Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2006-5097

    PHP remote file inclusion vulnerability in index.php in net2ftp, possibly 0.1 through 0.62, allows remote attackers to execute arbitrary PHP code via a URL in the application_rootdir parameter. NOTE: this issue has been disputed by a third party researche... Read more

    Affected Products : net2ftp
    • Published: Sep. 29, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5093

    PHP remote file inclusion vulnerability in index.php in Tagmin Control Center in TagIt! Tagboard 2.1.B Build 2 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.... Read more

    Affected Products : tagmin_control_center
    • Published: Sep. 29, 2006
    • Modified: Apr. 09, 2025

  • 6.8

    MEDIUM
    CVE-2006-5096

    Multiple cross-site scripting (XSS) vulnerabilities in index.php in VirtueMart (formerly known as mambo-phpShop) Joomla! eCommerce Edition CMS 1.0.11, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the Itemid param... Read more

    • Published: Sep. 29, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5087

    Multiple PHP remote file inclusion vulnerabilities in evoBB 0.3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path parameter in (1) track.php or (2) connect.php.... Read more

    Affected Products : evobb
    • Published: Sep. 29, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5088

    PHP remote file inclusion vulnerability in connected_users.lib.php3 in phpHeaven phpMyChat 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the ChatPath parameter.... Read more

    Affected Products : phpmychat
    • Published: Sep. 29, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5092

    PHP remote file inclusion vulnerability in navigation/menu.php in A-Blog 2 allows remote attackers to execute arbitrary PHP code via a URL in the navigation_start parameter.... Read more

    Affected Products : a-blog
    • Published: Sep. 29, 2006
    • Modified: Apr. 09, 2025

  • 7.2

    HIGH
    CVE-2006-5091

    Unspecified vulnerability in HP-UX B.11.11 and B.11.23 CIFS Server (Samba) allows local users to gain privileges or obtain "unauthorized access" via unspecified vectors.... Read more

    Affected Products : hp-ux
    • Published: Sep. 29, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5089

    PHP remote file inclusion vulnerability in mybic_server.php in Jim Plush My-BIC 0.6.5 allows remote attackers to execute arbitrary PHP code via a URL in the file parameter. NOTE: the provenance of this information is unknown; the details are obtained fro... Read more

    Affected Products : my-bic
    • Published: Sep. 29, 2006
    • Modified: Apr. 09, 2025

  • 6.8

    MEDIUM
    CVE-2006-5090

    Multiple cross-site scripting (XSS) vulnerabilities in Phoenix Evolution CMS (PECMS) allow remote attackers to inject arbitrary web script or HTML via the (1) mod or (2) action parameters in index.php, or the (3) pageid parameter in modules/pageedit/index... Read more

    Affected Products : phoenix_evolution_cms
    • Published: Sep. 29, 2006
    • Modified: Apr. 09, 2025

  • 6.4

    MEDIUM
    CVE-2006-4247

    Unspecified vulnerability in the Password Reset Tool before 0.4.1 on Plone 2.5 and 2.5.1 Release Candidate allows attackers to reset the passwords of other users, related to "an erroneous security declaration."... Read more

    Affected Products : plone
    • Published: Sep. 29, 2006
    • Modified: Apr. 09, 2025

  • 5.0

    MEDIUM
    CVE-2006-4925

    packet.c in ssh in OpenSSH allows remote attackers to cause a denial of service (crash) by sending an invalid protocol sequence with USERAUTH_SUCCESS before NEWKEYS, which causes newkeys[mode] to be NULL.... Read more

    Affected Products : openssh
    • Published: Sep. 29, 2006
    • Modified: Apr. 09, 2025

  • 6.4

    MEDIUM
    CVE-2006-5086

    Blog Pixel Motion 2.1.1 allows remote attackers to change the username and password for the admin user via a direct request to insere_base.php with modified (1) login and (2) pass parameters. NOTE: this issue was claimed to be SQL injection by the origin... Read more

    Affected Products : pixel_motion_blog
    • Published: Sep. 29, 2006
    • Modified: Apr. 09, 2025

  • 5.1

    MEDIUM
    CVE-2006-5077

    PHP remote file inclusion vulnerability in admin/admin_topic_action_logging.php in Chris Smith Minerva Build 238 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.... Read more

    Affected Products : minerva
    • Published: Sep. 29, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5082

    Unspecified vulnerability in Sugar Suite Open Source (SugarCRM) before 4.2.1 Patch C (20060917) has unspecified impact, related to code execution, and unspecified attack vectors.... Read more

    Affected Products : sugar_suite
    • Published: Sep. 29, 2006
    • Modified: Apr. 09, 2025

  • 7.8

    HIGH
    CVE-2006-5073

    Unspecified vulnerability in Sun Solaris 8, 9 and 10 allows remote attackers to cause a denial of service (panic) via crafted IPv6 packets, a different vulnerability than CVE-2006-5013.... Read more

    Affected Products : solaris sunos
    • Published: Sep. 29, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5081

    PHP remote file inclusion vulnerability in acc.php in QuickBlogger (QB) 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.... Read more

    Affected Products : quickblogger
    • Published: Sep. 29, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5079

    PHP remote file inclusion vulnerability in class.mysql.php in Matt Humphrey paBugs 2.0 Beta 3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path_to_bt_dir parameter.... Read more

    Affected Products : pabugs
    • Published: Sep. 29, 2006
    • Modified: Apr. 09, 2025

  • 5.1

    MEDIUM
    CVE-2006-5074

    Cross-site scripting (XSS) vulnerability in home.php in PHP Invoice 2.2 allows remote attackers to inject arbitrary web script or HTML via the alert parameter.... Read more

    Affected Products : php_invoice
    • Published: Sep. 29, 2006
    • Modified: Apr. 09, 2025

  • 7.5

    HIGH
    CVE-2006-5076

    Multiple PHP remote file inclusion vulnerabilities in OpenConcept Back-End 0.4.5 allow remote attackers to execute arbitrary PHP code via a URL in the includes_path parameter in (1) admin/index.php, (2) Facts.php, or (3) search.php.... Read more

    Affected Products : back-end_cms
    • Published: Sep. 29, 2006
    • Modified: Apr. 09, 2025

  • 7.8

    HIGH
    CVE-2006-5075

    The Kernel SSL Proxy service (svc:/network/ssl/proxy) in Sun Solaris 10 before 20060926 allows remote attackers to cause a denial of service (system crash) via unspecified vectors related to an SSL client.... Read more

    Affected Products : solaris
    • Published: Sep. 29, 2006
    • Modified: Apr. 09, 2025
Showing 20 of 294846 Results