Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 1.2

    LOW
    CVE-2005-1066

    Race condition in rpdump in Pine 4.62 and earlier allows local users to overwrite arbitrary files via a symlink attack.... Read more

    Affected Products : enterprise_linux pine
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-0375

    imageview.php in SGallery 1.01 allows remote attackers to obtain sensitive information via an HTTP request with (1) idalbum and (2) idimage unset, which reveals the installation path in an error message for the sql_fetch_row function.... Read more

    Affected Products : sgallery
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1074

    SQL injection vulnerability in index.php for RadScripts RadBids Gold 2 allows remote attackers to execute arbitrary SQL commands via the mode parameter.... Read more

    Affected Products : radbids
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1358

    text.cgi script allows remote attackers to execute arbitrary commands via shell metacharacters in the argument.... Read more

    Affected Products : text.cgi
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1048

    SQL injection vulnerability in modules.php in PostNuke 0.760 RC3 allows remote attackers to execute arbitrary SQL statements via the sid parameter. NOTE: the vendor reports that they could not reproduce the issues for 760 RC3, or for .750.... Read more

    Affected Products : postnuke
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-0251

    Cross-site scripting (XSS) vulnerability in bibindex.php for BibORB 1.3.2, and possibly earlier versions, allows remote attackers to inject arbitrary HTML and web script via the search parameter.... Read more

    Affected Products : biborb
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2005-0263

    Buffer overflow in netpmon on AIX 5.1, 5.2, and 5.3 allows local users to execute arbitrary code via a long -O argument.... Read more

    Affected Products : aix
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-0859

    PHP remote file inclusion vulnerability in CzarNews 1.13b allows remote attackers to execute arbitrary PHP code via the tpath parameter to (1) headlines.php or (2) news.php. NOTE: some sources have reported the "dir" parameter as being affected; however,... Read more

    Affected Products : czarnews
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-0868

    AS/400 Telnet 5250 terminal emulation clients, as implemented by (1) IBM client access, (2) Bosanova, (3) PowerTerm, (4) Mochasoft, and possibly other emulations, allows malicious AS/400 servers to execute arbitrary commands via a STRPCO (Start PC Organiz... Read more

    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-1239

    Directory traversal vulnerability in the third party tool from Raz-Lee, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request.... Read more

    Affected Products : security\+\+\+
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-0885

    Multiple cross-site scripting (XSS) vulnerabilities in XMB Forum 1.9.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Mood or (2) "Send To" fields.... Read more

    Affected Products : xmb
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-0439

    Buffer overflow in the decode_post function in ELOG before 2.5.7 allows remote attackers to execute arbitrary code via attachments with long file names.... Read more

    Affected Products : elog_web_logbook
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-0992

    Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin before 2.6.2-rc1 allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter.... Read more

    Affected Products : phpmyadmin
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-0704

    Buffer overflow in the Etheric dissector in Ethereal 0.10.7 through 0.10.9 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code.... Read more

    Affected Products : enterprise_linux ethereal
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-0734

    PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote attackers to cause a denial of service (memory exhaustion and process crash) via a large number of HTTP requests.... Read more

    Affected Products : active_webcam
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2005-0735

    newsscript.pl for NewsScript allows remote attackers to gain privileges by setting the mode parameter to admin.... Read more

    Affected Products : newsscript
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-0738

    Stack consumption vulnerability in Microsoft Exchange Server 2003 SP1 allows users to cause a denial of service (hang) by deleting or moving a folder with deeply nested subfolders, which causes Microsoft Exchange Information Store service (Store.exe) to h... Read more

    Affected Products : exchange_server windows_server_2003
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-0438

    awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to obtain sensitive information by setting the debug parameter.... Read more

    Affected Products : awstats
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-0658

    SQL injection vulnerability in a third party extension to TYPO3 allows remote attackers to execute arbitrary SQL commands via the category_uid parameter.... Read more

    Affected Products : cmw_linklist
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-0446

    Squid 2.5.STABLE8 and earlier allows remote attackers to cause a denial of service (crash) via certain DNS responses regarding (1) Fully Qualified Domain Names (FQDN) in fqdncache.c or (2) IP addresses in ipcache.c, which trigger an assertion failure.... Read more

    Affected Products : squid
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 293975 Results