Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.0

    MEDIUM
    CVE-2006-4420

    Directory traversal vulnerability in include_lang.php in Phaos 0.9.2 allows remote attackers to include arbitrary local files via ".." sequences in the lang parameter.... Read more

    Affected Products : phaos
    • Published: Aug. 28, 2006
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2006-4416

    Untrusted search path vulnerability in the mkvg command in IBM AIX 5.2 and 5.3 allows local users to gain privileges by modifying the path to point to a malicious (1) chdev, (2) mkboot, (3) varyonvg, or (4) varyoffvg program.... Read more

    Affected Products : aix
    • Published: Aug. 28, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2006-4380

    MySQL before 4.1.13 allows local users to cause a denial of service (persistent replication slave crash) via a query with multiupdate and subselects.... Read more

    Affected Products : mysql
    • Published: Aug. 28, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-4355

    Cross-site scripting (XSS) vulnerability in Drupal Easylinks Module (easylinks.module) 4.7 before 1.5.2.1 2006/08/19 12:02:27 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : drupal_easylinks_module
    • Published: Aug. 27, 2006
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2006-4359

    Stack-based buffer overflow in Trident Software PowerZip 7.06 Build 3895 on Windows 2000 allows remote attackers to execute arbitrary code via a ZIP archive containing a long filename.... Read more

    Affected Products : powerzip
    • Published: Aug. 27, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-4354

    PHP remote file inclusion vulnerability in e/class/CheckLevel.php in Phome Empire CMS 3.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the check_path parameter.... Read more

    Affected Products : phome_empire_cms
    • Published: Aug. 27, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-4364

    Multiple heap-based buffer overflows in the POP3 server in Alt-N Technologies MDaemon before 9.0.6 allow remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via long strings that contain '@' characters in the (... Read more

    Affected Products : mdaemon
    • Published: Aug. 27, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-4357

    PHP remote file inclusion vulnerability in clients/index.php in Diesel Smart Traffic allows remote attackers to execute arbitrary PHP code via a URL in the src parameter.... Read more

    Affected Products : diesel_smart_traffic
    • Published: Aug. 27, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-4361

    Multiple cross-site scripting (XSS) vulnerabilities in jobseekers/forgot.php in Diesel Job Site allow remote attackers to inject arbitrary web script or HTML via the (1) uname or (2) SEmail parameters.... Read more

    Affected Products : diesel_job_site
    • Published: Aug. 27, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-4358

    Cross-site scripting (XSS) vulnerability in index.php in Diesel Pay allows remote attackers to inject arbitrary web script or HTML via the read parameter.... Read more

    Affected Products : diesel_pay
    • Published: Aug. 27, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-4363

    PHP remote file inclusion vulnerability in admin.cropcanvas.php in the CropImage component (com_cropimage) 1.0 for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the cropimagedir parameter.... Read more

    Affected Products : cropimage_component
    • Published: Aug. 27, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-4362

    Cross-site scripting (XSS) vulnerability in getad.php in Diesel Paid Mail allows remote attackers to inject arbitrary web script or HTML via the ps parameter.... Read more

    Affected Products : diesel_paid_mail
    • Published: Aug. 27, 2006
    • Modified: Apr. 03, 2025

  • 3.5

    LOW
    CVE-2006-4360

    Cross-site scripting (XSS) vulnerability in E-commerce 4.7 for Drupal before file.module 1.37.2.4 (20060812) allows remote authenticated users with the "create products" permission to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : drupal_e-commerce_module
    • Published: Aug. 27, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-4356

    SQL injection vulnerability in Drupal Easylinks Module (easylinks.module) 4.7 before 1.5.2.1 2006/08/19 12:02:27 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.... Read more

    Affected Products : drupal_easylinks_module
    • Published: Aug. 27, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-4377

    Multiple SQL injection vulnerabilities in Guder und Koch Netzwerktechnik Eichhorn Portal allow remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly including the (1) profil_nr and (2) sprache parameters in the main portion ... Read more

    Affected Products : eichhorn_portal
    • Published: Aug. 26, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-4372

    PHP remote file inclusion vulnerability in admin.lurm_constructor.php in the Lurm Constructor component (com_lurm_constructor) 0.6b and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the lm_absolute_path parameter.... Read more

    Affected Products : constructor_component
    • Published: Aug. 26, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-4375

    PHP remote file inclusion vulnerability in contxtd.class.php in the Contacts XTD (ContXTD) component for Mambo (com_contxtd) allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: another researche... Read more

    Affected Products : contacts_xtd_component
    • Published: Aug. 26, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-4367

    SQL injection vulnerability in alltopics.php in the All Topics Hack 1.5.0 and earlier for phpBB 2.0.21 allows remote attackers to execute arbitrary SQL commands via the start parameter.... Read more

    Affected Products : all_topics_hack
    • Published: Aug. 26, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-3124

    Buffer overflow in the HTTP header parsing in Streamripper before 1.61.26 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted HTTP headers.... Read more

    Affected Products : streamripper
    • Published: Aug. 26, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-4365

    Multiple PHP remote file inclusion vulnerabilities in VistaBB 2.0.33 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter in (1) includes/functions_mod_user.php or (2) includes/functions_portal.php.... Read more

    Affected Products : vistabb
    • Published: Aug. 26, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 294848 Results