Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2006-5209

    PHP remote file inclusion vulnerability in admin/admin_topic_action_logging.php in Admin Topic Action Logging Mod 0.95 and earlier, as used in phpBB 2.0 up to 2.0.21, allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path p... Read more

    Affected Products : phpbb phpbb
    • Published: Oct. 10, 2006
    • Modified: Apr. 09, 2025

  • 3.6

    LOW
    CVE-2006-5213

    Sun Solaris 10 before 20061006 uses "incorrect and insufficient permission checks" that allow local users to intercept or spoof packets by creating a raw socket on a link aggregation (network device aggregation).... Read more

    Affected Products : solaris
    • Published: Oct. 10, 2006
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2006-5176

    Buffer overflow in NTLM authentication in MailEnable Professional 2.0 and Enterprise 2.0 allows remote attackers to execute arbitrary code via "the signature field of NTLM Type 1 messages".... Read more

    • Published: Oct. 10, 2006
    • Modified: Apr. 09, 2025

  • 4.9

    MEDIUM
    CVE-2006-3741

    The perfmonctl system call (sys_perfmonctl) in Linux kernel 2.4.x and 2.6 before 2.6.18, when running on Itanium systems, does not properly track the reference count for file descriptors, which allows local users to cause a denial of service (file descrip... Read more

    Affected Products : linux_kernel enterprise_linux
    • Published: Oct. 10, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5155

    PHP remote file inclusion vulnerability in core/pdf.php in VideoDB 2.2.1 and earlier allows remote attackers to execute arbitrary PHP code via the config[pdf_module] parameter.... Read more

    Affected Products : videodb
    • Published: Oct. 05, 2006
    • Modified: Apr. 09, 2025

  • 6.4

    MEDIUM
    CVE-2006-5161

    IBM Client Security Password Manager stores and distributes saved passwords based upon the title of a website, which allows remote attackers to obtain username and password credentials by changing the title of an HTML page.... Read more

    Affected Products : client_security_password_manager
    • Published: Oct. 05, 2006
    • Modified: Apr. 09, 2025

  • 6.8

    MEDIUM
    CVE-2006-5152

    Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL that is returned in a large HTTP 404 error message without an explicit charset, a related issue ... Read more

    Affected Products : internet_explorer
    • Published: Oct. 05, 2006
    • Modified: Apr. 09, 2025

  • 8.1

    HIGH
    CVE-2006-5160

    Multiple unspecified vulnerabilities in Mozilla Firefox have unspecified vectors and impact, as claimed during ToorCon 2006. NOTE: the vendor and original researchers have released a follow-up comment disputing this issue, in which one researcher states ... Read more

    Affected Products : firefox
    • Published: Oct. 05, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5149

    Multiple directory traversal vulnerabilities in OpenBiblio before 0.5.2 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the page parameter to shared/help.php or (2) the tab parameter to shared/header.php.... Read more

    Affected Products : openbiblio
    • Published: Oct. 05, 2006
    • Modified: Apr. 09, 2025

  • 6.8

    MEDIUM
    CVE-2006-5164

    Multiple cross-site scripting (XSS) vulnerabilities in cart.php in Sum Effect Software digiSHOP 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) sortBy or (2) search parameters.... Read more

    Affected Products : digishop
    • Published: Oct. 05, 2006
    • Modified: Apr. 09, 2025

  • 5.0

    MEDIUM
    CVE-2006-5162

    wininet.dll in Microsoft Internet Explorer 6.0 SP2 and earlier allows remote attackers to cause a denial of service (unhandled exception and crash) via a long Content-Type header, which triggers a stack overflow.... Read more

    Affected Products : internet_explorer
    • Published: Oct. 05, 2006
    • Modified: Apr. 09, 2025

  • 5.1

    MEDIUM
    CVE-2006-5167

    Multiple PHP remote file inclusion vulnerabilities in BasiliX 1.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) BSX_LIBDIR parameter in scripts in /files/ including (a) abook.php3, (b) compose-attach.php3, (c) com... Read more

    Affected Products : basilix_webmail
    • Published: Oct. 05, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5145

    Multiple SQL injection vulnerabilities in OlateDownload 3.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) page parameter in details.php or the (2) query parameter in search.php.... Read more

    Affected Products : olatedownload
    • Published: Oct. 05, 2006
    • Modified: Apr. 09, 2025

  • 5.1

    MEDIUM
    CVE-2006-5165

    PHP remote file inclusion vulnerability in inc/functions.inc.php in Skrypty PPA Gallery 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the config[ppa_root_path] parameter.... Read more

    Affected Products : ppa_gallery
    • Published: Oct. 05, 2006
    • Modified: Apr. 09, 2025

  • 6.8

    MEDIUM
    CVE-2006-5144

    Cross-site scripting (XSS) vulnerability in userupload.php in OlateDownload 3.4.0 allows remote attackers to inject arbitrary web script or HTML via the description_small parameter.... Read more

    Affected Products : olatedownload
    • Published: Oct. 05, 2006
    • Modified: Apr. 09, 2025

  • 3.6

    LOW
    CVE-2006-5163

    IBM Informix Dynamic Server 10.UC3RC1 Trial for Linux and possibly other versions creates /tmp/installserver.txt with insecure permissions, which allows local users to append data to arbitrary files via a symlink attack.... Read more

    Affected Products : informix_dynamic_server
    • Published: Oct. 05, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5148

    Multiple PHP remote file inclusion vulnerabilities in Forum82 2.5.2b and earlier allow remote attackers to execute arbitrary PHP code via a URL in the repertorylevel parameter including scripts in /forum/ including (1) search.php, (2) message.php, (3) mem... Read more

    Affected Products : forum82
    • Published: Oct. 05, 2006
    • Modified: Apr. 09, 2025

  • 5.0

    MEDIUM
    CVE-2006-5153

    The (1) fwdrv.sys and (2) khips.sys drivers in Sunbelt Kerio Personal Firewall 4.3.268 and earlier do not validate arguments passed through to SSDT functions, including NtCreateFile, NtDeleteFile, NtLoadDriver, NtMapViewOfSection, NtOpenFile, and NtSetInf... Read more

    Affected Products : personal_firewall
    • Published: Oct. 05, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5154

    PHP remote file inclusion vulnerability in cp/sig.php in DeluxeBB 1.09 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the templatefolder parameter.... Read more

    Affected Products : deluxebb
    • Published: Oct. 05, 2006
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2006-5151

    Unspecified vulnerability in HP Ignite-UX server before C.6.9.150 for HP-UX B.11.00, B.11.11, and B.11.23 allows remote attackers to "gain root access" via unspecified vectors.... Read more

    Affected Products : hp-ux
    • Published: Oct. 05, 2006
    • Modified: Apr. 09, 2025
Showing 20 of 294850 Results