Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.4

    MEDIUM
    CVE-2006-3753

    setcookie.php for the administration login in Professional Home Page Tools Guestbook records the hash of the administrator password in a cookie, which allows attackers to conduct brute force password guessing attacks after obtaining the hash.... Read more

    • Published: Jul. 21, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-3763

    SQL injection vulnerability in category.php in Diesel Joke Site allows remote attackers to execute arbitrary SQL commands via the id parameter.... Read more

    Affected Products : diesel_joke_site
    • Published: Jul. 21, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-3766

    Darren's $5 Script Archive osDate 1.1.7 and earlier allows users to boost their own ratings via a txtrating parameter with a score greater than the intended maximum of 10.... Read more

    Affected Products : osdate
    • Published: Jul. 21, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-3759

    Unspecified vulnerability in MyBB (aka MyBulletinBoard) 1.1.4, related has unspecified impact and attack vectors related to "user group manipulation."... Read more

    Affected Products : mybulletinboard
    • Published: Jul. 21, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-3631

    Unspecified vulnerability in the SSH dissector in Wireshark (aka Ethereal) 0.9.10 to 0.99.0 allows remote attackers to cause a denial of service (infinite loop) via unknown attack vectors.... Read more

    Affected Products : enterprise_linux wireshark
    • Published: Jul. 21, 2006
    • Modified: Apr. 03, 2025

  • 3.6

    LOW
    CVE-2006-3589

    vmware-config.pl in VMware for Linux, ESX Server 2.x, and Infrastructure 3 does not check the return code from a Perl chmod function call, which might cause an SSL key file to be created with an unsafe umask that allows local users to read or modify the S... Read more

    • Published: Jul. 21, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-3689

    PHP remote file inclusion vulnerability in user-func.php in Codeworks Gnomedia SubberZ[Lite] allows remote attackers to execute arbitrary PHP code via a URL in the myadmindir parameter. NOTE: this issue has been disputed by a third party that claims that... Read more

    Affected Products : gnomedia_subberz
    • Published: Jul. 21, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-3686

    Unspecified vulnerability in [SYSEXE]SMPUTIL.EXE in HP OpenVMS 7.3-2 allows local users and "remote users" to cause a denial of service (crash).... Read more

    Affected Products : openvms openvms
    • Published: Jul. 21, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-3627

    Unspecified vulnerability in the GSM BSSMAP dissector in Wireshark (aka Ethereal) 0.10.11 to 0.99.0 allows remote attackers to cause a denial of service (crash) via unspecified vectors.... Read more

    Affected Products : enterprise_linux wireshark
    • Published: Jul. 21, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-3756

    Cross-site scripting (XSS) vulnerability in Geeklog 1.4.0sr4 and earlier, and 1.3.11sr6 and earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors when validating comments in (1) lib-comment.php (1.4.0sr4) or (2) c... Read more

    Affected Products : geeklog
    • Published: Jul. 21, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-3630

    Multiple off-by-one errors in Wireshark (aka Ethereal) 0.9.7 to 0.99.0 have unknown impact and remote attack vectors via the (1) NCP NMAS and (2) NDPS dissectors.... Read more

    Affected Products : enterprise_linux wireshark
    • Published: Jul. 21, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-3761

    Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.0 RC2 through 1.1.4 allows remote attackers to inject arbitrary web script or HTML via a javascript URI with an SGML numeric character reference in the url ... Read more

    Affected Products : mybulletinboard
    • Published: Jul. 21, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-3679

    FatWire Content Server 5.5.0 allows remote attackers to bypass access restrictions and obtain administrative privileges via unspecified attack vectors in the authentication process.... Read more

    Affected Products : fatwire_content_server
    • Published: Jul. 21, 2006
    • Modified: Apr. 03, 2025

  • 9.3

    HIGH
    CVE-2006-3730

    Integer overflow in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a 0x7fffffff argument to the setSlice method on a WebViewFolderIcon ActiveX object, which leads... Read more

    Affected Products : internet_explorer windows_xp ie
    • Published: Jul. 21, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3681

    Multiple cross-site scripting (XSS) vulnerabilities in awstats.pl in AWStats 6.5 build 1.857 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) refererpagesfilter, (2) refererpagesfilterex, (3) urlfilterex, (4) urlfilter... Read more

    Affected Products : awstats awstats
    • Published: Jul. 21, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2006-3717

    Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.9 have unknown impact and attack vectors, aka Oracle Vuln# (1) APPS03 and (2) APPS04 for Oracle Application Object Library; and (3) APPS20 for Oracle XML Gateway.... Read more

    Affected Products : e-business_suite
    • Published: Jul. 21, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-3732

    Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.1 ships with an Oracle database that contains several default accounts and passwords, which allows attackers to obtain sensitive information.... Read more

    Affected Products : cs-mars
    • Published: Jul. 21, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-3683

    PHP remote file inclusion vulnerability in poll.php in Flipper Poll 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter.... Read more

    Affected Products : flipper_poll
    • Published: Jul. 21, 2006
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2006-3728

    Unspecified vulnerability in the kernel in Solaris 10 with patch 118822-29 (118844-29 on x86) and without patch 118833-11 (118855-08) allows remote authenticated users to cause a denial of service via unspecified vectors that lead to "kernel data structur... Read more

    Affected Products : solaris sunos
    • Published: Jul. 21, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-3692

    PHP remote file inclusion vulnerability in enduser/listmessenger.php in ListMessenger 0.9.3 allows remote attackers to execute arbitrary PHP code via a URL in the lm_path parameter. NOTE: the vendor has disputed this issue to SecurityTracker, stating tha... Read more

    Affected Products : listmessenger
    • Published: Jul. 21, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 294157 Results