Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.0

    MEDIUM
    CVE-2006-4595

    muforum (µforum) 0.4c stores membres/members.dat under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as usernames and password hashes.... Read more

    Affected Products : muforum
    • Published: Sep. 07, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-4603

    NCH Swift Sound Web Dictate 1.02 allows remote attackers to bypass authentication via a null password.... Read more

    Affected Products : swift_sound_web_dictate
    • Published: Sep. 07, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-4621

    PHP remote file inclusion vulnerability in settings.php in Pheap 1.2, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the lpref parameter. NOTE: the provenance of this information is unknown; the details are obtai... Read more

    Affected Products : pheap_cms
    • Published: Sep. 07, 2006
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2006-4618

    PHP remote file inclusion vulnerability in adodb-postgres7.inc.php in John Lim ADOdb, possibly 4.01 and earlier, as used in Intechnic In-link 2.3.4, allows remote attackers to execute arbitrary PHP code via a URL in the ADODB_DIR parameter.... Read more

    Affected Products : adodb
    • Published: Sep. 07, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-4622

    PHP remote file inclusion vulnerability in annonce.php in AnnonceV (aka annoncesV) 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.... Read more

    Affected Products : annoncev
    • Published: Sep. 07, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-4612

    SQL injection vulnerability in ReplyNew.asp in ZIXForum 1.12 allows remote attackers to execute arbitrary SQL commands via the RepId parameter.... Read more

    Affected Products : zixforum
    • Published: Sep. 07, 2006
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2006-4609

    Multiple PHP remote file inclusion vulnerabilities in the Content Management module ("Content manager") for PHProjekt 0.6.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via the path_pre parameter in (1) cm_lib.in... Read more

    Affected Products : phpprojekt
    • Published: Sep. 07, 2006
    • Modified: Apr. 03, 2025

  • 7.8

    HIGH
    CVE-2006-4613

    Multiple unspecified vulnerabilities in SnapGear before 3.1.4u1 allow remote attackers to cause a denial of service via unspecified vectors involving (1) IPSec replay windows and (2) the use of vulnerable versions of ClamAV before 0.88.4. NOTE: it is pos... Read more

    • Published: Sep. 07, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-4605

    PHP remote file inclusion vulnerability in index.php in Longino Jacome php-Revista 1.1.2 allows remote attackers to execute arbitrary PHP code via the adodb parameter.... Read more

    Affected Products : jacome_php-revista
    • Published: Sep. 07, 2006
    • Modified: Apr. 03, 2025

  • 2.3

    LOW
    CVE-2006-4600

    slapd in OpenLDAP before 2.3.25 allows remote authenticated users with selfwrite Access Control List (ACL) privileges to modify arbitrary Distinguished Names (DN).... Read more

    Affected Products : openldap
    • Published: Sep. 07, 2006
    • Modified: Apr. 03, 2025

  • 9.0

    HIGH
    CVE-2006-4585

    SQL injection vulnerability in admin/editer.php in Tr Forum 2.0 allows remote authenticated users to execute arbitrary SQL commands via the id2 parameter. NOTE: this can be leveraged with other Tr Forum vulnerabilities to allow unauthenticated attackers ... Read more

    Affected Products : tr_forum
    • Published: Sep. 06, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-4588

    vtiger CRM 4.2.4, and possibly earlier, allows remote attackers to bypass authentication and access administrative modules via a direct request to index.php with a modified module parameter, as demonstrated using the Settings module.... Read more

    Affected Products : vtiger_crm
    • Published: Sep. 06, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-4590

    SQL injection vulnerability in admin/default.asp in Jetstat.com JS ASP Faq Manager 1.10 and earlier allows remote attackers to execute arbitrary SQL commands via the uid parameter, a different vector than CVE-2006-4463. NOTE: the provenance of this infor... Read more

    Affected Products : js_asp_faq_manager
    • Published: Sep. 06, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-4591

    Multiple PHP remote file inclusion vulnerabilities in AlstraSoft Template Seller, and possibly AltraSoft Template Seller Pro 3.25, allow remote attackers to execute arbitrary PHP code via a URL in the config[template_path] parameter to (1) payment/payment... Read more

    Affected Products : template_seller
    • Published: Sep. 06, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-4583

    Multiple PHP remote file inclusion vulnerabilities in FlashChat before 4.6.2 allow remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter in (1) inc/cmses/aedatingCMS.php, (2) inc/cmses/aedatingCMS2.php, or (3) inc/cmses/aedati... Read more

    Affected Products : flashchat
    • Published: Sep. 06, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-4594

    Multiple PHP remote file inclusion vulnerabilities in PHP Advanced Transfer Manager (phpAtm) 1.21 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the include_location parameter in (1) confirm.php or (2) login.php. NOTE: the ... Read more

    Affected Products : php_advanced_transfer_manager
    • Published: Sep. 06, 2006
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2006-4593

    Cross-site scripting (XSS) vulnerability in index.php in SoftBB 0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter.... Read more

    Affected Products : softbb
    • Published: Sep. 06, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-4584

    Tr Forum 2.0 allows remote attackers to bypass authentication and add an administrative account via the login and password parameters to admin/insert_admin.php.... Read more

    Affected Products : tr_forum
    • Published: Sep. 06, 2006
    • Modified: Apr. 03, 2025

  • 5.5

    MEDIUM
    CVE-2006-4586

    The admin panel in Tr Forum 2.0 accepts a username and password hash for authentication, which allows remote authenticated users to perform unauthorized actions, as demonstrated by modifying user settings via the id parameter to /membres/modif_profil.php,... Read more

    Affected Products : tr_forum
    • Published: Sep. 06, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-4589

    PHP remote file inclusion vulnerability in 0_admin/modules/Wochenkarte/frontend/index.php in DynCMS 6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the x_admindir parameter.... Read more

    Affected Products : dyncms
    • Published: Sep. 06, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 294632 Results