Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2003-1186

    Buffer overflow in TelCondex SimpleWebServer 2.12.30210 Build3285 allows remote attackers to execute arbitrary code via a long HTTP Referer header.... Read more

    Affected Products : simplewebserver
    • Published: Oct. 29, 2003
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2003-1151

    Cross-site scripting (XSS) vulnerability in Fastream NETFile Server 6.0.3.588 allows remote attackers to inject arbitrary web script or HTML via the URL, which is displayed on a "404 Not Found" error page.... Read more

    Affected Products : netfile_ftp_web_server
    • Published: Oct. 28, 2003
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2003-1183

    The WebCache component in Oracle Files 9.0.3.1.0, 9.0.3.2.0, and 9.0.3.3.0 of Oracle Collaboration Suite Release 1 caches files despite the cacheability rules imposed by Oracle Files, which allows local users to gain access.... Read more

    Affected Products : oracle_files
    • Published: Oct. 28, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-1139

    Musicqueue 1.2.0 allows local users to overwrite arbitrary files by triggering a segmentation fault and using a symlink attack on the resulting musicqueue.crash file.... Read more

    Affected Products : musicqueue
    • Published: Oct. 27, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-1137

    Charles Steinkuehler sh-httpd 0.3 and 0.4 allows remote attackers to read files or execute arbitrary CGI scripts via a GET request that contains an asterisk (*) wildcard character.... Read more

    Affected Products : sh-httpd
    • Published: Oct. 27, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-1150

    Buffer overflow in the portmapper service (PMAP.NLM) in Novell NetWare 6 SP3 and ZenWorks for Desktops 3.2 SP2 through 4.0.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via unknown attack vectors.... Read more

    Affected Products : netware zenworks_desktops
    • Published: Oct. 27, 2003
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2003-1140

    Buffer overflow in Musicqueue 1.2.0 allows local users to execute arbitrary code via a long language variable in the configuration file.... Read more

    Affected Products : musicqueue
    • Published: Oct. 27, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-1060

    The NFS Server for Solaris 7, 8, and 9 allows remote attackers to cause a denial of service (UFS panic) via certain invalid UFS requests, which triggers a null dereference.... Read more

    Affected Products : solaris sunos
    • Published: Oct. 27, 2003
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2003-1149

    Cross-site scripting (XSS) vulnerability in Symantec Norton Internet Security 2003 6.0.4.34 allows remote attackers to inject arbitrary web script or HTML via a URL to a blocked site, which is displayed on the blocked sites error page.... Read more

    Affected Products : norton_internet_security
    • Published: Oct. 27, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-1138

    The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double slash ... Read more

    Affected Products : linux interchange
    • Published: Oct. 27, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-1148

    Multiple PHP remote file inclusion vulnerabilities in J-Pierre DEZELUS Les Visiteurs 2.0.1, as used in phpMyConferences (phpMyConference) 8.0.2 and possibly other products, allow remote attackers to execute arbitrary PHP code via a URL in the lvc_include_... Read more

    Affected Products : les_visiteurs
    • Published: Oct. 25, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-1181

    Advanced Poll 2.0.2 allows remote attackers to obtain sensitive information via an HTTP request to info.php, which invokes the phpinfo() function.... Read more

    Affected Products : advanced_poll
    • Published: Oct. 25, 2003
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2003-1136

    Cross-site scripting (XSS) vulnerability in Chi Kien Uong Guestbook 1.51 allows remote attackers to inject arbitrary web script or HTML via (1) HTML in a posted message or (2) Javascript in an onmouseover attribute in an e-mail address or URL.... Read more

    Affected Products : chi_kien_uong_guestbook
    • Published: Oct. 23, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0709

    Buffer overflow in the whois client, which is not setuid but is sometimes called from within CGI programs, may allow remote attackers to execute arbitrary code via a long command line option.... Read more

    Affected Products : whois
    • Published: Oct. 20, 2003
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2003-0726

    RealOne player allows remote attackers to execute arbitrary script in the "My Computer" zone via a SMIL presentation with a URL that references a scripting protocol, which is executed in the security context of the previously loaded URL, as demonstrated u... Read more

    • Published: Oct. 20, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0751

    SQL injection vulnerability in pass_done.php for PY-Membres 4.2 and earlier allows remote attackers to execute arbitrary SQL queries via the email parameter.... Read more

    Affected Products : py-membres
    • Published: Oct. 20, 2003
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2003-0732

    CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows the guest user to obtain restricted information and possibly gain administrative privileges by changing the "guest" user to the Admin user on the Modify or delete users pages.... Read more

    • Published: Oct. 20, 2003
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2003-0731

    CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows the guest user to gain administrative privileges via a certain POST request to com.cisco.nm.cmf.servlet.CsAuthServlet, possibly involving the "cmd" parameter with a modifyUser value and ... Read more

    • Published: Oct. 20, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0754

    nphpd.php in newsPHP 216 and earlier allows remote attackers to bypass authentication via an HTTP request with a modified nphp_users array, which is used for authentication.... Read more

    Affected Products : newsphp
    • Published: Oct. 20, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0708

    Format string vulnerability in LinuxNode (node) before 0.3.2 may allow attackers to cause a denial of service or execute arbitrary code.... Read more

    Affected Products : linuxnode
    • Published: Oct. 20, 2003
    • Modified: Apr. 03, 2025
Showing 20 of 293364 Results