Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2003-1397

    The PluginContext object of Opera 6.05 and 7.0 allows remote attackers to cause a denial of service (crash) via an HTTP request containing a long string that gets passed to the ShowDocument method.... Read more

    Affected Products : opera_browser
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-1466

    Unspecified vulnerability in Phorum 3.4 through 3.4.2 allows remote attackers to use Phorum as a connection proxy to other sites via (1) register.php or (2) login.php.... Read more

    Affected Products : phorum
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2003-1551

    Unspecified vulnerability in Novell GroupWise 6 SP3 WebAccess before Revision F has unknown impact and attack vectors related to "malicious script."... Read more

    Affected Products : groupwise
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2003-1424

    message.php in Petitforum does not properly authenticate users, which allows remote attackers to impersonate forum users via a modified connect cookie.... Read more

    Affected Products : petitforum
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 9.3

    HIGH
    CVE-2003-1564

    libxml2, possibly before 2.5.0, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested e... Read more

    Affected Products : libxml2
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-1529

    Directory traversal vulnerability in Seagull Software Systems J Walk application server 3.2C9, and other versions before 3.3c4, allows remote attackers to read arbitrary files via a ".%252e" (encoded dot dot) in the URL.... Read more

    Affected Products : j_walk_application_server
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-0249

    PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: thi... Read more

    Affected Products : php
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-1402

    PHP remote file inclusion vulnerability in hit.php for Kietu 2.0 and 2.3 allows remote attackers to execute arbitrary PHP code via the url_hit parameter, a different vulnerability than CVE-2006-5015.... Read more

    Affected Products : kietu
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2003-1407

    Buffer overflow in cmd.exe in Windows NT 4.0 may allow local users to execute arbitrary code via a long pathname argument to the cd command.... Read more

    Affected Products : windows_nt
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-1559

    Microsoft Internet Explorer 5.22, and other 5 through 6 SP1 versions, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data.... Read more

    Affected Products : internet_explorer ie
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2003-1539

    Cross-site scripting (XSS) vulnerability in ONEdotOH Simple File Manager (SFM) before 0.21 allows remote attackers to inject arbitrary web script or HTML via (1) file names and (2) directory names.... Read more

    Affected Products : simple_file_manager
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-1248

    H-Sphere WebShell 2.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) mode and (2) zipfile parameters in a URL request.... Read more

    Affected Products : h-sphere
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-1092

    Unknown vulnerability in the "Automatic File Content Type Recognition (AFCTR) Tool version of the file package before 3.41, related to "a memory allocation problem," has unknown impact.... Read more

    Affected Products : file_1
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2003-1104

    Buffer overflow in IBM Tivoli Firewall Toolbox (TFST) 1.2 allows remote attackers to execute arbitrary code via unknown vectors.... Read more

    Affected Products : tivoli_firewall_toolbox
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2003-1276

    Netfone.exe of NetTelephone 3.5.6 uses weak encryption for user PIN's and stores user account numbers in plaintext in the HKEY_CURRENT_USER\Software\MediaRing.com\SDK\NetTelephone\settings registry key, which could allow local users to gain unauthorized a... Read more

    Affected Products : nettelephone
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-1118

    Buffer overflow in the SETI@home client 3.03 and other versions allows remote attackers to cause a denial of service (client crash) and execute arbitrary code via a spoofed server response containing a long string followed by a \n (newline) character.... Read more

    Affected Products : seti_at_home
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-1266

    The (1) FTP, (2) POP3, (3) SMTP, and (4) NNTP servers in EServer 2.92 through 2.97, and possibly 2.98, allow remote attackers to cause a denial of service (crash) via a large amount of data.... Read more

    Affected Products : eserv
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2003-1102

    Hummingbird CyberDOCS 3.5, 3.9, and 4.0, when running on IIS, uses insecure permissions for script source code files, which allows remote attackers to read the source code.... Read more

    Affected Products : cyberdocs
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2003-1261

    Buffer overflow in CuteFTP 5.0 and 5.0.1 allows local users to cause a denial of service (crash) by copying a long URL into a clipboard.... Read more

    Affected Products : cuteftp
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2003-1103

    SQL injection vulnerability in loginact.asp for Hummingbird CyberDOCS before 3.9 allows remote attackers to execute arbitrary SQL commands.... Read more

    Affected Products : cyberdocs
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025
Showing 20 of 294354 Results