Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.8

    MEDIUM
    CVE-2006-4553

    PHP remote file inclusion vulnerability in plugin.class.php in the com_comprofiler Components 1.0 RC2 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.... Read more

    • Published: Sep. 06, 2006
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2006-4543

    Cross-site scripting (XSS) vulnerability in index.php in HLStats 1.34 allows remote attackers to inject arbitrary web script or HTML via the (1) game parameter in players mode, the (2) weapon parameter in weaponinfo mode, the (3) st parameter in search mo... Read more

    Affected Products : hlstats
    • Published: Sep. 06, 2006
    • Modified: Apr. 03, 2025

  • 6.5

    MEDIUM
    CVE-2006-4547

    Lyris ListManager 8.95 allows remote authenticated users to obtain sensitive information by attempting to add a user with a ' (single quote) character in the name, which reveals the details of the underlying SQL query, possibly because of a forced SQL err... Read more

    Affected Products : list_manager
    • Published: Sep. 06, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-4549

    CHXO Feedsplitter 2006-01-21 allows remote attackers to read the source code of feedsplitter.php via the showsource function. NOTE: this issue is not a vulnerability in standard distributions, but could be an issue if the source has been modified.... Read more

    Affected Products : feedsplitter
    • Published: Sep. 06, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-4548

    e107 0.75 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code via the tinyMCE_imglib_inclu... Read more

    Affected Products : e107
    • Published: Sep. 06, 2006
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2006-4554

    Stack-based buffer overflow in the ReadFile function in the ZOO-processing exports in the BeCubed Compression Plus before 5.0.1.28, as used in products including (1) Tumbleweed EMF, (2) VCOM/Ontrack PowerDesk Pro, (3) Canyon Drag and Zip, (4) Canyon Power... Read more

    Affected Products : compression_plus
    • Published: Sep. 06, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-4557

    PHP remote file inclusion vulnerability in plugins/plugins.php in Bob Jewell Discloser 0.0.4 allows remote attackers to execute arbitrary PHP code via a URL in the type parameter. NOTE: another researcher has stated that an attacker cannot control the ty... Read more

    Affected Products : discloser
    • Published: Sep. 06, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-2941

    Mailman before 2.1.9rc1 allows remote attackers to cause a denial of service via unspecified vectors involving "standards-breaking RFC 2231 formatted headers".... Read more

    Affected Products : enterprise_linux mailman
    • Published: Sep. 06, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-4095

    BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via certain SIG queries, which cause an assertion failure when multiple RRsets are returned.... Read more

    • Published: Sep. 06, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-4096

    BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via a flood of recursive queries, which cause an INSIST failure when the response is received after the recursion queue is empty.... Read more

    Affected Products : bind
    • Published: Sep. 06, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-4459

    Integer overflow in AnywhereUSB/5 1.80.00 allows local users to cause a denial of service (crash) via a 1 byte header size specified in the USB string descriptor.... Read more

    Affected Products : anywhere_usb5
    • Published: Sep. 06, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-4545

    PHP remote file inclusion vulnerability in ModuleBased CMS Pre-Alpha allows remote attackers to execute arbitrary PHP code via the _SERVER parameter in (1) admin/avatar.php, (2) libs/archive.class.php, (3) libs/login.php, (4) libs/profiles.class.php, and ... Read more

    Affected Products : modulebased_cms
    • Published: Sep. 06, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-4550

    Directory traversal vulnerability in CHXO Feedsplitter 2006-01-21 allows remote attackers to read arbitrary XML files via .. (dot dot) sequences in the format parameter with a leading ".", which bypasses a security check.... Read more

    Affected Products : feedsplitter
    • Published: Sep. 06, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-4562

    The proxy DNS service in Symantec Gateway Security (SGS) allows remote attackers to make arbitrary DNS queries to third-party DNS servers, while hiding the source IP address of the attacker. NOTE: another researcher has stated that the default configurat... Read more

    Affected Products : gateway_security
    • Published: Sep. 06, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-4560

    Internet Explorer 6 on Windows XP SP2 allows remote attackers to execute arbitrary JavaScript in the context of the browser's session with an arbitrary intranet web server, by hosting script on an Internet web server that can be made inaccessible by the a... Read more

    Affected Products : internet_explorer ie
    • Published: Sep. 06, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-4551

    Eval injection vulnerability in CHXO Feedsplitter 2006-01-21 allows remote attackers to execute arbitrary PHP code via (1) the file specified as the value of the format parameter, and possibly (2) the RSS feed.... Read more

    Affected Products : feedsplitter
    • Published: Sep. 06, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-4555

    Buffer overflow in the Retro64 / Miniclip CR64Loader ActiveX control allows remote attackers to execute arbitrary code via unspecified vectors involving an HTML document that references the CLSID of the control.... Read more

    Affected Products : cr64loader_activex_control
    • Published: Sep. 06, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-4559

    Multiple PHP remote file inclusion vulnerabilities in Yet Another Community System (YACS) CMS 6.6.1 allow remote attackers to execute arbitrary PHP code via a URL in the context[path_to_root] parameter in (1) articles/populate.php, (2) categories/category... Read more

    Affected Products : yet_another_community_system_cms
    • Published: Sep. 06, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-3126

    c2faxrecv in capi4hylafax 01.02.03 allows remote attackers to execute arbitrary commands via null (\0) and shell metacharacters in the TSI string, as demonstrated by a fax from an anonymous number.... Read more

    Affected Products : capi4hylafax
    • Published: Sep. 06, 2006
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2006-4552

    Cross-site scripting (XSS) vulnerability in CHXO Feedsplitter 2006-01-21 allows remote attackers to inject arbitrary web script or HTML via the RSS feed.... Read more

    Affected Products : feedsplitter
    • Published: Sep. 06, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 294283 Results