Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.0

    MEDIUM
    CVE-2006-5428

    rpc.php in Cerberus Helpdesk 3.2.1 does not verify a client's privileges for a display_get_requesters operation, which allows remote attackers to bypass the GUI login and obtain sensitive information (ticket data) via a direct request.... Read more

    Affected Products : cerberus_helpdesk
    • Published: Oct. 20, 2006
    • Modified: Apr. 09, 2025

  • 5.0

    MEDIUM
    CVE-2006-5425

    XORP (eXtensible Open Router Platform) 1.2 and 1.3 allows remote attackers to cause a denial of service (application crash) via an Open Shortest Path First (OSPF) Link State Advertisement (LSA) with an invalid LSA length field.... Read more

    Affected Products : extensible_open_router_platform
    • Published: Oct. 20, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5431

    PHP remote file inclusion vulnerability in gorum/dbproperty.php in PHPOutsourcing Zorum 3.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the appDirName parameter.... Read more

    Affected Products : zorum
    • Published: Oct. 20, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5429

    Multiple PHP remote file inclusion vulnerabilities in Barry Nauta BRIM 1.2.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the renderer parameter in template.tpl.php in (1) templates/barrel/, (2) templates/sidebar/, (3) tem... Read more

    Affected Products : brim
    • Published: Oct. 20, 2006
    • Modified: Apr. 09, 2025

  • 5.1

    MEDIUM
    CVE-2006-5427

    PHP remote file inclusion vulnerability in plugins/main.php in Php AMX 0.9.0, when register_globals is enabled or magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plug_path parameter.... Read more

    Affected Products : php_amx
    • Published: Oct. 20, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5423

    PHP remote file inclusion vulnerability in admin/admin_module.php in Lou Portail 1.4.1, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the g_admin_rep parameter. NOTE: the provenance of this information is unknown... Read more

    Affected Products : lou_portail
    • Published: Oct. 20, 2006
    • Modified: Apr. 09, 2025

  • 6.8

    MEDIUM
    CVE-2006-5430

    Cross-site scripting (XSS) vulnerability in the search functionality in db-central (dbc) Enterprise CMS and db-central CMS allows remote attackers to inject arbitrary web script or HTML via the needle parameter. NOTE: the provenance of this information i... Read more

    Affected Products : cms enterprise_cms
    • Published: Oct. 20, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5409

    Multiple SQL injection vulnerabilities in the wireless IDS management interface for Highwall Enterprise and Highwall Endpoint 4.0.2.11045 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.... Read more

    • Published: Oct. 20, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5422

    PHP remote file inclusion vulnerability in calcul-page.php in Lodel (patchlodel) 0.7.3 allows remote attackers to execute arbitrary PHP code via a URL in the home parameter.... Read more

    Affected Products : lodel_cms
    • Published: Oct. 20, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5421

    WSN Forum 1.3.4 and earlier allows remote attackers to execute arbitrary PHP code via a modified pathname in the pathtoconfig parameter that points to an avatar image that contains PHP code, which is then accessed from prestart.php. NOTE: this issue has ... Read more

    Affected Products : wsn_forum
    • Published: Oct. 20, 2006
    • Modified: Apr. 09, 2025

  • 5.0

    MEDIUM
    CVE-2006-5417

    McAfee Network Agent (mcnasvc.exe) 1.0.178.0, as used by multiple McAfee products possibly including Internet Security Suite, Personal Firewall Plus, and VirusScan, allows remote attackers to cause a denial of service (agent crash) via a long packet, poss... Read more

    • Published: Oct. 20, 2006
    • Modified: Apr. 09, 2025

  • 5.1

    MEDIUM
    CVE-2006-5410

    PHP remote file inclusion vulnerability in templates/tmpl_dfl/scripts/index.php in BoonEx Dolphin 5.2 allows remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter. NOTE: it is possible that this issue overlaps CVE-2006-4189.... Read more

    Affected Products : dolphin
    • Published: Oct. 20, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5411

    Unrestricted file upload vulnerability in upload.php for Free Web Publishing System (FreeWPS), possibly 2.11 and earlier, allows remote attackers to upload and execute arbitrary PHP programs.... Read more

    Affected Products : freewps
    • Published: Oct. 20, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5419

    PHP remote file inclusion vulnerability in client.php in University of Glasgow Specimen Image Database (SID), when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter.... Read more

    Affected Products : specimen_image_database
    • Published: Oct. 20, 2006
    • Modified: Apr. 09, 2025

  • 5.1

    MEDIUM
    CVE-2006-5416

    Cross-site scripting (XSS) vulnerability in my.acctab.php3 in F5 Networks FirePass 1000 SSL VPN 5.5, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the sid parameter.... Read more

    Affected Products : firepass_1000
    • Published: Oct. 20, 2006
    • Modified: Apr. 09, 2025

  • 5.1

    MEDIUM
    CVE-2006-5412

    admin.php in PHP Outburst Easynews 4.4.1 and earlier, when register_globals is enabled, allows remote attackers to bypass authentication, and gain the ability to execute arbitrary code, via the en_login_id parameter.... Read more

    Affected Products : easynews
    • Published: Oct. 20, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5413

    Multiple PHP remote file inclusion vulnerabilities in SuperMod 3.0.0 for YABB (YaBBSM) allow remote attackers to execute arbitrary PHP code via a URL in the sourcedir parameter to (1) Offline.php, (2) Sources/Admin.php, (3) Sources/Offline.php, or (4) con... Read more

    Affected Products : supermod
    • Published: Oct. 20, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5415

    PHP remote file inclusion vulnerability in includes/functions_newshr.php in the News Defilante Horizontale 4.1.1 and earlier module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.... Read more

    Affected Products : news_defilante_horizontale
    • Published: Oct. 20, 2006
    • Modified: Apr. 09, 2025

  • 5.1

    MEDIUM
    CVE-2006-5408

    Multiple cross-site scripting (XSS) vulnerabilities in the wireless IDS management interface for Highwall Enterprise and Highwall Endpoint 4.0.2.11045 allow remote attackers to inject arbitrary HTML or web script via unspecified vectors.... Read more

    • Published: Oct. 20, 2006
    • Modified: Apr. 09, 2025

  • 5.0

    MEDIUM
    CVE-2006-5420

    Kerio WinRoute Firewall 6.2.2 and earlier allows remote attackers to cause a denial of service (crash) via malformed DNS responses.... Read more

    Affected Products : winroute_firewall
    • Published: Oct. 20, 2006
    • Modified: Apr. 09, 2025
Showing 20 of 294723 Results