Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.1

    LOW
    CVE-2003-1265

    Netscape 7.0 and Mozilla 5.0 do not immediately delete messages in the trash folder when users select the 'Empty Trash' option, which could allow local users to access deleted messages.... Read more

    Affected Products : mozilla navigator
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-1389

    RTS CryptoBuddy 1.2 and earlier truncates long passphrases without warning the user, which may make it easier to conduct certain brute force guessing attacks.... Read more

    Affected Products : cryptobuddy
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-1390

    RTS CryptoBuddy 1.2 and earlier stores bytes 53 through 55 of a 55-byte passphrase in plaintext, which makes it easier for local users to guess the passphrase.... Read more

    Affected Products : cryptobuddy
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-1472

    Buffer overflow in 3D-FTP client 4.0 allows remote FTP servers to cause a denial of service (crash) and possibly execute arbitrary code via a long banner.... Read more

    Affected Products : all_windows 3d-ftp
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 9.3

    HIGH
    CVE-2003-1388

    Buffer overflow in Opera 7.02 Build 2668 allows remote attackers to crash Opera via a long HTTP request ending in a .ZIP extension.... Read more

    Affected Products : opera_browser
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-1252

    register.php in S8Forum 3.0 allows remote attackers to execute arbitrary PHP commands by creating a user whose name ends in a .php extension and entering the desired commands into the E-mail field, which creates a web-accessible .php file that can be call... Read more

    Affected Products : s8forum
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-1154

    MAILsweeper for SMTP 4.3 allows remote attackers to bypass virus protection via a mail message with a malformed zip attachment, as exploited by certain MIMAIL virus variants.... Read more

    Affected Products : mailsweeper
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-1085

    The HTTP server in the Thomson TWC305, TWC315, and TCW690 cable modem ST42.03.0a allows remote attackers to cause a denial of service (unstable service) via a long GET request, possibly caused by a buffer overflow.... Read more

    Affected Products : tcm_cable_modem tcw_cable_modem
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-1123

    Sun Java Runtime Environment (JRE) and SDK 1.4.0_01 and earlier allows untrusted applets to access certain information within trusted applets, which allows attackers to bypass the restrictions of the Java security model.... Read more

    Affected Products : jre jdk
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2003-1361

    Unknown vulnerability in VERITAS Bare Metal Restore (BMR) of Tivoli Storage Manager (TSM) 3.1.0 through 3.2.1 allows remote attackers to gain root privileges on the BMR Main Server.... Read more

    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2003-1496

    Unspecified vulnerability in CDE dtmailpr of HP Tru64 4.0F through 5.1B allows local users to gain privileges via unknown attack vectors. NOTE: due to lack of details in the vendor advisory, it is not clear whether this is the same issue as CVE-1999-0840.... Read more

    Affected Products : tru64
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-1128

    XMMS.pm in X2 XMMS Remote, as obtained from the vendor server between 4 AM 11 AM PST on May 7, 2003, allows remote attackers to execute arbitrary commands via shell metacharacters in a request to TCP port 8086.... Read more

    Affected Products : xmms_remote
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-1555

    ScozNet ScozBook 1.1 BETA allows remote attackers to obtain sensitive information via an invalid PG parameter in view.php, which reveals the installation path in an error message.... Read more

    Affected Products : scozbook
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-1456

    Album.pl 6.1 allows remote attackers to execute arbitrary commands, when an alternative configuration file is used, via unknown attack vectors.... Read more

    Affected Products : linux_kernel all_windows album.pl unix
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2003-1225

    The default CredentialMapper for BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores passwords in cleartext on disk, which allows local users to extract passwords.... Read more

    Affected Products : weblogic_server
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 6.3

    MEDIUM
    CVE-2003-1497

    Buffer overflow in the system log viewer of Linksys BEFSX41 1.44.3 allows remote attackers to cause a denial of service via an HTTP request with a long Log_Page_Num variable.... Read more

    Affected Products : befsx41
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2003-1121

    Services in ScriptLogic 4.01, and possibly other versions before 4.14, process client requests at raised privileges, which allows remote attackers to (1) modify arbitrary registry entries via the ScriptLogic RPC service (SLRPC) or (2) modify arbitrary con... Read more

    Affected Products : scriptlogic
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2003-1543

    Cross-site scripting (XSS) vulnerability in Bajie Http Web Server 0.95zxe, 0.95zxc, and possibly others, allows remote attackers to inject arbitrary web script or HTML via the query string, which is reflected in an error message.... Read more

    Affected Products : java_http_server
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2003-1475

    Netbus 1.5 through 1.7 allows more than one client to be connected at the same time, but only prompts the first connection for authentication, which allows remote attackers to gain access.... Read more

    Affected Products : netbus
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 5.8

    MEDIUM
    CVE-2003-1238

    Cross-site scripting vulnerability (XSS) in Nuked-Klan 1.3 beta and earlier allows remote attackers to steal authentication information via cookies by injecting arbitrary HTML or script into op of the (1) Team, (2) News, and (3) Liens modules.... Read more

    Affected Products : nuked-klan
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025
Showing 20 of 293186 Results