Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.0

    MEDIUM
    CVE-2005-1579

    Apple QuickTime Player 7.0 on Mac OS X 10.4 allows remote attackers to obtain sensitive information via a .mov file with a Quartz Composer composition (.qtz) file that uses certain patches to read local information, then other patches to send the informat... Read more

    Affected Products : quicktime
    • Published: May. 12, 2005
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2005-0972

    Integer overflow in the searchfs system call in Mac OS X 10.3.9 and earlier allows local users to execute arbitrary code via crafted parameters.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • Published: May. 12, 2005
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2005-0971

    Stack-based buffer overflow in the semop system call in Mac OS X 10.3.9 and earlier allows local users to gain privileges via crafted arguments.... Read more

    Affected Products : mac_os_x
    • Published: May. 12, 2005
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2005-0974

    Unknown vulnerability in the nfs_mount call in Mac OS X 10.3.9 and earlier allows local users to gain privileges via crafted arguments.... Read more

    Affected Products : mac_os_x
    • Published: May. 12, 2005
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2005-0969

    Heap-based buffer overflow in the syscall emulation functionality in Mac OS X before 10.3.9 allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code via crafted parameters.... Read more

    Affected Products : mac_os_x
    • Published: May. 12, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-1568

    topic.php in DirectTopics 2.1 and 2.2 allows remote attackers to obtain sensitive information via an invalid topic parameter, which reveals the path in an error message.... Read more

    Affected Products : directtopics
    • Published: May. 12, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1564

    post_bug.cgi in Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 allows remote authenticated users to "enter bugs into products that are closed for bug entry" by modifying the URL to specify the name of the product.... Read more

    Affected Products : bugzilla
    • Published: May. 12, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1532

    Firefox before 1.0.4 and Mozilla Suite before 1.7.8 do not properly limit privileges of Javascript eval and Script objects in the calling context, which allows remote attackers to conduct unauthorized activities via "non-DOM property overrides," a variant... Read more

    Affected Products : firefox mozilla
    • Published: May. 12, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-1572

    ShowOff! 1.5.4 allows remote attackers to cause a denial of service (server crash) via a malformed request to port 8083.... Read more

    Affected Products : showoff_digital_media_software
    • Published: May. 11, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1505

    The new account wizard in Mail.app 2.0 in Mac OS 10.4, when configuring an IMAP mail account and checking the credentials, does not prompt the user to use SSL until after the password has already been sent, which causes the password to be sent in plaintex... Read more

    Affected Products : mail
    • Published: May. 11, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1573

    SQL injection vulnerability in admin_login.asp for ASP Virtual News Manager allows remote attackers to execute arbitrary SQL commands via the password parameter.... Read more

    Affected Products : asp_virtual_news_manager
    • Published: May. 11, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1511

    PwsPHP 1.2.2 allows remote attackers to bypass authentication and post arbitrary comments via the Pseudo cookie.... Read more

    Affected Products : pwsphp
    • Published: May. 11, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1512

    The Admin panel in PwsPHP 1.2.2 does not properly verify uploaded picture files, which allows remote attackers to upload and possibly execute arbitrary files.... Read more

    Affected Products : pwsphp
    • Published: May. 11, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-1489

    Unknown vulnerability in Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 allows remote authenticated users to obtain the full path of the server via certain requests to (1) calendar_addevent.html, (2) calendar_event.html, or (3) calendar_task.html.... Read more

    Affected Products : web_mail mail_server
    • Published: May. 11, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-1504

    GameSpy SDK CD-Key Validation Toolkit, as used by many online games, allows remote attackers to bypass the CD key validation by sending a spoofed \disc\ command, which tells the server the CD key is no longer in use.... Read more

    Affected Products : cd-key_validation_system
    • Published: May. 11, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-1262

    Gaim 1.2.1 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed MSN message.... Read more

    Affected Products : enterprise_linux gaim
    • Published: May. 11, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1510

    PwsPHP 1.2.2 allows remote attackers to obtain sensitive information via a direct request to the admin directory, which reveals the path in an error message.... Read more

    Affected Products : pwsphp
    • Published: May. 11, 2005
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2005-1491

    Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 allows remote authenticated users to (1) move their home directory via viewaction.html or (2) move arbitrary files via the importfile parameter to importaction.html.... Read more

    Affected Products : web_mail mail_server
    • Published: May. 11, 2005
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2005-1508

    Multiple cross-site scripting (XSS) vulnerabilities in PwsPHP 1.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) month or (2) annee parameters to the news module, (3) nbractif or (4) annee parameters to the stats module, (5) i... Read more

    Affected Products : pwsphp
    • Published: May. 11, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-1557

    Multiple cross-site scripting (XSS) vulnerabilities in WebApp Guestbook PRO 3.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) content of a message.... Read more

    Affected Products : guestbook_pro
    • Published: May. 11, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 294717 Results