Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2006-3292

    SQL injection vulnerability in the Search gadget in Jaws 0.6.2 allows remote attackers to execute arbitrary SQL commands via queries with the "LIKE" keyword in the searchdata parameter (search field).... Read more

    Affected Products : jaws
    • Published: Jun. 28, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-3290

    HTTP server in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames and directory paths via a direct UR... Read more

    Affected Products : wireless_control_system
    • Published: Jun. 28, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-3287

    Cisco Wireless Control System (WCS) for Linux and Windows 4.0(1) and earlier uses a default administrator username "root" and password "public," which allows remote attackers to gain access (aka bug CSCse21391).... Read more

    Affected Products : wireless_control_system
    • Published: Jun. 28, 2006
    • Modified: Apr. 03, 2025

  • 9.3

    HIGH
    CVE-2006-3291

    The web interface on Cisco IOS 12.3(8)JA and 12.3(8)JA1, as used on the Cisco Wireless Access Point and Wireless Bridge, reconfigures itself when it is changed to use the "Local User List Only (Individual Passwords)" setting, which removes all security an... Read more

    Affected Products : ios
    • Published: Jun. 28, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-3270

    SQL injection vulnerability in cms_admin.php in THoRCMS 1.3.1 allows remote attackers to execute arbitrary SQL commands via multiple unspecified parameters, such as the add_link_mid parameter. NOTE: the provenance of this information is unknown; portions... Read more

    Affected Products : thorcms
    • Published: Jun. 28, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-3272

    Cross-site request forgery (CSRF) vulnerability in menu.php in Some Chess 1.5 rc2 allows remote attackers to conduct actions as another user, such as changing usernames and passwords, via unspecified vectors. NOTE: the provenance of this information is u... Read more

    Affected Products : some_chess
    • Published: Jun. 28, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3284

    Cross-site scripting (XSS) vulnerability in Dating Agent PRO 4.7.1 allows remote attackers to inject arbitrary web script or HTML via the login parameter in (1) webmaster/index.php and (2) search.php.... Read more

    Affected Products : dating_agent_pro
    • Published: Jun. 28, 2006
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2006-3269

    PHP remote file inclusion vulnerability in includes/functions_cms.php in THoRCMS 1.3.1 allows remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter.... Read more

    Affected Products : thorcms
    • Published: Jun. 28, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-3282

    requirements.php in Dating Agent PRO 4.7.1 allows remote attackers to obtain sensitive information via a direct request, which calls the phpinfo function.... Read more

    Affected Products : dating_agent_pro
    • Published: Jun. 28, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-3283

    SQL injection vulnerability in Dating Agent PRO 4.7.1 allows remote attackers to execute arbitrary SQL commands via the (1) pid parameter in picture.php, (2) mid parameter in mem.php, and the (3) sex and (4) relationship parameters in search.php.... Read more

    Affected Products : dating_agent_pro
    • Published: Jun. 28, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-3271

    Multiple SQL injection vulnerabilities in Softbiz Dating 1.0 allow remote attackers to execute SQL commands via the (1) country and (2) sort_by parameters in (a) search_results.php; (3) browse parameter in (b) featured_photos.php; (4) cid parameter in (c)... Read more

    Affected Products : dating_script
    • Published: Jun. 28, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-3275

    SQL injection vulnerability in profile.php in YaBB SE 1.5.5 and earlier allows remote attackers to execute SQL commands via a double-encoded user parameter in a viewprofile action.... Read more

    Affected Products : yabb
    • Published: Jun. 28, 2006
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2006-3281

    Microsoft Internet Explorer 6.0 does not properly handle Drag and Drop events, which allows remote user-assisted attackers to execute arbitrary code via a link to an SMB file share with a filename that contains encoded ..\ (%2e%2e%5c) sequences and whose ... Read more

    Affected Products : internet_explorer
    • Published: Jun. 28, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-3274

    Directory traversal vulnerability in Webmin before 1.280, when run on Windows, allows remote attackers to read arbitrary files via \ (backslash) characters in the URL to certain directories under the web root, such as the image directory.... Read more

    Affected Products : webmin
    • Published: Jun. 28, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-3285

    The internal database in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) uses an undocumented, hard-coded username and password, which allows remote authenticated users to read, and possibly modify, sensitive configuration data (a... Read more

    Affected Products : wireless_control_system
    • Published: Jun. 28, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-3279

    Cross-site scripting (XSS) vulnerability in aeDating 4.1 allows remote attackers to inject arbitrary web script or HTML via the (1) Sex parameter in index.php, (2) ProfileType parameter in join_form.php, and (3) Email parameter in forgot.php.... Read more

    Affected Products : aedating
    • Published: Jun. 28, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-3280

    Cross-domain vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Lo... Read more

    Affected Products : internet_explorer
    • Published: Jun. 28, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-3277

    The SMTP service of MailEnable Standard 1.92 and earlier, Professional 2.0 and earlier, and Enterprise 2.0 and earlier before the MESMTPC hotfix, allows remote attackers to cause a denial of service (application crash) via a HELO command with a null byte ... Read more

    • Published: Jun. 28, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3278

    Cross-site scripting (XSS) vulnerability in H-Sphere 2.5.1 Beta 1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) next_template, (2) start, (3) curr_menu_id, and (4) arid parameters in psoft/servlet/resadmin/psoft.hs... Read more

    Affected Products : h-sphere
    • Published: Jun. 28, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3273

    Cross-site scripting (XSS) vulnerability in menu.php in Some Chess 1.5 rc1 allows remote attackers to inject arbitrary web script or HTML via the user parameter ("New Name" field).... Read more

    Affected Products : some_chess
    • Published: Jun. 28, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 293781 Results