Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2006-5558

    Format string vulnerability in the swask command in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via format string specifiers in the -s argument. NOTE: this might be a duplicate of CVE-2006-2574, but the details ... Read more

    Affected Products : hp-ux
    • Published: Oct. 27, 2006
    • Modified: Apr. 09, 2025

  • 5.0

    MEDIUM
    CVE-2006-5565

    CRLF injection vulnerability in MAXdev MD-Pro 1.0.76 allows remote attackers to inject arbitrary HTTP headers via a CRLF sequence in the (1) name, (2) file, (3) module, and (4) func parameters in (a) index.php; and the (5) file parameter in (b) modules.ph... Read more

    Affected Products : md-pro
    • Published: Oct. 27, 2006
    • Modified: Apr. 09, 2025

  • 5.0

    MEDIUM
    CVE-2006-5563

    Unspecified vulnerability in Yahoo! Messenger (Service 18) before 8.1.0.195 allows remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted room name in a Conference Invite. NOTE: the provenance of this informa... Read more

    Affected Products : messenger
    • Published: Oct. 27, 2006
    • Modified: Apr. 09, 2025

  • 4.6

    MEDIUM
    CVE-2006-5556

    Buffer overflow in the localtime_r function, and certain other functions, in libc in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via a long TZ environment variable.... Read more

    Affected Products : hp-ux
    • Published: Oct. 27, 2006
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2006-5567

    Multiple heap-based buffer overflows in AOL Nullsoft WinAmp before 5.31 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) ultravox-max-msg header to the Ultravox protocol handler or (2) unspecified Lyrics3 tags.... Read more

    Affected Products : winamp
    • Published: Oct. 27, 2006
    • Modified: Apr. 09, 2025

  • 5.0

    MEDIUM
    CVE-2006-5545

    Premium Antispam in Symantec Mail Security for Domino Server 5.1.x before 5.1.2.28 does not filter certain SMTP address formats, which allows remote attackers to use the product as a spam relay.... Read more

    Affected Products : mail_security
    • Published: Oct. 26, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5552

    Multiple heap-based buffer overflows in RevilloC MailServer 1.21 and earlier allow remote attackers to cause a denial of service (CPU consumption or application crash) or execute arbitrary code via a long argument to the (1) MAIL FROM or (2) RCPT TO comma... Read more

    Affected Products : revilloc_mailserver
    • Published: Oct. 26, 2006
    • Modified: Apr. 09, 2025

  • 5.0

    MEDIUM
    CVE-2006-5536

    Directory traversal vulnerability in cgi-bin/webcm in D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allows remote attackers to read arbitrary files via a .. (dot dot) in the getpage parameter.... Read more

    Affected Products : dsl-g624t
    • Published: Oct. 26, 2006
    • Modified: Apr. 09, 2025

  • 5.1

    MEDIUM
    CVE-2006-5546

    PHP remote file inclusion vulnerability in OTSCMS/OTSCMS.php in Open Tibia Server Content Management System (OTSCMS) 1.3.0 through 1.4.1 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[config][otscms][directories][classes] p... Read more

    Affected Products : otscms
    • Published: Oct. 26, 2006
    • Modified: Apr. 09, 2025

  • 6.8

    MEDIUM
    CVE-2006-5532

    Cross-site scripting (XSS) vulnerability in rmgs/images.php in RMSOFT Gallery System 2.0 allows remote attackers to inject arbitrary web script or HTML via the kw parameter. NOTE: some of these details are obtained from third party information.... Read more

    Affected Products : xoops_rmsoft_gallery_system
    • Published: Oct. 26, 2006
    • Modified: Apr. 09, 2025

  • 5.1

    MEDIUM
    CVE-2006-5533

    Multiple PHP remote file inclusion vulnerabilities in AROUNDMe 0.6.9, and possibly earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the templatePath parameter in template/barnraiser_01/pol_view.t... Read more

    Affected Products : aroundme
    • Published: Oct. 26, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5549

    PHP remote file inclusion vulnerability in libraries/amfphp/amf-core/custom/CachedGateway.php in Adobe PHP SDK allows remote attackers to execute arbitrary PHP code via the AMFPHP_BASE parameter. NOTE: this issue has been disputed by a third-party resear... Read more

    Affected Products : adobe_php_ria_sdk
    • Published: Oct. 26, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5555

    PHP remote file inclusion vulnerability in constantes.inc.php in EPNadmin 0.7 and 0.7.1 allows remote attackers to execute arbitrary PHP code via the langage parameter.... Read more

    Affected Products : epnadmin
    • Published: Oct. 26, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5539

    PHP remote file inclusion vulnerability in login/secure.php in UeberProject Management System 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cfg[homepath] parameter.... Read more

    Affected Products : ueberproject_management_system
    • Published: Oct. 26, 2006
    • Modified: Apr. 09, 2025

  • 4.0

    MEDIUM
    CVE-2006-5541

    backend/parser/parse_coerce.c in PostgreSQL 7.4.1 through 7.4.14, 8.0.x before 8.0.9, and 8.1.x before 8.1.5 allows remote authenticated users to cause a denial of service (daemon crash) via a coercion of an unknown element to ANYARRAY.... Read more

    Affected Products : postgresql
    • Published: Oct. 26, 2006
    • Modified: Apr. 09, 2025

  • 5.0

    MEDIUM
    CVE-2006-5528

    Directory traversal vulnerability in mod.php in SchoolAlumni Portal 2.26 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the mod parameter. NOTE: some of these details are obtained from third party information.... Read more

    Affected Products : schoolalumni_portal
    • Published: Oct. 26, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5527

    PHP remote file inclusion vulnerability in lib.editor.inc.php in Intelimen InteliEditor 1.2.x allows remote attackers to execute arbitrary PHP code via a URL in the sys_path parameter.... Read more

    Affected Products : intelieditor
    • Published: Oct. 26, 2006
    • Modified: Apr. 09, 2025

  • 4.3

    MEDIUM
    CVE-2006-5534

    Multiple cross-site scripting (XSS) vulnerabilities in index.htm in Zwahlen Online Shop Freeware 5.2.2.50, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) cat, (2) Kat, (3) id, or (4) no parameters. NOTE: so... Read more

    Affected Products : online_shop
    • Published: Oct. 26, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5526

    Multiple PHP remote file inclusion vulnerabilities in Teake Nutma Foing, as modified in Fully Modded phpBB (phpbbfm) 2021.4.40 and earlier, allow remote attackers to execute arbitrary PHP code via a URL in the foing_root_path parameter in (a) faq.php, (b)... Read more

    Affected Products : fully_modded_phpbb
    • Published: Oct. 26, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5554

    Directory traversal vulnerability in index.php in Imageview 5 allows remote attackers to read or execute arbitrary local files via a .. (dot dot) in the user_settings cookie, as demonstrated by using the MyFile parameter in albumview.php to upload a text/... Read more

    Affected Products : imageview
    • Published: Oct. 26, 2006
    • Modified: Apr. 09, 2025
Showing 20 of 294850 Results