Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.0

    MEDIUM
    CVE-2006-3324

    The Automatic Downloading option in the id3 Quake 3 Engine and the Icculus Quake 3 Engine (ioquake3) before revision 804 allows remote attackers to overwrite arbitrary files in the quake3 directory (fs_homepath cvar) via a long string of filenames, as con... Read more

    Affected Products : quake_3_engine
    • Published: Jun. 30, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-3331

    Opera before 9.0 does not reset the SSL security bar after displaying a download dialog from an SSL-enabled website, which allows remote attackers to spoof a trusted SSL certificate from an untrusted website and facilitates phishing attacks.... Read more

    Affected Products : opera_browser
    • Published: Jun. 30, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-3329

    SQL injection vulnerability in search.php in PHP/MySQL Classifieds (PHP Classifieds) allows remote attackers to execute arbitrary SQL commands via the rate parameter.... Read more

    Affected Products : php_classifieds
    • Published: Jun. 30, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3333

    Cross-site scripting (XSS) vulnerability in index.php in Zorum Forum 3.5 allows remote attackers to inject web script or HTML via the multiple unspecified parameters, including the (1) frommethod, (2) list, and (3) method, which are reflected in an error ... Read more

    Affected Products : zorum
    • Published: Jun. 30, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-3334

    Buffer overflow in the png_decompress_chunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors related to "chunk error processing," pos... Read more

    Affected Products : libpng
    • Published: Jun. 30, 2006
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2006-3330

    Cross-site scripting (XSS) vulnerability in AddAsset1.php in PHP/MySQL Classifieds (PHP Classifieds) allows remote attackers to execute arbitrary SQL commands via the (1) ProductName ("Title" field), (2) url, and (3) Description parameters, possibly relat... Read more

    Affected Products : php_classifieds
    • Published: Jun. 30, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-2934

    SCTP conntrack (ip_conntrack_proto_sctp.c) in netfilter for Linux kernel 2.6.17 before 2.6.17.3 and 2.6.16 before 2.6.16.23 allows remote attackers to cause a denial of service (crash) via a packet without any chunks, which causes a variable to contain an... Read more

    Affected Products : linux_kernel enterprise_linux
    • Published: Jun. 30, 2006
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2006-3322

    SQL injection vulnerability in includes/functions_logging.php in phpRaid 3.0.5, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the log_hack function.... Read more

    Affected Products : phpraid
    • Published: Jun. 30, 2006
    • Modified: Apr. 03, 2025

  • 1.2

    LOW
    CVE-2006-3118

    spread uses a temporary file with a static filename based on the port number, which allows local users to cause a denial of service by creating the file during a race condition between unlink and bind function calls. NOTE: spread deletes this temporary f... Read more

    Affected Products : spread
    • Published: Jun. 30, 2006
    • Modified: Apr. 03, 2025

  • 7.6

    HIGH
    CVE-2006-2198

    OpenOffice.org (aka StarOffice) 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to conduct unauthorized activities via an OpenOffice document with a malicious BASIC macro, which is executed without prompting the user.... Read more

    Affected Products : enterprise_linux openoffice staroffice
    • Published: Jun. 30, 2006
    • Modified: Apr. 03, 2025

  • 7.6

    HIGH
    CVE-2006-2199

    Unspecified vulnerability in Java Applets in OpenOffice.org 1.1.x (aka StarOffice) up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to escape the Java sandbox and conduct unauthorized activities via certain applets in OpenOffice documents... Read more

    Affected Products : enterprise_linux openoffice staroffice
    • Published: Jun. 30, 2006
    • Modified: Apr. 03, 2025

  • 7.6

    HIGH
    CVE-2006-3117

    Heap-based buffer overflow in OpenOffice.org (aka StarOffice) 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to execute arbitrary code via a crafted OpenOffice XML document that is not properly handled by (1) Calc, (2) Draw, (3) I... Read more

    Affected Products : enterprise_linux openoffice staroffice
    • Published: Jun. 30, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-3321

    Multiple cross-site scripting (XSS) vulnerabilities in openforum.asp in OpenForum 1.2 Beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ofdisp and (2) ofmsgid parameters.... Read more

    Affected Products : openforum
    • Published: Jun. 30, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-3320

    Cross-site scripting (XSS) vulnerability in command.php in SiteBar 3.3.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the command parameter.... Read more

    Affected Products : sitebar
    • Published: Jun. 30, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-3319

    Cross-site scripting (XSS) vulnerability in rss/index.php in PHP iCalendar 2.22 and earlier allows remote attackers to inject arbitrary web script or HTML via the cal parameter.... Read more

    Affected Products : php_icalendar
    • Published: Jun. 30, 2006
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2006-1467

    Integer overflow in the AAC file parsing code in Apple iTunes before 6.0.5 on Mac OS X 10.2.8 or later, and Windows XP and 2000, allows remote user-assisted attackers to execute arbitrary code via an AAC (M4P, M4A, or M4B) file with a sample table size (S... Read more

    Affected Products : itunes
    • Published: Jun. 29, 2006
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2006-3115

    SQL injection vulnerability in view.php in phpRaid 3.0.4, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the raid_id parameter.... Read more

    Affected Products : phpraid
    • Published: Jun. 29, 2006
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2006-3317

    PHP remote file inclusion vulnerability in phpRaid 3.0.6 allows remote attackers to execute arbitrary code via a URL in the phpraid_dir parameter to (1) announcements.php and (2) rss.php, a different set of vectors and affected versions than CVE-2006-3316... Read more

    Affected Products : phpraid
    • Published: Jun. 29, 2006
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2006-3116

    Multiple PHP remote file inclusion vulnerabilities in phpRaid 3.0.4 and 3.0.5 allow remote attackers to execute arbitrary code via a URL in the phpraid_dir parameter to (1) configuration.php, (3) guilds.php, (4) index.php, (5) locations.php, (6) login.php... Read more

    Affected Products : phpraid
    • Published: Jun. 29, 2006
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2006-3318

    SQL injection vulnerability in register.php for phpRaid 3.0.6 and possibly other versions, when the authorization type is phpraid, allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) email parameters.... Read more

    Affected Products : phpraid
    • Published: Jun. 29, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 293947 Results