Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2006-4456

    PHP remote file inclusion vulnerability in functions.php in phpECard 2.1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter.... Read more

    Affected Products : phpecard
    • Published: Aug. 31, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-4457

    PHP remote file inclusion vulnerability in index.php in phpECard 2.1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter. NOTE: the provenance of this information is unknown; the details are obtaine... Read more

    Affected Products : phpecard
    • Published: Aug. 31, 2006
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2006-4458

    Directory traversal vulnerability in calendar/inc/class.holidaycalc.inc.php in phpGroupWare 0.9.16.010 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) sequence and trailing null (%00) byte in the GLOBALS[phpgw_info]... Read more

    Affected Products : phpgroupware
    • Published: Aug. 31, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-4244

    SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying that the value of the sql-ledger-[username] cookie matches the value of the sessionid parameter, which allows remote attackers to gain access as any logged-in user by setting the cookie and ... Read more

    Affected Products : sql-ledger
    • Published: Aug. 31, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-4453

    Cross-site scripting (XSS) vulnerability in PmWiki before 2.1.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "table markups".... Read more

    Affected Products : pmwiki
    • Published: Aug. 30, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-4452

    PHP remote file inclusion vulnerability in security/include/_class.security.php in Web3news 0.95 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the PHPSECURITYADMIN_PATH parameter.... Read more

    Affected Products : web3news
    • Published: Aug. 30, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-4454

    Cross-site scripting (XSS) vulnerability in hlstats.php in HLstats 1.34 allows remote attackers to inject arbitrary web script or HTML via the q parameter.... Read more

    Affected Products : hlstats
    • Published: Aug. 30, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-4455

    Unspecified vulnerability in Xchat 2.6.7 and earlier allows remote attackers to cause a denial of service (crash) via unspecified vectors involving the PRIVMSG command. NOTE: the vendor has disputed this vulnerability, stating that it does not affect 2.6... Read more

    Affected Products : xchat
    • Published: Aug. 30, 2006
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2006-4449

    Cross-site scripting (XSS) vulnerability in attachment.php in MyBulletinBoard (MyBB) 1.1.7 and possibly other versions allows remote attackers to inject arbitrary web script or HTML via a GIF image that contains URL-encoded Javascript, which is rendered b... Read more

    Affected Products : mybulletinboard
    • Published: Aug. 30, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-4446

    Heap-based buffer overflow in DirectAnimation.PathControl COM object (daxctle.ocx) in Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a Spline function call whose first argum... Read more

    Affected Products : internet_explorer ie
    • Published: Aug. 30, 2006
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2006-4447

    X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls t... Read more

    • Published: Aug. 30, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-4451

    Direct static code injection vulnerability in CJ Tag Board 3.0 allows remote attackers to execute arbitrary PHP code via the (1) User-Agent HTTP header in tag.php, which is executed by all.php, and (2) the banned parameter in admin_index.php.... Read more

    Affected Products : cj_tag_board
    • Published: Aug. 30, 2006
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2006-4448

    Multiple PHP remote file inclusion vulnerabilities in interact 2.2, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) CONFIG[BASE_PATH] parameter in (a) admin/autoprompter.php and (b) includes/comm... Read more

    Affected Products : interact
    • Published: Aug. 30, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2006-4305

    Buffer overflow in SAP DB and MaxDB before 7.6.00.30 allows remote attackers to execute arbitrary code via a long database name when connecting via a WebDBM client.... Read more

    Affected Products : maxdb sap-db
    • Published: Aug. 30, 2006
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2006-4450

    usercp_avatar.php in PHPBB 2.0.20, when avatar uploading is enabled, allows remote attackers to use the server as a web proxy by submitting a URL to the avatarurl parameter, which is then used in an HTTP GET request.... Read more

    Affected Products : phpbb phpbb
    • Published: Aug. 30, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-4445

    Multiple PHP remote file inclusion vulnerabilities in CuteNews 1.3.x allow remote attackers to execute arbitrary PHP code via a URL in the cutepath parameter to (1) show_news.php or (2) search.php. NOTE: CVE analysis as of 20060829 has not identified any... Read more

    Affected Products : cutenews
    • Published: Aug. 29, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-4441

    Multiple PHP remote file inclusion vulnerabilities in Ay System Solutions CMS 2.6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path[ShowProcessHandle] parameter to (1) home.php or (2) impressum.php. NOTE: the provenan... Read more

    Affected Products : ay_system_solutions_cms
    • Published: Aug. 29, 2006
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2006-4439

    pkgadd in Sun Solaris 10 before 20060825 installs files with insecure file and directory permissions (755 or 777) if the pkgmap file contains a "?" (question mark) in the mode field, which allows local users to modify arbitrary files or directories, a dif... Read more

    Affected Products : solaris
    • Published: Aug. 29, 2006
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2006-4442

    Cross-site scripting (XSS) vulnerability in PHP iAddressBook before 0.95 allows remote attackers to inject arbitrary web script or HTML via the cat_name parameter, related to adding a category. (categories field). NOTE: some details are obtained from thi... Read more

    Affected Products : php_iaddressbook
    • Published: Aug. 29, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-4443

    PHP remote file inclusion vulnerability in myajaxphp.php in AlstraSoft Video Share Enterprise allows remote attackers to execute arbitrary PHP code via a URL in the config[BASE_DIR] parameter.... Read more

    Affected Products : video_share_enterprise
    • Published: Aug. 29, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 294289 Results