Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-1999-1263

    Metamail before 2.7-7.2 allows remote attackers to overwrite arbitrary files via an e-mail message containing a uuencoded attachment that specifies the full pathname for the file to be modified, which is processed by uuencode in Metamail scripts such as s... Read more

    Affected Products : metamail
    • Published: Aug. 15, 2003
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2003-1088

    Cross-site scripting (XSS) vulnerability in index.php for Zorum 3.4 and 3.5 allows remote attackers to inject arbitrary web script or HTML via the method parameter.... Read more

    Affected Products : zorum
    • Published: Aug. 11, 2003
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2003-0499

    Mantis 0.17.5 and earlier stores its database password in cleartext in a world-readable configuration file, which allows local users to perform unauthorized database operations.... Read more

    Affected Products : mantis
    • Published: Aug. 07, 2003
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2003-0497

    Caché Database 5.x installs /cachesys/bin/cache with world-writable permissions, which allows local users to gain privileges by modifying cache and executing it via cuxs.... Read more

    Affected Products : cache_database
    • Published: Aug. 07, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0508

    Buffer overflow in the WWWLaunchNetscape function of Adobe Acrobat Reader (acroread) 5.0.7 and earlier allows remote attackers to execute arbitrary code via a .pdf file with a long mailto link.... Read more

    Affected Products : acrobat_reader
    • Published: Aug. 07, 2003
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2003-0490

    The installation of Dantz Retrospect Client 5.0.540 on MacOS X 10.2.6, and possibly other versions, creates critical directories and files with world-writable permissions, which allows local users to gain privileges as other users by replacing programs wi... Read more

    Affected Products : retrospect_client
    • Published: Aug. 07, 2003
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2003-0455

    The imagemagick libmagick library 5.5 and earlier creates temporary files insecurely, which allows local users to create or overwrite arbitrary files.... Read more

    Affected Products : libmagick_library
    • Published: Aug. 07, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-0506

    Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to cause a denial of service (shutdown of NetMeeting conference) via malformed packets, as demonstrated via the chat conversation.... Read more

    Affected Products : netmeeting
    • Published: Aug. 07, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-0477

    wzdftpd 0.1rc4 and earlier allows remote attackers to cause a denial of service (crash) via a PORT command without an argument.... Read more

    Affected Products : wzdftpd
    • Published: Aug. 07, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-0505

    Directory traversal vulnerability in Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to read arbitrary files via "..\.." (dot dot) sequences in a file transfer request.... Read more

    Affected Products : netmeeting
    • Published: Aug. 07, 2003
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2003-0498

    Caché Database 5.x installs the /cachesys/csp directory with insecure permissions, which allows local users to execute arbitrary code by adding server-side scripts that are executed with root privileges.... Read more

    Affected Products : cache_database
    • Published: Aug. 07, 2003
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2003-0493

    Snitz Forums 3.4.03 and earlier allows attackers to gain privileges as other users by stealing and replaying the encrypted password after obtaining a valid session ID.... Read more

    Affected Products : snitz_forums_2000
    • Published: Aug. 07, 2003
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2003-0478

    Format string vulnerability in (1) Bahamut IRCd 1.4.35 and earlier, and other IRC daemons based on Bahamut including (2) digatech 1.2.1, (3) methane 0.1.1, (4) AndromedeIRCd 1.2.3-Release, and (5) ircd-RU, when running in debug mode, allows remote attacke... Read more

    Affected Products : adromedeircd methane digatech ircd-ru ircd
    • Published: Aug. 07, 2003
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2003-0495

    Cross-site scripting (XSS) vulnerability in LedNews 0.7 allows remote attackers to insert arbitrary web script via a news item.... Read more

    Affected Products : lednews
    • Published: Aug. 07, 2003
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2003-0492

    Cross-site scripting (XSS) vulnerability in search.asp for Snitz Forums 3.4.03 and earlier allows remote attackers to execute arbitrary web script via the Search parameter.... Read more

    Affected Products : snitz_forums_2000
    • Published: Aug. 07, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0469

    Buffer overflow in the HTML Converter (HTML32.cnv) on various Windows operating systems allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via cut-and-paste operation, as demonstrated in Internet Explorer 5.0 ... Read more

    • Published: Aug. 07, 2003
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2003-0500

    SQL injection vulnerability in the PostgreSQL authentication module (mod_sql_postgres) for ProFTPD before 1.2.9rc1 allows remote attackers to execute arbitrary SQL and gain privileges by bypassing authentication or stealing passwords via the USER name.... Read more

    Affected Products : proftpd
    • Published: Aug. 07, 2003
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2003-0449

    Progress Database 9.1 to 9.1D06 trusts user input to find and load libraries using dlopen, which allows local users to gain privileges via (1) a PATH environment variable that points to malicious libraries, as demonstrated using libjutil.so in_proapsv, or... Read more

    Affected Products : database
    • Published: Aug. 07, 2003
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2003-0453

    traceroute-nanog 6.1.1 allows local users to overwrite unauthorized memory and possibly execute arbitrary code via certain "nprobes" and "max_ttl" arguments that cause an integer overflow that is used when allocating memory, which leads to a buffer overfl... Read more

    Affected Products : traceroute-nanog
    • Published: Aug. 07, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0487

    Multiple buffer overflows in Kerio MailServer 5.6.3 allow remote authenticated users to cause a denial of service and possibly execute arbitrary code via (1) a long showuser parameter in the do_subscribe module, (2) a long folder parameter in the add_acl ... Read more

    Affected Products : kerio_mailserver
    • Published: Aug. 07, 2003
    • Modified: Apr. 03, 2025
Showing 20 of 293609 Results