Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.0

    MEDIUM
    CVE-2005-0933

    Directory traversal vulnerability in auxpage.php for phpCOIN 1.2.1b and earlier allows remote attackers to read arbitrary files via the page parameter.... Read more

    Affected Products : phpcoin
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-0730

    PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote attackers to cause a denial of service via a request to a file on the floppy drive, as demonstrated using A:\a.txt.... Read more

    Affected Products : active_webcam
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-0659

    phpBB 2.0.13 and earlier allows remote attackers to obtain sensitive information via a direct request to oracle.php, which reveals the path in a PHP error message.... Read more

    Affected Products : phpbb
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-0677

    index.php for Zorum 3.5 allows remote attackers to perform certain actions as other users by modifying the id parameter.... Read more

    Affected Products : zorum
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-0570

    profile.php in PunBB 1.2.1 allows remote attackers to cause a denial of service (account lockout) by setting the user's password to NULL.... Read more

    Affected Products : punbb
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-0578

    Firefox before 1.0.1 and Mozilla Suite before 1.7.6 use a predictable filename for the plugin temporary directory, which allows local users to delete arbitrary files of other users via a symlink attack on the plugtmp directory.... Read more

    Affected Products : firefox mozilla
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-0232

    Firefox 1.0 allows remote attackers to modify Boolean configuration parameters for the about:config site by using a plugin such as Flash, and the -moz-opacity filter, to display the about:config site then cause the user to double-click at a certain screen... Read more

    Affected Products : firefox
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-0057

    The Hyperlink Object Library for Windows 98, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a crafted link that triggers an "unchecked buffer" in the library, possibly due to a buffer overflow.... Read more

    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-0299

    Directory traversal vulnerability in GForge 3.3 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the (1) dir parameter to controller.php or (2) dir_name parameter to controlleroo.php.... Read more

    Affected Products : gforge
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-0009

    Unknown vulnerability in the Gnutella dissector in Ethereal 0.10.6 through 0.10.8 allows remote attackers to cause a denial of service (application crash).... Read more

    Affected Products : ethereal
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-0396

    Desktop Communication Protocol (DCOP) daemon, aka dcopserver, in KDE before 3.4 allows local users to cause a denial of service (dcopserver consumption) by "stalling the DCOP authentication process."... Read more

    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-0784

    Multiple cross-site scripting (XSS) vulnerabilities in Phorum before 5.0.15 allow remote attackers to inject arbitrary web script or HTML via (1) the subject line to follow.php or (2) the subject line in the user's personal control panel.... Read more

    Affected Products : phorum
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-0588

    Firefox before 1.0.1 and Mozilla before 1.7.6 does not restrict xsl:include and xsl:import tags in XSLT stylesheets to the current domain, which allows remote attackers to determine the existence of files on the local system.... Read more

    Affected Products : firefox mozilla
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-0646

    SQL injection vulnerability in auth.php in paNews 2.0.4b allows remote attackers to execute arbitrary SQL via the mysql_prefix parameter.... Read more

    Affected Products : panews
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-0615

    Multiple SQL injection vulnerabilities in (1) index.php, (2) modules.php, or (3) admin.php in PostNuke 0.760-RC2 allow remote attackers to execute arbitrary SQL code via the catid parameter.... Read more

    Affected Products : postnuke
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-1100

    Format string vulnerability in the ErrorLog function in cnf.c in Greylisting daemon (GLD) 1.3 and 1.4 allows remote attackers to execute arbitrary code via format string specifiers in data that is passed directly to syslog.... Read more

    Affected Products : gld
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-0739

    The IAPP dissector (packet-iapp.c) for Ethereal 0.9.1 to 0.10.9 does not properly use certain routines for formatting strings, which could leave it vulnerable to buffer overflows, as demonstrated using modified length values that are not properly handled ... Read more

    Affected Products : enterprise_linux ethereal
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-0952

    Cross-site scripting vulnerability in pafiledb.php in PaFileDB 3.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter.... Read more

    Affected Products : pafiledb
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 7.1

    HIGH
    CVE-2005-1021

    Memory leak in Secure Shell (SSH) in Cisco IOS 12.0 through 12.3, when authenticating against a TACACS+ server, allows remote attackers to cause a denial of service (memory consumption) via an incorrect username or password.... Read more

    Affected Products : ios
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-1049

    Multiple cross-site scripting vulnerabilities in PostNuke 0.760-RC3 allow remote attackers to inject arbitrary web script or HTML via the (1) module parameter to admin.php or (2) op parameter to user.php. NOTE: the vendor reports that certain issues could... Read more

    Affected Products : postnuke
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 294848 Results