Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2003-0559

    mainfile.php in phpforum 2 RC-1, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code by modifying the MAIN_PATH parameter to reference a URL on a remote web server that contains the code.... Read more

    Affected Products : phpforum
    • EPSS Score: %0.75
    • Published: Aug. 18, 2003
    • Modified: Apr. 03, 2025

  • 6.2

    MEDIUM
    CVE-2003-0524

    Qt in Knoppix 3.1 Live CD allows local users to overwrite arbitrary files via a symlink attack on the qt_plugins_3.0rc temporary file in the .qt directory.... Read more

    Affected Products : knoppix
    • EPSS Score: %0.06
    • Published: Aug. 18, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0555

    ImageMagick 5.4.3.x and earlier allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a "%x" filename, possibly triggering a format string vulnerability.... Read more

    Affected Products : imagemagick
    • EPSS Score: %0.95
    • Published: Aug. 18, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0553

    Buffer overflow in the Client Detection Tool (CDT) plugin (npcdt.dll) for Netscape 7.02 allows remote attackers to execute arbitrary code via an attachment with a long filename.... Read more

    Affected Products : navigator
    • EPSS Score: %3.28
    • Published: Aug. 18, 2003
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2003-0526

    Cross-site scripting (XSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to inject arbitrary web script via a URL containing the script in the domain name portion, which is not properly cleansed in... Read more

    Affected Products : isa_server
    • EPSS Score: %52.16
    • Published: Aug. 18, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0577

    mpg123 0.59r allows remote attackers to cause a denial of service and possibly execute arbitrary code via an MP3 file with a zero bitrate, which creates a negative frame size.... Read more

    Affected Products : mpg123
    • EPSS Score: %5.24
    • Published: Aug. 18, 2003
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2003-0192

    Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could ... Read more

    Affected Products : http_server
    • EPSS Score: %20.66
    • Published: Aug. 18, 2003
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2003-0588

    admin.php in Digi-news 1.1 allows remote attackers to bypass authentication via a cookie with the username set to the name of the administrator, which satisfies an improper condition in admin.php that does not require a correct password.... Read more

    Affected Products : digi-news
    • EPSS Score: %2.56
    • Published: Aug. 18, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-0554

    NeoModus Direct Connect 1.0 build 9, and possibly other versions, allows remote attackers to cause a denial of service (connection and possibly memory exhaustion) via a flood of ConnectToMe requests containing arbitrary IP addresses and ports.... Read more

    Affected Products : direct_connect
    • EPSS Score: %0.66
    • Published: Aug. 18, 2003
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-1999-1263

    Metamail before 2.7-7.2 allows remote attackers to overwrite arbitrary files via an e-mail message containing a uuencoded attachment that specifies the full pathname for the file to be modified, which is processed by uuencode in Metamail scripts such as s... Read more

    Affected Products : metamail
    • EPSS Score: %0.32
    • Published: Aug. 15, 2003
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2003-1088

    Cross-site scripting (XSS) vulnerability in index.php for Zorum 3.4 and 3.5 allows remote attackers to inject arbitrary web script or HTML via the method parameter.... Read more

    Affected Products : zorum
    • EPSS Score: %0.53
    • Published: Aug. 11, 2003
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2003-0449

    Progress Database 9.1 to 9.1D06 trusts user input to find and load libraries using dlopen, which allows local users to gain privileges via (1) a PATH environment variable that points to malicious libraries, as demonstrated using libjutil.so in_proapsv, or... Read more

    Affected Products : database
    • EPSS Score: %0.04
    • Published: Aug. 07, 2003
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2003-0493

    Snitz Forums 3.4.03 and earlier allows attackers to gain privileges as other users by stealing and replaying the encrypted password after obtaining a valid session ID.... Read more

    Affected Products : snitz_forums_2000
    • EPSS Score: %0.46
    • Published: Aug. 07, 2003
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2003-0490

    The installation of Dantz Retrospect Client 5.0.540 on MacOS X 10.2.6, and possibly other versions, creates critical directories and files with world-writable permissions, which allows local users to gain privileges as other users by replacing programs wi... Read more

    Affected Products : retrospect_client
    • EPSS Score: %0.04
    • Published: Aug. 07, 2003
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2003-0485

    Buffer overflow in Progress 4GL Compiler 9.1D06 and earlier allows attackers to execute arbitrary code via source code containing a long, invalid data type.... Read more

    Affected Products : 4gl_compiler
    • EPSS Score: %0.35
    • Published: Aug. 07, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0503

    Buffer overflow in the ShellExecute API function of SHELL32.DLL in Windows 2000 before SP4 may allow attackers to cause a denial of service or execute arbitrary code via a long third argument.... Read more

    Affected Products : windows_2000
    • EPSS Score: %10.58
    • Published: Aug. 07, 2003
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2003-0497

    Caché Database 5.x installs /cachesys/bin/cache with world-writable permissions, which allows local users to gain privileges by modifying cache and executing it via cuxs.... Read more

    Affected Products : cache_database
    • EPSS Score: %0.11
    • Published: Aug. 07, 2003
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2003-0484

    Cross-site scripting (XSS) vulnerability in viewtopic.php for phpBB allows remote attackers to insert arbitrary web script via the topic_id parameter.... Read more

    Affected Products : phpbb
    • EPSS Score: %0.87
    • Published: Aug. 07, 2003
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2003-0498

    Caché Database 5.x installs the /cachesys/csp directory with insecure permissions, which allows local users to execute arbitrary code by adding server-side scripts that are executed with root privileges.... Read more

    Affected Products : cache_database
    • EPSS Score: %0.14
    • Published: Aug. 07, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-0472

    The IPv6 capability in IRIX 6.5.19 allows remote attackers to cause a denial of service (hang) in inetd via port scanning.... Read more

    Affected Products : irix
    • EPSS Score: %0.93
    • Published: Aug. 07, 2003
    • Modified: Apr. 03, 2025
Showing 20 of 291358 Results