Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2005-0512

    PHP remote file inclusion vulnerability in Tar.php in Mambo 4.5.2 allows remote attackers to execute arbitrary PHP code by modifying the mosConfig_absolute_path parameter to reference a URL on a remote web server that contains the code, a different vulner... Read more

    Affected Products : mambo
    • Published: Feb. 21, 2005
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2005-0503

    uim before 0.4.5.1 trusts certain environment variables when libUIM is used in setuid or setgid applications, which allows local users to gain privileges.... Read more

    Affected Products : mandrake_linux uim
    • Published: Feb. 21, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-0467

    Multiple integer overflows in the (1) sftp_pkt_getstring and (2) fxp_readdir_recv functions in the PSFTP and PSCP clients for PuTTY 0.56, and possibly earlier versions, allow remote malicious web sites to execute arbitrary code via SFTP responses that cor... Read more

    Affected Products : putty
    • Published: Feb. 21, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-0499

    Gigafast router (aka CompUSA router) with the DNS proxy option enabled allows remote attackers to cause a denial of service via malformed DNS queries.... Read more

    Affected Products : gigafast_router
    • Published: Feb. 20, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-0513

    PHP remote file inclusion vulnerability in mail_autocheck.php in the Email This Entry add-on for pMachine Pro 2.4, and possibly other versions including pMachine Free, allows remote attackers to execute arbitrary PHP code by directly requesting mail_autoc... Read more

    Affected Products : pmachine_pro
    • Published: Feb. 19, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-0495

    Cross-site scripting (XSS) vulnerability in ZeroBoard allows remote attackers to inject arbitrary web script or HTML via the (1) sn1, (2) year, or (3) page parameter to zboard.php or (4) filename to view_image.php.... Read more

    Affected Products : zeroboard
    • Published: Feb. 19, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-0092

    Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split patch, when running on x86 with the hugemem kernel, allows local users to cause a denial of service (crash).... Read more

    • Published: Feb. 19, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-0502

    Directory traversal vulnerability in Xinkaa 1.0.3 and earlier allows remote attackers to read arbitrary files via (1) ../ and (2) ..\ characters in an HTTP request.... Read more

    Affected Products : xinkaa_web_station
    • Published: Feb. 18, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2005-0519

    ArGoSoft FTP Server before 1.4.2.7 allows remote attackers to read arbitrary files by uploading a ZIP file containing a shortcut (.LNK) file, using SITE UNZIP to extract the .LNK file onto the server, then accessing the file, a different vulnerability tha... Read more

    Affected Products : ftp_server
    • Published: Feb. 18, 2005
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2005-0242

    The Audio Setup Wizard (asw.dll) in Yahoo! Messenger 6.0.0.1750, and possibly other versions, allows attackers to arbitrary code by placing a malicious ping.exe program into the Messenger program directory, which is installed with weak default permissions... Read more

    Affected Products : messenger
    • Published: Feb. 18, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-0243

    Yahoo! Messenger 6.0.0.1750, and possibly other versions before 6.0.0.1921, does not properly display long filenames in file dialog boxes, which could allow remote attackers to trick users into downloading and executing programs via file names containing ... Read more

    Affected Products : messenger
    • Published: Feb. 17, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-0462

    Cross-site scripting (XSS) vulnerability in MercuryBoard 1.0.x and 1.1.x allows remote attackers to inject arbitrary HTML and web script via the f parameter.... Read more

    Affected Products : mercuryboard
    • Published: Feb. 17, 2005
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2005-0105

    Unknown vulnerability in typespeed 0.4.1 and earlier allows local users to gain privileges.... Read more

    Affected Products : typespeed
    • Published: Feb. 16, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-0452

    Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ASP.NET (.Net) 1.0 and 1.1 to SP1 allow remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal ASCII ... Read more

    Affected Products : windows_server_2003 asp.net
    • Published: Feb. 16, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-0453

    The buffer_urldecode function in Lighttpd 1.3.7 and earlier does not properly handle control characters, which allows remote attackers to obtain the source code for CGI and FastCGI scripts via a URL with a %00 (null) character after the file extension.... Read more

    Affected Products : lighttpd
    • Published: Feb. 16, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-0176

    The shmctl function in Linux 2.6.9 and earlier allows local users to unlock the memory of other processes, which could cause sensitive memory to be swapped to disk, which could allow it to be read by other users once it has been released.... Read more

    Affected Products : linux_kernel
    • Published: Feb. 15, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-0433

    Php-Nuke 7.5 allows remote attackers to determine the full path of the web server via invalid or missing arguments to (1) db.php, (2) mainfile.php, (3) Downloads/index.php, or (4) Web_Links/index.php, which lists the path in a PHP error message.... Read more

    Affected Products : php-nuke
    • Published: Feb. 15, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-0447

    Solaris 7, 8, and 9 allows remote attackers to cause a denial of service (hang) via a flood of certain ARP packets.... Read more

    Affected Products : solaris sunos
    • Published: Feb. 15, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-0434

    Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 7.5 allow remote attackers to inject arbitrary HTML or web script via (1) the newdownloadshowdays parameter in a NewDownloads operation or (2) the newlinkshowdays parameter in a NewLinks oper... Read more

    Affected Products : php-nuke
    • Published: Feb. 15, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-0149

    Thunderbird 0.6 through 0.9 and Mozilla 1.7 through 1.7.3 does not obey the network.cookie.disableCookieForMailNews preference, which could allow remote attackers to bypass the user's intended privacy and security policy by using cookies in e-mail message... Read more

    Affected Products : thunderbird mozilla
    • Published: Feb. 15, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 293357 Results