Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.0

    MEDIUM
    CVE-2005-1165

    Yager 5.24 and earlier allows remote attackers to cause a denial of service (application crash) via certain malformed data.... Read more

    Affected Products : yager_game
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-0599

    Cisco devices running Application and Content Networking System (ACNS) 4.x, 5.0, or 5.1 before 5.1.11.6 allow remote attackers to cause a denial of service (CPU consumption) via malformed IP packets.... Read more

    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-0743

    The custom avatar uploading feature (uploader.php) for XOOPS 2.0.9.2 and earlier allows remote attackers to upload arbitrary PHP scripts, whose file extensions are not filtered.... Read more

    Affected Products : xoops
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-1076

    Cross-site scripting (XSS) vulnerability in the discussion board functionality for WebCT Campus Edition 4.1 allows remote attackers to inject arbitrary web script or HTML via the message field.... Read more

    Affected Products : webct
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-0463

    Unknown "major security flaws" in Ulog-php before 1.0, related to input validation, have unknown impact and attack vectors, probably related to SQL injection vulnerabilities in (1) host.php, (2) port.php, and (3) index.php.... Read more

    Affected Products : ulog-php
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-1190

    WebcamXP PRO v2.16.468 and earlier allows remote attackers to cause a denial of service via a long chat name, which takes up too much display space and prevents the chat frame from being properly rendered.... Read more

    Affected Products : webcamxp_pro
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-0770

    Format string vulnerability in DataRescue Interactive Disassembler and Debugger (IDA) Pro 4.7.0.830 allows remote attackers or local users to cause a denial of service (CPU consumption or application crash) and possibly execute arbitrary code via format s... Read more

    Affected Products : ida_pro
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-1192

    Unknown vulnerability in HP-UX B.11.00, B.11.04, B.11.11, B.11.22, and B.11.23, when running TCP/IP on IPv4, allows remote attackers to cause a denial of service via certain packets, related to the PMTU, a different vulnerability than CVE-2004-1060.... Read more

    Affected Products : hp-ux
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2005-1229

    Directory traversal vulnerability in cpio 2.6 and earlier allows remote attackers to write to arbitrary directories via a .. (dot dot) in a cpio file.... Read more

    Affected Products : cpio
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1154

    Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary script in other domains via a setter function for a variable in the target domain, which is executed when the user visits that domain, aka "Cross-site scripti... Read more

    Affected Products : firefox mozilla
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1155

    The favicon functionality in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary code via a <LINK rel="icon"> tag with a javascript: URL in the href attribute, aka "Firelinking."... Read more

    Affected Products : firefox mozilla
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1058

    Cisco IOS 12.2T, 12.3 and 12.3T, when processing an ISAKMP profile that specifies XAUTH authentication after Phase 1 negotiation, may not process certain attributes in the ISAKMP profile that specifies XAUTH, which allows remote attackers to bypass XAUTH ... Read more

    Affected Products : ios
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-1008

    Cross-site scripting (XSS) vulnerability in posts.asp for ASP-DEv XM Forum RC3 allows remote attackers to inject arbitrary web script or HTML via a "javascript:" URL in an IMG tag.... Read more

    Affected Products : xm_forum
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-0873

    Multiple cross-site scripting (XSS) vulnerabilities in test.jsp in Oracle Reports Server 10g (9.0.4.3.3) allow remote attackers to inject arbitrary web script or HTML via the (1) desname or (2) repprod parameter.... Read more

    Affected Products : 10g_reports_server
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-0904

    Remote Desktop in Windows XP SP1 does not verify the "Force shutdown from a remote system" setting, which allows remote attackers to shut down the system by executing TSShutdn.exe.... Read more

    Affected Products : windows_xp
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-0837

    IceCast 2.20 allows remote attackers to bypass the XSL parser and obtain the source for XSL files via a request for a .xsl file with a trailing . (dot).... Read more

    Affected Products : icecast
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-0005

    Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and possibly earlier versions allows remote attackers to execute arbitrary code via a .PSD image file with a large number of layers.... Read more

    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2005-0927

    Unknown vulnerability in subs.pl for WebAPP 0.9.9 through 0.9.9.2 has unknown impact and attack vectors, probably involving shell metacharacters or .. sequences.... Read more

    Affected Products : webapp
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-0994

    Multiple SQL injection vulnerabilities in ProductCart 2.7 allow remote attackers to execute arbitrary SQL commands via (1) the Category or resultCnt parameters to advSearch_h.asp, and possibly (2) the offset parameter to tarinasworld_butterflyjournal.asp.... Read more

    Affected Products : productcart
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-1031

    RUNCMS 1.1A, and possibly other products based on e-Xoops (exoops), when "Allow custom avatar upload" is enabled, does not properly verify uploaded files, which allows remote attackers to upload arbitrary files.... Read more

    Affected Products : runcms e-xoops
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 294837 Results