Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
  • 4.3

    MEDIUM
    CVE-2005-1619

    Multiple cross-site scripting (XSS) vulnerabilities in (1) start_page.css.php3 (aka start-page.css.php3) or (2) style.css.php3 in PHPMyChat 0.14.5 allow remote attackers to inject arbitrary web script or HTML commands via the FontName parameter. NOTE: it... Read more

    Affected Products : phpmychat
    • Published: May. 16, 2005
    • Modified: Apr. 03, 2025
  • 6.8

    MEDIUM
    CVE-2005-1613

    Cross-site scripting (XSS) vulnerability in member.php in Open Bulletin Board (OpenBB) 1.0.8 allows remote attackers to inject arbitrary web script or HTML via the reverse parameter in a list action.... Read more

    Affected Products : openbb
    • Published: May. 16, 2005
    • Modified: Apr. 03, 2025
  • 7.5

    HIGH
    CVE-2005-1366

    Pico Server (pServ) 3.2 and earlier allows remote attackers to obtain the source code for CGI scripts via "dirname/../cgi-bin" in a URL.... Read more

    Affected Products : pico_server
    • Published: May. 16, 2005
    • Modified: Apr. 03, 2025
  • 7.5

    HIGH
    CVE-2005-1592

    Multiple "javascript vulerabilities in BB code" in BirdBlog before 1.3.1 allow remote attackers to inject arbitrary Javascript.... Read more

    Affected Products : birdblog
    • Published: May. 16, 2005
    • Modified: Apr. 03, 2025
  • 5.0

    MEDIUM
    CVE-2005-1621

    Directory traversal vulnerability in the pnModFunc function in pnMod.php for PostNuke 0.750 through 0.760rc4 allows remote attackers to read arbitrary files via a .. (dot dot) in the func parameter to index.php.... Read more

    Affected Products : postnuke
    • Published: May. 16, 2005
    • Modified: Apr. 03, 2025
  • 7.5

    HIGH
    CVE-2005-1367

    Pico Server (pServ) 3.2 and earlier allows local users to read arbitrary files as the pServ user via a symlink to a file outside of the web document root.... Read more

    Affected Products : pico_server
    • Published: May. 16, 2005
    • Modified: Apr. 03, 2025
  • 6.8

    MEDIUM
    CVE-2005-1614

    Cross-site scripting (XSS) vulnerability in viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 allows remote attackers to inject arbitrary web script or HTML via the postorder parameter.... Read more

    Affected Products : ultimate_php_board
    • Published: May. 16, 2005
    • Modified: Apr. 03, 2025
  • 7.5

    HIGH
    CVE-2005-1548

    SQL injection vulnerability in index.php in Advanced Guestbook 2.3.1 allows remote attackers to execute arbitrary SQL commands via the entry parameter.... Read more

    Affected Products : advanced_guestbook
    • Published: May. 14, 2005
    • Modified: Apr. 03, 2025
  • 5.0

    MEDIUM
    CVE-2005-1563

    Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 displays a different error message depending on whether a product exists or not, which allows remote attackers to determine hidden products.... Read more

    Affected Products : bugzilla
    • Published: May. 14, 2005
    • Modified: Apr. 03, 2025
  • 7.5

    HIGH
    CVE-2005-1554

    SQL injection vulnerability in view_user.php in WowBB 1.6, 1.61, and 1.62 allows remote attackers to execute arbitrary SQL commands via the sort_by parameter.... Read more

    Affected Products : wowbb_web_forum
    • Published: May. 14, 2005
    • Modified: Apr. 03, 2025
  • 4.3

    MEDIUM
    CVE-2005-1587

    Cross-site scripting (XSS) vulnerability in index.php for Quick.cart 0.3.0 allows remote attackers to inject arbitrary web script or HTML via the sWord parameter.... Read more

    Affected Products : quick.cart
    • Published: May. 14, 2005
    • Modified: Apr. 03, 2025
  • 5.0

    MEDIUM
    CVE-2005-1570

    forum.asp in bttlxeForum 2.0 allows remote attackers to obtain full path information via a certain hex-encoded argument to the page parameter, possibly due to a SQL injection vulnerability.... Read more

    Affected Products : bttlxeforum
    • Published: May. 14, 2005
    • Modified: Apr. 03, 2025
  • 5.0

    MEDIUM
    CVE-2005-1583

    1Two News 1.0 allows remote attackers to (1) delete images for new stories via a direct request to admin/delete.php or (2) upload arbitrary images via a direct request to admin/upload.php.... Read more

    Affected Products : 1two_news
    • Published: May. 14, 2005
    • Modified: Apr. 03, 2025
  • 5.0

    MEDIUM
    CVE-2005-1556

    Gamespy cd-key validation system allows remote attackers to cause a denial of service (cd-key already in use) by capturing and replaying a cd-key authorization session.... Read more

    • Published: May. 14, 2005
    • Modified: Apr. 03, 2025
  • 5.0

    MEDIUM
    CVE-2005-1571

    Multiple directory traversal vulnerabilities in ShowOff! 1.5.4 allow remote attackers to read arbitrary files via ".." sequences in arguments to the (1) ShowAlbum, (2) ShowVideo, or (3) ShowGraphic scripts.... Read more

    Affected Products : showoff_digital_media_software
    • Published: May. 14, 2005
    • Modified: Apr. 03, 2025
  • 5.1

    MEDIUM
    CVE-2005-1546

    Buffer overflow in the PE parser in HT Editor before 0.8.0 allows remote attackers to execute arbitrary code via a crafted PE file.... Read more

    Affected Products : ht_editor
    • Published: May. 14, 2005
    • Modified: Apr. 03, 2025
  • 5.1

    MEDIUM
    CVE-2005-1545

    Integer overflow in the ELF parser in HT Editor before 0.8.0 allows remote attackers to execute arbitrary code via a crafted ELF file, which leads to a heap-based buffer overflow.... Read more

    Affected Products : ht_editor
    • Published: May. 14, 2005
    • Modified: Apr. 03, 2025
  • 5.0

    MEDIUM
    CVE-2005-1586

    Quick.Forum 2.1.6 stores potentially sensitive information such as usernames, banned IP addresses, censored words, and backups under the web document root, which allows remote attackers to obtain that information via a direct request to (1) db/users.txt, ... Read more

    Affected Products : quick.forum
    • Published: May. 14, 2005
    • Modified: Apr. 03, 2025
  • 5.0

    MEDIUM
    CVE-2005-1549

    Directory traversal vulnerability in easymsgb.pl in Easy Message Board allows remote attackers to read arbitrary files via a .. (dot dot) in the print parameter.... Read more

    Affected Products : easy_message_board
    • Published: May. 14, 2005
    • Modified: Apr. 03, 2025
  • 4.3

    MEDIUM
    CVE-2005-1569

    Cross-site scripting (XSS) vulnerability in DirectTopics 2.1 and 2.2 allows remote attackers to inject arbitrary web script via a javascript: URL in (1) a thread or (2) an IMG tag.... Read more

    Affected Products : directtopics
    • Published: May. 14, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 294837 Results