Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2003-1339

    Stack-based buffer overflow in eZnet.exe, as used in eZ (a) eZphotoshare, (b) eZmeeting, (c) eZnetwork, and (d) eZshare allows remote attackers to cause a denial of service (crash) or execute arbitrary code, as demonstrated via (1) a long GET request and ... Read more

    Affected Products : ezmeeting
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2003-1375

    Buffer overflow in wall for HP-UX 10.20 through 11.11 may allow local users to execute arbitrary code by calling wall with a large file as an argument.... Read more

    Affected Products : hp-ux
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-1275

    Pocket Internet Explorer (PIE) 3.0 allows remote attackers to cause a denial of service (crash) via a Javascript function that uses the object.innerHTML function to recursively call that function.... Read more

    Affected Products : pocket_ie
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2003-1509

    Real Networks RealOne Enterprise Desktop 6.0.11.774, RealOne Player 2.0, and RealOne Player 6.0.11.818 through RealOne Player 6.0.11.853 allows remote attackers to execute arbitrary script in the local security zone by embedding script in a temp file befo... Read more

    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2003-1498

    Cross-site scripting (XSS) vulnerability in search.php for WRENSOFT Zoom Search Engine 2.0 Build 1018 and earlier allows remote attackers to inject arbitrary web script or HTML via the zoom_query parameter.... Read more

    Affected Products : zoom_search_engine
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-1005

    The PKI functionality in Mac OS X 10.2.8 and 10.3.2 allows remote attackers to cause a denial of service (service crash) via malformed ASN.1 sequences.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2003-1500

    PHP remote file inclusion vulnerability in _functions.php in cpCommerce 0.5f allows remote attackers to execute arbitrary code via the prefix parameter.... Read more

    Affected Products : cpcommerce
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 5.8

    MEDIUM
    CVE-2003-1401

    login.php in php-Board 1.0 stores plaintext passwords in $username.txt with insufficient access control under the web document root, which allows remote attackers to obtain sensitive information via a direct request.... Read more

    Affected Products : php_board
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2003-1467

    Multiple cross-site scripting (XSS) vulnerabilities in (1) login.php, (2) register.php, (3) post.php, and (4) common.php in Phorum before 3.4.3 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors.... Read more

    Affected Products : linux_kernel phorum all_windows unix
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2003-1231

    Cross-site scripting (XSS) vulnerability in index.php in ECW-Shop 5.5 allows remote attackers to inject arbitrary web script or HTML via the cat parameter.... Read more

    Affected Products : ecw-shop
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2003-1306

    Microsoft URLScan 2.5, with the RemoveServerHeader option enabled, allows remote attackers to obtain sensitive information (server name and version) via an HTTP request that generates certain errors such as 400 "Bad Request," which leak the Server header ... Read more

    Affected Products : urlscan
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-1450

    BitchX 75p3 and 1.0c16 through 1.0c20cvs allows remote attackers to cause a denial of service (segmentation fault) via a malformed RPL_NAMREPLY numeric 353 message.... Read more

    Affected Products : bitchx
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2003-1455

    Multiple buffer overflows in the launch_bcrelay function in pptpctrl.c in PoPToP 1.1.4-b1 through PoPToP 1.1.4-b3 allow local users to execute arbitrary code.... Read more

    Affected Products : pptp_server
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-1087

    Unknown vulnerability in diagmond and possibly other applications in HP9000 Series 700/800 running HP-UX B.11.00, B.11.04, B.11.11, and B.11.22 allows remote attackers to cause a denial of service (program failure) via certain network traffic.... Read more

    Affected Products : hp-ux
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2003-1294

    Xscreensaver before 4.15 creates temporary files insecurely in (1) driver/passwd-kerberos.c, (2) driver/xscreensaver-getimage-video, (3) driver/xscreensaver.kss.in, and the (4) vidwhacker and (5) webcollage screensavers, which allows local users to overwr... Read more

    Affected Products : xscreensaver
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2003-1356

    The "file handling" in sort in HP-UX 10.01 through 10.20, and 11.00 through 11.11 is "incorrect," which allows attackers to gain access or cause a denial of service via unknown vectors.... Read more

    Affected Products : hp-ux
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-1469

    The default configuration of ColdFusion MX has the "Enable Robust Exception Information" option selected, which allows remote attackers to obtain the full path of the web server via a direct request to CFIDE/probe.cfm, which leaks the path in an error mes... Read more

    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2003-1521

    Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.... Read more

    Affected Products : java_plug-in
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2003-1520

    SQL injection vulnerability in FuzzyMonkey My Classifieds 2.11 allows remote attackers to execute arbitrary SQL commands via the email parameter.... Read more

    Affected Products : myclassifieds
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2003-1516

    The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed ap... Read more

    Affected Products : java_plug-in
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025
Showing 20 of 293555 Results