Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.0

    MEDIUM
    CVE-2005-1486

    Multiple cross-site scripting vulnerabilities in FishCart 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) trackingnum, (2) reqagree, or (3) m parameter to upstracking.php or (4) nlst parameter to display.php. NOTE: the vendo... Read more

    Affected Products : fishcart
    • Published: May. 11, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1510

    PwsPHP 1.2.2 allows remote attackers to obtain sensitive information via a direct request to the admin directory, which reveals the path in an error message.... Read more

    Affected Products : pwsphp
    • Published: May. 11, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1516

    DList (dlist.exe) in DMail 3.1a allows remote attackers to bypass authentication, read log files, and shutdown the system via a sendlog command with an incorrect password hash, which is not properly handled by the _cmd_sendlog function.... Read more

    Affected Products : dmail
    • Published: May. 11, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1499

    delcomment.php in myBloggie 2.1.1 allows remote attackers to delete arbitrary comments by modifying the comment_id parameter.... Read more

    Affected Products : mybloggie
    • Published: May. 11, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-1484

    Directory traversal vulnerability in Golden FTP server pro 2.52 allows remote attackers to read arbitrary files via a "\.." (backward slash dot dot) with a leading '"' (double quote) in the GET command.... Read more

    Affected Products : golden_ftp_server
    • Published: May. 11, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2005-1559

    The web module in Neteyes Nexusway allows remote attackers to execute arbitrary commands via hex-encoded shell metacharacters in the ip parameter for (1) nslookup.cgi or (2) ping.cgi.... Read more

    Affected Products : nexusway
    • Published: May. 11, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1500

    Multiple SQL injection vulnerabilities in myBloggie 2.1.1 allow remote attackers to execute arbitrary SQL commands via (1) the keyword parameter in search.php; or (2) the date_no parameter in viewdate mode, (3) the cat_id parameter in viewcat mode, the (4... Read more

    Affected Products : mybloggie
    • Published: May. 11, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-1518

    Unknown vulnerability in Solaris 7 through 9, when using Federated Naming Services (FNS), autofs, and FNS X.500 configuration, allows local users to cause a denial of service (automountd crash) when "accessing" /xfn/_x500.... Read more

    Affected Products : solaris sunos
    • Published: May. 11, 2005
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2005-1502

    Cross-site scripting (XSS) vulnerability in MidiCart PHP Shopping Cart allows remote attackers to inject arbitrary web script or HTML via the (1) searchstring parameter to search_list.php or the (2) secondgroup or (3) maingroup parameters to item_list.php... Read more

    Affected Products : midicart_php_shopping_cart
    • Published: May. 11, 2005
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2005-1263

    The elf_core_dump function in binfmt_elf.c for Linux kernel 2.x.x to 2.2.27-rc2, 2.4.x to 2.4.31-pre1, and 2.6.x to 2.6.12-rc4 allows local users to execute arbitrary code via an ELF binary that, in certain conditions involving the create_elf_tables funct... Read more

    Affected Products : linux_kernel
    • Published: May. 11, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1503

    Multiple SQL injection vulnerabilities in MidiCart PHP Shopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) searchstring parameter to search_list.php, the (2) maingroup or (3) secondgroup parameters to item_list.php, or (4) c... Read more

    Affected Products : midicart_php_shopping_cart
    • Published: May. 11, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2005-1560

    The SSH module in Neteyes Nexusway allows remote attackers to execute arbitrary commands via shell metacharacters in arguments to certain commands, as demonstrated using ping and traceroute.... Read more

    Affected Products : nexusway
    • Published: May. 11, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1562

    Multiple SQL injection vulnerabilities in MaxWebPortal 1.3.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) fpassword parameter to inc_functions.asp, (2) txtAddress, (3) message, or (4) subject parameter to post_info.asp,... Read more

    Affected Products : maxwebportal
    • Published: May. 11, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1501

    MidiCart PHP Shopping Cart allows remote attackers to obtain sensitive information via a direct request to (1) search_list.php, (2) item_list.php, or (3) item_show.php, which reveal the path in a PHP error message.... Read more

    Affected Products : midicart_php_shopping_cart
    • Published: May. 11, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-1485

    Golden FTP Server Pro 2.52 allows remote attackers to obtain sensitive information via a GET request for a file that does not exist, which reveals the absolute path of the FTP server in the resulting FTP error message.... Read more

    Affected Products : golden_ftp_server
    • Published: May. 11, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1479

    SQL injection vulnerability in jgs_portal.php in JGS-Portal 3.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.... Read more

    Affected Products : jgs-portal
    • Published: May. 11, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-1490

    Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2, when the mailbox.dat file does not exist, allows remote authenticated users to determine if a file exists via the folder parameter to attachment.html.... Read more

    Affected Products : web_mail mail_server
    • Published: May. 11, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-1497

    index.php in myBloggie 2.1.1 allows remote attackers to obtain sensitive information via an invalid post_id parameter, which reveals the path in an error message.... Read more

    Affected Products : mybloggie
    • Published: May. 11, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1509

    SQL injection vulnerability in profil.php in PwsPHP 1.2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.... Read more

    Affected Products : pwsphp
    • Published: May. 11, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1482

    ArticleLive 2005 allows remote attackers to gain privileges by modifying the (1) auth and (2) userId fields in a cookie.... Read more

    Affected Products : articlelive
    • Published: May. 11, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 294690 Results