index.php in eGroupware before 1.0.0.007 allow remote attackers to execute arbitrary SQL commands via the (1) filter or (2) cats_app parameter.... Read more

    Affected Products : egroupware
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-1172

    Cross-site scripting (XSS) vulnerability in init.inc.php in Coppermine Photo Gallery 1.3.x allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For parameter.... Read more

    Affected Products : coppermine_photo_gallery
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1157

    Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to replace existing search plugins with malicious ones using sidebar.addSearchEngine and the same filename as the target engine, which may not be displayed in the G... Read more

    Affected Products : firefox mozilla navigator
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-1121

    Format string vulnerability in the my_xlog function in lib.c for Oops! Proxy Server 1.5.23 and earlier, as called by the auth functions in the passwd_mysql and passwd_pgsql modules, may allow attackers to execute arbitrary code via a URL.... Read more

    Affected Products : linux oops_proxy_server
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-1108

    The ij_untrusted_url function in JunkBuster 2.0.2-r2, with single-threaded mode enabled, allows remote attackers to overwrite the referrer field via a crafted HTTP request.... Read more

    Affected Products : internet_junkbuster
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-1038

    crontab in Vixie cron 4.1, when running with the -e option, allows local users to read the cron files of other users by changing the file being edited to a symlink. NOTE: there is insufficient information to know whether this is a duplicate of CVE-2001-0... Read more

    Affected Products : enterprise_linux vixie_cron
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-0992

    Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin before 2.6.2-rc1 allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter.... Read more

    Affected Products : phpmyadmin
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2005-0815

    Multiple "range checking flaws" in the ISO9660 filesystem handler in Linux 2.6.11 and earlier may allow attackers to cause a denial of service or corrupt memory via a crafted filesystem.... Read more

    Affected Products : linux_kernel
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-0782

    Cross-site scripting (XSS) vulnerability in (1) viewall.php and (2) category.php for paFileDB 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the start parameter to pafiledb.php.... Read more

    Affected Products : pafiledb
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2005-0611

    Heap-based buffer overflow in RealNetworks RealPlayer 10.5 (6.0.12.1056 and earlier), 10, 8, and RealOne Player V2 and V1, allows remote attackers to execute arbitrary code via .WAV files.... Read more

    Affected Products : realplayer realone_player helix_player
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 6.2

    MEDIUM
    CVE-2005-0602

    Unzip 5.51 and earlier does not properly warn the user when extracting setuid or setgid files, which may allow local users to gain privileges.... Read more

    Affected Products : unzip
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-0544

    phpMyAdmin 2.6.1 allows remote attackers to obtain the full path of the server via direct requests to (1) sqlvalidator.lib.php, (2) sqlparser.lib.php, (3) select_theme.lib.php, (4) select_lang.lib.php, (5) relation_cleanup.lib.php, (6) header_meta_style.i... Read more

    Affected Products : phpmyadmin
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-0525

    The php_next_marker function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 and 5.0.3, as reachable by the getimagesize PHP function, allows remote attackers to cause a denial of service (infinite loop) via a JPEG image with an invalid marker value, which causes... Read more

    Affected Products : php
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-0446

    Squid 2.5.STABLE8 and earlier allows remote attackers to cause a denial of service (crash) via certain DNS responses regarding (1) Fully Qualified Domain Names (FQDN) in fqdncache.c or (2) IP addresses in ipcache.c, which trigger an assertion failure.... Read more

    Affected Products : squid
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-0438

    awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to obtain sensitive information by setting the debug parameter.... Read more

    Affected Products : awstats
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-0397

    Format string vulnerability in the SetImageInfo function in image.c for ImageMagick before 6.0.2.5 may allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a filename a... Read more

    Affected Products : imagemagick
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-0363

    awstats.pl in AWStats 4.0 and 6.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the config parameter.... Read more

    Affected Products : awstats
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 293261 Results