Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2005-0736

    Integer overflow in sys_epoll_wait in eventpoll.c for Linux kernel 2.6 to 2.6.11 allows local users to overwrite kernel memory via a large number of events.... Read more

    • Published: Mar. 09, 2005
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2005-0745

    UTStarcom iAN-02EX VoIP Analog Terminal Adaptor (ATA) allows local users to bypass ATA access restrictions by dialing "*#26845#" and causing a device reset.... Read more

    Affected Products : ian-02ex_voip_ata
    • Published: Mar. 09, 2005
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2005-0626

    Race condition in Squid 2.5.STABLE7 to 2.5.STABLE9, when using the Netscape Set-Cookie recommendations for handling cookies in caches, may cause Set-Cookie headers to be sent to other users, which allows attackers to steal the related cookies.... Read more

    Affected Products : squid
    • Published: Mar. 08, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-0723

    Cross-site scripting (XSS) vulnerability in the jumpmenu function in functions.php for paFileDB 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the URL parameters, which is not properly cleansed in the $pageurl variable,... Read more

    Affected Products : pafiledb
    • Published: Mar. 08, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-0741

    Cross-site scripting (XSS) vulnerability in YaBB.pl for YaBB 2.0 RC1 allows remote attackers to inject arbitrary web script or HTML via the username parameter in a usersrecentposts action.... Read more

    Affected Products : yabb
    • Published: Mar. 08, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-0696

    Buffer overflow in ArGoSoft FTP Server 1.4.2.8 allows remote authenticated users to execute arbitrary code via a long DELE command. NOTE: this issue was later reported to also affect 1.4.3.5.... Read more

    Affected Products : ftp_server
    • Published: Mar. 08, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-0685

    Multiple access validation errors in OutStart Participate Enterprise (PE) allow remote attackers to (1) browse arbitrary directory trees by modifying the rootFolder parameter to displaynavigator.jsp, (2) rename arbitrary directory objects by modifying the... Read more

    Affected Products : participate_enterprise
    • Published: Mar. 08, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-0699

    Multiple buffer overflows in the dissect_a11_radius function in the CDMA A11 (3G-A11) dissector (packet-3g-a11.c) for Ethereal 0.10.9 and earlier allow remote attackers to execute arbitrary code via RADIUS authentication packets with large length values.... Read more

    • Published: Mar. 08, 2005
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2005-0098

    Multiple buffer overflows in the SDL port of abuse (abuse-SDL) before 2.00 allow local users to execute arbitrary code via the command line.... Read more

    Affected Products : abuse-sdl
    • Published: Mar. 08, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-0747

    ApplyYourself i-Class allows remote attackers to obtain sensitive information about their own applications by reusing the hidden ID field, as demonstrated using the id parameter to ApplicantDecision.asp.... Read more

    Affected Products : i-class
    • Published: Mar. 08, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-0720

    PHP remote file inclusion vulnerability in admin/header.php in PHP mcNews 1.3 allows remote attackers to execute arbitrary PHP code by modifying the skinfile parameter to reference a URL on a remote web server that contains the code.... Read more

    Affected Products : mcnews
    • Published: Mar. 08, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-0725

    SQL injection vulnerability in the getAllbyArticle function in wfsfiles.php for WF-Sections (wfsections) 1.07 allows remote attackers to execute arbitrary SQL commands via the articleid parameter to article.php.... Read more

    Affected Products : wf-sections
    • Published: Mar. 08, 2005
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2005-0099

    The SDL port of abuse (abuse-SDL) before 2.00 does not properly drop privileges before creating certain files, which allows local users to create or overwrite arbitrary files.... Read more

    Affected Products : abuse-sdl
    • Published: Mar. 08, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-0686

    Integer overflow in mlterm 2.5.0 through 2.9.1, with gdk-pixbuf support enabled, allows remote attackers to execute arbitrary code via a large image file that is used as a background.... Read more

    Affected Products : mlterm
    • Published: Mar. 07, 2005
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2005-0702

    SQL injection vulnerability in phpMyFAQ 1.4 and 1.5 allows remote attackers to add FAQ records to the database via the username field in forum messages.... Read more

    Affected Products : phpmyfaq
    • Published: Mar. 07, 2005
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2005-0180

    Multiple integer signedness errors in the sg_scsi_ioctl function in scsi_ioctl.c for Linux 2.6.x allow local users to read or modify kernel memory via negative integers in arguments to the scsi ioctl, which bypass a maximum length check before calling the... Read more

    Affected Products : linux_kernel
    • Published: Mar. 07, 2005
    • Modified: Apr. 03, 2025

  • 6.2

    MEDIUM
    CVE-2005-0178

    Race condition in the setsid function in Linux before 2.6.8.1 allows local users to cause a denial of service (crash) and possibly access portions of kernel memory, related to TTY changes, locking, and semaphores.... Read more

    • Published: Mar. 07, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-0697

    SQL injection vulnerability in the process_picture function xp_publish.php in CopperExport 0.2.1 allows remote attackers to execute arbitrary SQL commands, possibly via the (1) title, (2) caption, or (3) keywords parameters.... Read more

    Affected Products : copperexport
    • Published: Mar. 07, 2005
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2005-0548

    Cross-site scripting (XSS) vulnerability in Solaris AnswerBook2 Documentation 1.4.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the Search function.... Read more

    Affected Products : solaris solaris_answerbook2
    • Published: Mar. 07, 2005
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2005-0680

    PHP remote file inclusion vulnerability in download_center_lite.inc.php for Download Center Lite 1.6 allows remote attackers to execute arbitrary PHP code by modifying the script_root parameter to reference a URL on a remote web server that contains the c... Read more

    Affected Products : download_center_lite
    • Published: Mar. 07, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 294733 Results