Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.0

    MEDIUM
    CVE-2005-1182

    Unknown vulnerability in Incoming Remote Command (iSeries Access for Windows Remote Command service) in IBM OS/400 R510, R520, and R530 allows attackers to cause a denial of service (IRC shutdown) via certain inputs.... Read more

    Affected Products : os_400
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2005-1201

    Multiple directory traversal vulnerabilities in AZ Bulletin board (AZbb) before 1.0.08 allow (1) remote authenticated users with administrative privileges to delete arbitrary files via a .. (dot dot) in the URL to admin_avatar.php or admin_attachment.php ... Read more

    Affected Products : az_bulletin_board
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-0998

    The Web_Links module for PHP-Nuke 7.6 allows remote attackers to obtain sensitive information via an invalid show parameter, which triggers a division by zero PHP error that leaks the full pathname of the server.... Read more

    Affected Products : php-nuke
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-1318

    Cross-site scripting (XSS) vulnerability in Horde Forwards E-Mail Forwarding Manager before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.... Read more

    Affected Products : forwards
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1360

    PHP remote file inclusion vulnerability in error.php in GrayCMS 1.1 allows remote attackers to execute arbitrary PHP code by modifying the path_prefix parameter to reference a URL on a remote web server that contains the code.... Read more

    Affected Products : graycms
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1351

    The ad.cgi script allows remote attackers to execute arbitrary commands via shell metacharacters in the argument.... Read more

    Affected Products : ad.cgi
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-1350

    The ad.cgi script allows remote attackers to read arbitrary files via a full pathname in the argument.... Read more

    Affected Products : ad.cgi
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1093

    Buffer overflow in the PopUp Plus 2.0.3.8 plugin for Miranda IM, with "Use SmileyAdd Setting" enabled, allows remote attackers to execute arbitrary code.... Read more

    Affected Products : popup_plus_plugin_for_miranda_im
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-1052

    Microsoft Outlook 2003 and Outlook Web Access (OWA) 2003 do not properly display comma separated addresses in the From field in an e-mail message, which could allow remote attackers to spoof e-mail addresses.... Read more

    Affected Products : outlook outlook_web_access
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-1001

    PHP-Nuke 7.6 allows remote attackers to obtain sensitive information via direct requests to (1) the Surveys module with the file parameter set to comments or (2) 3D-Fantasy/theme.php, which leaks the full pathname of the web server in a PHP error message.... Read more

    Affected Products : php-nuke
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-1352

    Cross-site scripting (XSS) vulnerability in the ad.cgi script allows remote attackers to inject arbitrary web script or HTML via the argument.... Read more

    Affected Products : ad.cgi
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2005-0855

    CoolForum 0.8.1 beta and earlier allows remote attackers to obtain sensitive path information via direct requests to (1) entete.php, (2) profile_accueil.php, (3) profile_mdp.php, (4) profile_notify.php, (5) profile_options.php, (6) profile_perso.php, (7) ... Read more

    Affected Products : coolforum
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-0859

    PHP remote file inclusion vulnerability in CzarNews 1.13b allows remote attackers to execute arbitrary PHP code via the tpath parameter to (1) headlines.php or (2) news.php. NOTE: some sources have reported the "dir" parameter as being affected; however,... Read more

    Affected Products : czarnews
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-1239

    Directory traversal vulnerability in the third party tool from Raz-Lee, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request.... Read more

    Affected Products : security\+\+\+
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1220

    Shoutbox SCRIPT 3.0.2 and earlier allows remote attackers to obtain sensitive information via a direct request to db/settings.dat, which displays usernames and password hashes.... Read more

    Affected Products : shoutbox_script
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1169

    Mafia Blog .4 BETA does not properly protect the admin directory, which allows remote attackers to execute arbitrary PHP code by using writeinfo.php to inject the code into info.php.... Read more

    Affected Products : mafia_blog
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-0464

    gr_osview in SGI IRIX 6.5.22, and possibly other 6.5 versions, does not drop privileges when opening description files while in debug mode, which allows local users to read a line from arbitrary files via the -d and -D options, which prints the line as a ... Read more

    Affected Products : irix
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-0278

    The FTP service in 3Com 3CDaemon 2.0 revision 10 allows remote attackers to gain sensitive information via a cd command that contains an MS-DOS device name, which reveals the installation path in an error message.... Read more

    Affected Products : 3cdaemon
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-0331

    Directory traversal vulnerability in WinRAR 3.42 and earlier, when the user clicks on the ZIP file to extract it, allows remote attackers to create arbitrary files via a ... (triple dot) in the filename of the ZIP file.... Read more

    Affected Products : winrar
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-0338

    Buffer overflow in Savant Web Server 3.1 allows remote attackers to execute arbitrary code via a long HTTP request.... Read more

    Affected Products : savant_webserver
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 294744 Results