Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2003-0585

    SQL injection vulnerability in login.asp of Brooky eStore 1.0.1 through 1.0.2b allows remote attackers to bypass authentication and execute arbitrary SQL code via the (1) user or (2) pass parameters.... Read more

    Affected Products : estore
    • Published: Aug. 18, 2003
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2003-0579

    uvadmsh in IBM U2 UniVerse 10.0.0.9 and earlier trusts the user-supplied -uv.install command line option to find and execute the uv.install program, which allows local users to gain privileges by providing a pathname that is under control of the user.... Read more

    Affected Products : u2_universe
    • Published: Aug. 18, 2003
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2003-0518

    The screen saver in MacOS X allows users with physical access to cause the screen saver to crash and gain access to the underlying session via a large number of characters in the password field, possibly triggering a buffer overflow.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • Published: Aug. 18, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0557

    SQL injection vulnerability in login.asp for StoreFront 6.0, and possibly earlier versions, allows remote attackers to obtain sensitive user information via SQL statements in the password field.... Read more

    Affected Products : storefront
    • Published: Aug. 18, 2003
    • Modified: Apr. 03, 2025

  • 5.5

    MEDIUM
    CVE-2003-0517

    faxrunqd.in in mgetty 1.1.28 and earlier allows local users to overwrite files via a symlink attack on JOB files.... Read more

    Affected Products : mgetty
    • Published: Aug. 18, 2003
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2003-0574

    Unknown vulnerability in SGI IRIX 6.5.x through 6.5.20, and possibly earlier versions, allows local users to cause a core dump in scheme and possibly gain privileges via certain environment variables, a different vulnerability than CVE-2001-0797 and CVE-1... Read more

    Affected Products : irix
    • Published: Aug. 18, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0586

    Brooky eStore 1.0.1 through 1.0.2b allows remote attackers to obtain sensitive path information via a direct HTTP request to settings.inc.php.... Read more

    Affected Products : estore
    • Published: Aug. 18, 2003
    • Modified: Apr. 03, 2025

  • 6.9

    MEDIUM
    CVE-2003-0587

    Cross-site scripting (XSS) vulnerability in Infopop Ultimate Bulletin Board (UBB) 6.x allows remote authenticated users to execute arbitrary web script and gain administrative access via the "displayed name" attribute of the "ubber" cookie.... Read more

    Affected Products : ultimate_bulletin_board
    • Published: Aug. 18, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2001-1410

    Internet Explorer 6 and earlier allows remote attackers to create chromeless windows using the Javascript window.createPopup method, which could allow attackers to simulate a victim's display and conduct unauthorized activities or steal sensitive data via... Read more

    Affected Products : internet_explorer
    • Published: Aug. 18, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0577

    mpg123 0.59r allows remote attackers to cause a denial of service and possibly execute arbitrary code via an MP3 file with a zero bitrate, which creates a negative frame size.... Read more

    Affected Products : mpg123
    • Published: Aug. 18, 2003
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2003-0192

    Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which could ... Read more

    Affected Products : http_server
    • Published: Aug. 18, 2003
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-1999-1263

    Metamail before 2.7-7.2 allows remote attackers to overwrite arbitrary files via an e-mail message containing a uuencoded attachment that specifies the full pathname for the file to be modified, which is processed by uuencode in Metamail scripts such as s... Read more

    Affected Products : metamail
    • Published: Aug. 15, 2003
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2003-1088

    Cross-site scripting (XSS) vulnerability in index.php for Zorum 3.4 and 3.5 allows remote attackers to inject arbitrary web script or HTML via the method parameter.... Read more

    Affected Products : zorum
    • Published: Aug. 11, 2003
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2003-0500

    SQL injection vulnerability in the PostgreSQL authentication module (mod_sql_postgres) for ProFTPD before 1.2.9rc1 allows remote attackers to execute arbitrary SQL and gain privileges by bypassing authentication or stealing passwords via the USER name.... Read more

    Affected Products : proftpd
    • Published: Aug. 07, 2003
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2003-0490

    The installation of Dantz Retrospect Client 5.0.540 on MacOS X 10.2.6, and possibly other versions, creates critical directories and files with world-writable permissions, which allows local users to gain privileges as other users by replacing programs wi... Read more

    Affected Products : retrospect_client
    • Published: Aug. 07, 2003
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2003-0497

    Caché Database 5.x installs /cachesys/bin/cache with world-writable permissions, which allows local users to gain privileges by modifying cache and executing it via cuxs.... Read more

    Affected Products : cache_database
    • Published: Aug. 07, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0482

    TUTOS 1.1 allows remote attackers to execute arbitrary code by uploading the code using file_new.php, then directly accessing the uploaded code via a request to the repository containing the code.... Read more

    Affected Products : tutos
    • Published: Aug. 07, 2003
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2003-0488

    Multiple cross-site scripting (XSS) vulnerabilities in Kerio MailServer 5.6.3 allow remote attackers to insert arbitrary web script via (1) the add_name parameter in the add_acl module, or (2) the alias parameter in the do_map module.... Read more

    Affected Products : kerio_mailserver
    • Published: Aug. 07, 2003
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2003-0481

    Multiple cross-site scripting (XSS) vulnerabilities in TUTOS 1.1 allow remote attackers to insert arbitrary web script, as demonstrated using the msg parameter to file_select.php.... Read more

    Affected Products : tutos
    • Published: Aug. 07, 2003
    • Modified: Apr. 03, 2025

  • 3.7

    LOW
    CVE-2003-0480

    VMware Workstation 4.0 for Linux allows local users to overwrite arbitrary files and gain privileges via "symlink manipulation."... Read more

    Affected Products : workstation
    • Published: Aug. 07, 2003
    • Modified: Apr. 03, 2025
Showing 20 of 293620 Results