Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.0

    MEDIUM
    CVE-2005-1357

    text.cgi script allows remote attackers to read arbitrary files via a full pathname in the argument.... Read more

    Affected Products : text.cgi
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-1346

    Multiple Symantec AntiVirus products, including Norton AntiVirus 2005 11.0.0, Web Security Web Security 3.0.1.72, Mail Security for SMTP 4.0.5.66, AntiVirus Scan Engine 4.3.7.27, SAV/Filter for Domino NT 3.1.1.87, and Mail Security for Exchange 4.5.4.743,... Read more

    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-0435

    awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to read server web logs by setting the loadplugin and pluginmode parameters to rawlog.... Read more

    Affected Products : awstats
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-0255

    String handling functions in Mozilla 1.7.3, Firefox 1.0, and Thunderbird before 1.0.2, such as the nsTSubstring_CharT::Replace function, do not properly check the return values of other functions that resize the string, which allows remote attackers to ca... Read more

    Affected Products : firefox thunderbird mozilla
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1200

    PHP remote file inclusion vulnerability in main_index.php in AZ Bulletin Board (AZbb) 1.0.07a through 1.0.07c allows remote attackers to execute arbitrary PHP code by modifying the (1) dir_src or (2) abs_layer parameter to reference a URL on a remote web ... Read more

    Affected Products : az_bulletin_board
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2005-0253

    Directory traversal vulnerability in index.php for BibORB 1.3.2, and possibly earlier versions, allows remote attackers to delete arbitrary files via a Delete action and .. (dot dot) sequences in the database_name parameter.... Read more

    Affected Products : biborb
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-0293

    Directory traversal vulnerability in minis.php in Minis 0.2.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the month parameter.... Read more

    Affected Products : minis
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1349

    Buffer overflow in Convert-UUlib (Convert::UUlib) before 1.051 allows remote attackers to execute arbitrary code via a malformed parameter to a read operation.... Read more

    Affected Products : convert_uulib
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-0379

    Multiple directory traversal vulnerabilities in ZeroBoard 4.1pl5 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the _zb_path parameter to (1) _head.php or (2) outlogin.php, or the dir parameter to (3) write.php.... Read more

    Affected Products : zeroboard
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2005-0353

    Buffer overflow in the Sentinel LM (Lservnt) service in the Sentinel License Manager 7.2.0.2 allows remote attackers to execute arbitrary code by sending a large amount of data to UDP port 5093.... Read more

    Affected Products : sentinel_license_manager
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-0265

    Multiple SQL injection vulnerabilities in browse.php in OWL 0.7 and 0.8 allow remote attackers to execute arbitrary SQL commands via the (1) parent or (2) sortposted parameter.... Read more

    Affected Products : owl_intranet_engine
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1222

    cat_for_gen.php in Annuaire Netref 4.2 allows remote attackers to execute arbitrary PHP code by setting the ad_direct parameter to reference cat_for_gen.php, then including the code in the m_for_racine parameter, which is then written to cat_for_gen.php.... Read more

    Affected Products : netref
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-0304

    Directory traversal vulnerability in DivX Player 2.6 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a filename in a ZIP file for a skin.... Read more

    Affected Products : divx_player
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-0273

    Multiple SQL injection vulnerabilities in showgallery.php in PhotoPost before 4.86 allow remote attackers to execute arbitrary SQL commands via the (1) cat or (2) ppuser parameter.... Read more

    Affected Products : photopost_php_pro
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1173

    Buffer overflow in PMSoftware Simple Web Server 1.0 allows remote attackers to execute arbitrary code via a long GET request.... Read more

    Affected Products : simple_web_server
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-0387

    remstats 1.0.13 and earlier, when processing uptime data, allows local users to create or overwrite arbitrary files via a symlink attack on temporary files.... Read more

    Affected Products : remstats
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-1184

    The TCP/IP stack in multiple operating systems allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the correct sequence number but the wrong Acknowledgement number, which generates a large number of "keep alive" pa... Read more

    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 5.8

    MEDIUM
    CVE-2005-1162

    Multiple cross-site scripting (XSS) vulnerabilities in OneWorldStore allow remote attackers to inject arbitrary web script or HTML via the (1) sEmail parameter to owContactUs.asp, (2) bSub parameter to owListProduct.asp, or the (3) Name, (4) Email, or (5)... Read more

    Affected Products : oneworldstore
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-1137

    Simple PHP Blog (sphpBlog) 0.4.0 allows remote attackers to obtain sensitive information via a direct request to sb_functions.php, which leaks the full pathname in a PHP error message.... Read more

    Affected Products : simple_php_blog
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-0454

    Multiple SQL injection vulnerabilities in DCP-Portal 6.1.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the lcat, doc, or uid parameters to index.php, or (2) the mid or bid parameters to forums.php.... Read more

    Affected Products : dcp-portal
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 294516 Results