Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2006-5216

    Stack-based buffer overflow in Sergey Lyubka Simple HTTPD (shttpd) 1.34 allows remote attackers to execute arbitrary code via a long URI.... Read more

    Affected Products : simple_httpd
    • Published: Oct. 10, 2006
    • Modified: Apr. 09, 2025

  • 5.1

    MEDIUM
    CVE-2006-5220

    Multiple PHP remote file inclusion vulnerabilities in WebYep 1.1.9, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via the webyep_sIncludePath in (1) files in the programm/lib/ directory including (a) WYApplication.... Read more

    Affected Products : webyep
    • Published: Oct. 10, 2006
    • Modified: Apr. 09, 2025

  • 6.4

    MEDIUM
    CVE-2006-5211

    Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for SMB 2.0 before 6.0.0.1385, and OfficeScan Corporate Edition (OSCE) 6.5 before 6.5.0.1418, 7.0 before 7.0.0.1257, and 7.3 before 7.3.0.1053 allow remote attackers to remove OfficeScan cl... Read more

    Affected Products : officescan_corporate_edition
    • Published: Oct. 10, 2006
    • Modified: Apr. 09, 2025

  • 4.9

    MEDIUM
    CVE-2006-3741

    The perfmonctl system call (sys_perfmonctl) in Linux kernel 2.4.x and 2.6 before 2.6.18, when running on Itanium systems, does not properly track the reference count for file descriptors, which allows local users to cause a denial of service (file descrip... Read more

    Affected Products : linux_kernel enterprise_linux
    • Published: Oct. 10, 2006
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2006-5156

    Buffer overflow in McAfee ePolicy Orchestrator before 3.5.0.720 and ProtectionPilot before 1.1.1.126 allows remote attackers to execute arbitrary code via a request to /spipe/pkg/ with a long source header.... Read more

    • Published: Oct. 05, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5166

    PHP remote file inclusion vulnerability in functions.php in PHP Web Scripts Easy Banner Free allows remote attackers to execute arbitrary PHP code via a URL in the s[phppath] parameter.... Read more

    Affected Products : easy_banner_free easy_banner_free
    • Published: Oct. 05, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5147

    PHP remote file inclusion vulnerability in wamp_dir/setup/yesno.phtml in VAMP Webmail 2.0beta1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the no_url parameter.... Read more

    Affected Products : vamp_webmail
    • Published: Oct. 05, 2006
    • Modified: Apr. 09, 2025

  • 5.1

    MEDIUM
    CVE-2006-5157

    Format string vulnerability in the ActiveX control (ATXCONSOLE.OCX) in TrendMicro OfficeScan Corporate Edition (OSCE) before 7.3 Patch 1 allows remote attackers to execute arbitrary code via format string identifiers in the "Management Console's Remote Cl... Read more

    Affected Products : officescan officescan
    • Published: Oct. 05, 2006
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2006-5151

    Unspecified vulnerability in HP Ignite-UX server before C.6.9.150 for HP-UX B.11.00, B.11.11, and B.11.23 allows remote attackers to "gain root access" via unspecified vectors.... Read more

    Affected Products : hp-ux
    • Published: Oct. 05, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5154

    PHP remote file inclusion vulnerability in cp/sig.php in DeluxeBB 1.09 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the templatefolder parameter.... Read more

    Affected Products : deluxebb
    • Published: Oct. 05, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5159

    Stack-based buffer overflow in Mozilla Firefox allows remote attackers to execute arbitrary code via unspecified vectors involving JavaScript. NOTE: the vendor and original researchers have released a follow-up comment disputing the severity of this issu... Read more

    Affected Products : firefox
    • Published: Oct. 05, 2006
    • Modified: Apr. 09, 2025

  • 6.8

    MEDIUM
    CVE-2006-5146

    Multiple cross-site scripting (XSS) vulnerabilities in Yblog allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in (a) funk.php, or the (2) action parameter in (b) tem.php and (c) uss.php.... Read more

    Affected Products : yblog
    • Published: Oct. 05, 2006
    • Modified: Apr. 09, 2025

  • 5.0

    MEDIUM
    CVE-2006-4511

    Messenger Agents (nmma.exe) in Novell GroupWise 2.0.2 and 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted HTTP POST request to TCP port 8300 with a modified val parameter, which triggers a null dereference related to "zero... Read more

    Affected Products : groupwise_messenger
    • Published: Oct. 05, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5158

    The nlmclnt_mark_reclaim in clntlock.c in NFS lockd in Linux kernel before 2.6.16 allows remote attackers to cause a denial of service (process crash) and deny access to NFS exports via unspecified vectors that trigger a kernel oops (null dereference) and... Read more

    • Published: Oct. 05, 2006
    • Modified: Apr. 09, 2025

  • 3.6

    LOW
    CVE-2006-5163

    IBM Informix Dynamic Server 10.UC3RC1 Trial for Linux and possibly other versions creates /tmp/installserver.txt with insecure permissions, which allows local users to append data to arbitrary files via a symlink attack.... Read more

    Affected Products : informix_dynamic_server
    • Published: Oct. 05, 2006
    • Modified: Apr. 09, 2025

  • 6.5

    MEDIUM
    CVE-2006-5150

    SQL injection vulnerability in the reports system in OpenBiblio before 0.5.2 allows remote attackers with report privileges to execute arbitrary SQL commands via unspecified vectors.... Read more

    Affected Products : openbiblio
    • Published: Oct. 05, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5148

    Multiple PHP remote file inclusion vulnerabilities in Forum82 2.5.2b and earlier allow remote attackers to execute arbitrary PHP code via a URL in the repertorylevel parameter including scripts in /forum/ including (1) search.php, (2) message.php, (3) mem... Read more

    Affected Products : forum82
    • Published: Oct. 05, 2006
    • Modified: Apr. 09, 2025

  • 5.0

    MEDIUM
    CVE-2006-5153

    The (1) fwdrv.sys and (2) khips.sys drivers in Sunbelt Kerio Personal Firewall 4.3.268 and earlier do not validate arguments passed through to SSDT functions, including NtCreateFile, NtDeleteFile, NtLoadDriver, NtMapViewOfSection, NtOpenFile, and NtSetInf... Read more

    Affected Products : personal_firewall
    • Published: Oct. 05, 2006
    • Modified: Apr. 09, 2025

  • 6.4

    MEDIUM
    CVE-2006-5161

    IBM Client Security Password Manager stores and distributes saved passwords based upon the title of a website, which allows remote attackers to obtain username and password credentials by changing the title of an HTML page.... Read more

    Affected Products : client_security_password_manager
    • Published: Oct. 05, 2006
    • Modified: Apr. 09, 2025

  • 5.1

    MEDIUM
    CVE-2006-5165

    PHP remote file inclusion vulnerability in inc/functions.inc.php in Skrypty PPA Gallery 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the config[ppa_root_path] parameter.... Read more

    Affected Products : ppa_gallery
    • Published: Oct. 05, 2006
    • Modified: Apr. 09, 2025
Showing 20 of 294850 Results