Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.0

    MEDIUM
    CVE-2003-1280

    Directory traversal vulnerability in cgihtml 1.69 allows remote attackers to overwrite and create arbitrary files via a .. (dot dot) in multipart/form-data uploads.... Read more

    Affected Products : cgihtml
    • EPSS Score: %0.55
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2003-1334

    Cross-site scripting (XSS) vulnerability in Kai Blankenhorn Bitfolge simple and nice index file (aka snif) before 1.2.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : simple_and_nice_index_file
    • EPSS Score: %0.22
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2003-1476

    Cerberus FTP Server 2.1 stores usernames and passwords in plaintext, which could allow local users to gain access.... Read more

    Affected Products : ftp_server
    • EPSS Score: %0.06
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-1250

    Efficient Networks 5861 DSL router, when running firmware 5.3.80 configured to block incoming TCP SYN, packets allows remote attackers to cause a denial of service (crash) via a flood of TCP SYN packets to the WAN interface using a port scanner such as nm... Read more

    Affected Products : 5861_dsl_router
    • EPSS Score: %1.27
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2003-1525

    Unspecified vulnerability in My Photo Gallery 3.5, and possibly earlier versions, has unknown impact and attack vectors.... Read more

    Affected Products : my_photo_gallery
    • EPSS Score: %0.33
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-1402

    PHP remote file inclusion vulnerability in hit.php for Kietu 2.0 and 2.3 allows remote attackers to execute arbitrary PHP code via the url_hit parameter, a different vulnerability than CVE-2006-5015.... Read more

    Affected Products : kietu
    • EPSS Score: %0.68
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-1403

    foo.php3 in DotBr 0.1 allows remote attackers to obtain sensitive information via a direct request, which calls the phpinfo function.... Read more

    Affected Products : botbr
    • EPSS Score: %0.60
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-1558

    Buffer overflow in httpd.c of fnord 1.6 allows remote attackers to create a denial of service (crash) and possibly execute arbitrary code via a long CGI request passed to the do_cgi function.... Read more

    Affected Products : fnord
    • EPSS Score: %2.11
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-1489

    upload.php in Truegalerie 1.0 allows remote attackers to read arbitrary files by specifying the target filename in the file cookie in form.php, then downloading the file from the image gallery.... Read more

    Affected Products : truegalerie
    • EPSS Score: %0.22
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-1168

    HTTP Commander 4.0 allows remote attackers to obtain sensitive information via an HTTP request that contains a . (dot) in the file parameter, which reveals the installation path in an error message.... Read more

    Affected Products : http_commander
    • EPSS Score: %0.41
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2003-1484

    Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (crash) by creating a DHTML link that uses the AnchorClick "A" object with a blank href attribute.... Read more

    Affected Products : ie
    • EPSS Score: %27.62
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2003-1457

    Auerswald COMsuite CTI ControlCenter 3.1 creates a default "runasositron" user account with an easily guessable password, which allows local users or remote attackers to gain access.... Read more

    Affected Products : comsuite_cti_controlcenter
    • EPSS Score: %0.26
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-1485

    Clearswift MAILsweeper 4.0 through 4.3.7 allows remote attackers to bypass filtering via a file attachment that contains "multiple extensions combined with large blocks of white space."... Read more

    Affected Products : mailsweeper
    • EPSS Score: %0.16
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2003-1438

    Race condition in BEA WebLogic Server and Express 5.1 through 7.0.0.1, when using in-memory session replication or replicated stateful session beans, causes the same buffer to be provided to two users, which could allow one user to see session data that w... Read more

    Affected Products : weblogic_server
    • EPSS Score: %0.25
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-1301

    Sun Java Runtime Environment (JRE) 1.x before 1.4.2_11 and 1.5.x before 1.5.0_06, and as used in multiple web browsers, allows remote attackers to cause a denial of service (application crash) via deeply nested object arrays, which are not properly handle... Read more

    Affected Products : jre
    • EPSS Score: %1.17
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-1314

    PHP remote file inclusion vulnerability in admin/auth.php in EternalMart Guestbook (EMGB) 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the emgb_admin_path parameter.... Read more

    Affected Products : eternalmart_guestbook
    • EPSS Score: %4.05
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2003-1324

    Race condition in the can_open function in Elm ME+ 2.4, when installed setgid mail and the operating system lacks POSIX saved ID support, allows local users to read and modify certain files with the privileges of the mail group.... Read more

    Affected Products : elm_me\+
    • EPSS Score: %0.06
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2003-1107

    The DHTML capability in Microsoft Windows Media Player (WMP) 6.4, 7.0, 7.1, and 9 may run certain URL commands from a security zone that is less trusted than the current zone, which allows attackers to bypass intended access restrictions.... Read more

    Affected Products : windows_media_player
    • EPSS Score: %8.43
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-1128

    XMMS.pm in X2 XMMS Remote, as obtained from the vendor server between 4 AM 11 AM PST on May 7, 2003, allows remote attackers to execute arbitrary commands via shell metacharacters in a request to TCP port 8086.... Read more

    Affected Products : xmms_remote
    • EPSS Score: %3.36
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-1126

    Unknown vulnerability in SunOne/iPlanet Web Server SP3 through SP5 on Windows platforms allows remote attackers to cause a denial of service.... Read more

    Affected Products : one_web_server
    • EPSS Score: %1.50
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025
Showing 20 of 291384 Results