Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.3

    MEDIUM
    CVE-2003-1524

    PGPi PGPDisk 6.0.2i does not unmount a PGP partition when the switch user function in Windows XP is used, which could allow local users to access data on another user's PGP partition.... Read more

    Affected Products : pgpdisk
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 1.7

    LOW
    CVE-2003-0986

    Various routines for the ppc64 architecture on Linux kernel 2.6 prior to 2.6.2 and 2.4 prior to 2.4.24 do not use the copy_from_user function when copying data from userspace to kernelspace, which crosses security boundaries and allows local users to caus... Read more

    Affected Products : linux_kernel enterprise_linux
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-1109

    The Session Initiation Protocol (SIP) implementation in multiple Cisco products including IP Phone models 7940 and 7960, IOS versions in the 12.2 train, and Secure PIX 5.2.9 to 6.2.2 allows remote attackers to cause a denial of service and possibly execut... Read more

    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-1066

    Buffer overflow in the syslog daemon for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (syslogd crash) and possibly execute arbitrary code via long syslog UDP packets.... Read more

    Affected Products : solaris sunos
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 4.4

    MEDIUM
    CVE-2003-1444

    Kaspersky Antivirus (KAV) 4.0.9.0 allows local users to cause a denial of service (CPU consumption or crash) and prevent malicious code from being detected via a file with a long pathname.... Read more

    Affected Products : kaspersky_anti-virus
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-1449

    Aladdin Knowlege Systems eSafe Gateway 3.5.126.0 does not check the entire stream of Content Vectoring Protocol (CVP) data, which allows remote attackers to bypass virus protection.... Read more

    Affected Products : esafe_gateway
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-1540

    WF-Chat 1.0 Beta stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain authentication information via a direct request to (1) !pwds.txt and (2) !nicks.txt.... Read more

    Affected Products : wfchat
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2003-1440

    SpamProbe 0.8a allows remote attackers to cause a denial of service (crash) via HTML e-mail with newline characters within an href tag, which is not properly handled by certain regular expressions.... Read more

    Affected Products : spamprobe
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-1458

    SQL injection vulnerability in Profile.php in ttCMS 2.2 and ttForum allows remote attackers to execute arbitrary SQL commands via the member name.... Read more

    Affected Products : ttforum ttcms
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-1454

    Invision Power Services Invision Board 1.0 through 1.1.1, when a forum is password protected, stores the administrator password in a cookie in plaintext, which could allow remote attackers to gain access.... Read more

    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2003-1520

    SQL injection vulnerability in FuzzyMonkey My Classifieds 2.11 allows remote attackers to execute arbitrary SQL commands via the email parameter.... Read more

    Affected Products : myclassifieds
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2003-1461

    Buffer overflow in rwrite for HP-UX 11.0 could allow local users to execute arbitrary code via a long argument. NOTE: the vendor was unable to reproduce the problem on a system that had been patched for an lp vulnerability (CVE-2002-1473).... Read more

    Affected Products : hp-ux
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 6.3

    MEDIUM
    CVE-2003-1471

    MDaemon POP server 6.0.7 and earlier allows remote authenticated users to cause a denial of service (crash) via a (1) DELE or (2) UIDL with a negative number.... Read more

    Affected Products : mdaemon
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 3.5

    LOW
    CVE-2003-1463

    Absolute path traversal vulnerability in Alt-N Technologies WebAdmin 2.0.0 through 2.0.2 allows remote attackers with administrator privileges to (1) determine the installation path by reading the contents of the Name parameter in a link, and (2) read arb... Read more

    Affected Products : webadmin all_windows
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-1489

    upload.php in Truegalerie 1.0 allows remote attackers to read arbitrary files by specifying the target filename in the file cookie in form.php, then downloading the file from the image gallery.... Read more

    Affected Products : truegalerie
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-1491

    Kerio Personal Firewall (KPF) 2.1.4 has a default rule to accept incoming packets from DNS (UDP port 53), which allows remote attackers to bypass the firewall filters via packets with a source port of 53.... Read more

    Affected Products : personal_firewall
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 8.8

    HIGH
    CVE-2003-1378

    Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077.... Read more

    Affected Products : outlook outlook_express
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-1091

    Integer overflow in MP3Broadcaster for Apple QuickTime/Darwin Streaming Server 4.1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via malformed ID3 tags in MP3 files.... Read more

    Affected Products : quicktime_broadcaster
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2003-1420

    Cross-site scripting (XSS) vulnerability in Opera 6.0 through 7.0 with automatic redirection disabled allows remote attackers to inject arbitrary web script or HTML via the HTTP Location header.... Read more

    Affected Products : opera_browser
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2003-1215

    SQL injection vulnerability in groupcp.php for phpBB 2.0.6 and earlier allows group moderators to perform unauthorized activities via the sql_in parameter.... Read more

    Affected Products : phpbb
    • Published: Dec. 29, 2003
    • Modified: Apr. 03, 2025
Showing 20 of 293629 Results