Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.6

    MEDIUM
    CVE-2005-0627

    Qt before 3.3.4 searches the BUILD_PREFIX directory, which could be world-writable, to load shared libraries regardless of the LD_LIBRARY_PATH environment variable, which allows local users to execute arbitrary programs.... Read more

    Affected Products : qt
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-0595

    Buffer overflow in ext.dll in BadBlue 2.55 allows remote attackers to execute arbitrary code via a long mfcisapicommand parameter.... Read more

    Affected Products : badblue
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-0591

    Firefox before 1.0.1 allows remote attackers to spoof the (1) security and (2) download modal dialog boxes, which could be used to trick users into executing script or downloading and executing a file, aka "Firespoofing."... Read more

    Affected Products : firefox
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2005-0577

    Format string vulnerability in DNA MKBold-MKItalic 0.06_1 and earlier allows remote attackers to execute arbitrary code via crafted BDF font files.... Read more

    Affected Products : mkbold-mkitalic
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-0574

    Directory traversal vulnerability in CIS WebServer 3.5.13 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the URL.... Read more

    Affected Products : cis_webserver
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2005-0311

    Ingate Firewall 4.1.3 and earlier does not terminate the PPTP session for an active user when the administrator disables that user from a resource, which could allow remote authenticated users to retain unauthorized access to resources.... Read more

    Affected Products : ingate_firewall
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-0301

    comersus_backoffice_install10.asp in BackOffice Lite 6.0 and 6.01 allows remote attackers to bypass authentication and gain privileges via a direct request to the program.... Read more

    Affected Products : comersus_backoffice_lite
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-0289

    Apple AirPort Express prior to 6.1.1 and Extreme prior to 5.5.1, configured as a Wireless Data Service (WDS), allows remote attackers to cause a denial of service (device freeze) by connecting to UDP port 161 and before link-state change occurs.... Read more

    Affected Products : airport_express airport_extreme
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-0282

    SQL injection vulnerability in member.php in MyBulletinBoard (MyBB) allows remote attackers to execute arbitrary SQL commands via the uid parameter.... Read more

    Affected Products : mybulletinboard
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2005-0285

    Webseries Payment Application does not properly restrict privileged operations, which allows remote authenticated users to gain privileges by directly accessing certain URLs.... Read more

    Affected Products : webseries_payment_application
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-0277

    Buffer overflow in the FTP service in 3Com 3CDaemon 2.0 revision 10 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via (1) a long username in the USER command or (2) an FTP command that contains a long ... Read more

    Affected Products : 3cdaemon
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 9.8

    CRITICAL
    CVE-2005-0269

    The file extension check in GNUBoard 3.40 and earlier only verifies extensions that contain all lowercase letters, which allows remote attackers to upload arbitrary files via file extensions that include uppercase letters.... Read more

    Affected Products : gnuboard
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-0270

    Multiple cross-site scripting (XSS) vulnerabilities in ReviewPost PHP Pro before 2.84 allow remote attackers to inject arbitrary web script or HTML via the (1) si parameter to showcat.php, (2) cat or (3) page parameter to showproduct.php, or (4) report pa... Read more

    Affected Products : reviewpost_php_pro
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-0264

    Multiple cross-site scripting (XSS) vulnerabilities in browse.php in OWL 0.7 and 0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) expand or (2) order parameter.... Read more

    Affected Products : owl_intranet_engine
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2005-0260

    Stack-based buffer overflow in the Discovery Service for BrightStor ARCserve Backup 11.1 and earlier allows remote attackers to execute arbitrary code via a long packet to UDP port 41524, which is not properly handled in a recvfrom call.... Read more

    Affected Products : brightstor_arcserve_backup
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-0256

    The wu_fnmatch function in wu_fnmatch.c in wu-ftpd 2.6.1 and 2.6.2 allows remote attackers to cause a denial of service (CPU exhaustion by recursion) via a glob pattern with a large number of * (wildcard) characters, as demonstrated using the dir command.... Read more

    Affected Products : wu-ftpd
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 6.5

    MEDIUM
    CVE-2005-0247

    Multiple buffer overflows in gram.y for PostgreSQL 8.0.1 and earlier may allow attackers to execute arbitrary code via (1) a large number of variables in a SQL statement being handled by the read_sql_construct function, (2) a large number of INTO variable... Read more

    Affected Products : postgresql
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2005-0240

    Format string vulnerability in chdev on IBM AIX 5.2 allows local users to execute arbitrary code via format string specifiers in a command line argument, which is not properly handled when printing an error message.... Read more

    Affected Products : aix
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-0246

    The intagg contrib module for PostgreSQL 8.0.0 and earlier allows attackers to cause a denial of service (crash) via crafted arrays.... Read more

    Affected Products : postgresql
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-0236

    The International Domain Name (IDN) support in Omniweb 5 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, whi... Read more

    Affected Products : omniweb
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 294202 Results