Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2006-1381

    Trend Micro OfficeScan 5.5, and probably other versions before 6.5, uses insecure DACLs for critical files, which allows local users to gain SYSTEM privileges by modifying tmlisten.exe.... Read more

    Affected Products : officescan
    • Published: Mar. 24, 2006
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2006-1379

    Trend Micro PC-cillin Internet Security 2006 14.00.1485 and 14.10.0.1023, uses insecure DACLs for critical files, which allows local users to gain SYSTEM privileges by modifying executable programs such as (1) tmntsrv.exe and (2) tmproxy.exe.... Read more

    Affected Products : pc-cillin_2006
    • Published: Mar. 24, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-1373

    Cross-site scripting (XSS) vulnerability in status_image.php in PHP Live! 3.0 allows remote attackers to inject arbitrary web script or HTML via the base_url parameter.... Read more

    Affected Products : php_live
    • Published: Mar. 24, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-1374

    SQL injection vulnerability in viewStatement.php in AdMan 1.0.20051221 and earlier allows remote attackers to execute arbitrary SQL commands via the transactions_offset parameter.... Read more

    Affected Products : adman
    • Published: Mar. 24, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-1372

    Multiple SQL injection vulnerabilities in 1WebCalendar 4.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) EventID parameter in viewEvent.cfm, (2) NewsID parameter in newsView.cfm, or (3) ThisDate parameter in mainCal.cfm.... Read more

    Affected Products : 1webcalendar
    • Published: Mar. 24, 2006
    • Modified: Apr. 03, 2025

  • 4.9

    MEDIUM
    CVE-2006-1378

    PasswordSafe 3.0 beta, when running on Windows before XP, uses a weak random number generator (C++ rand function) during generation of the database encryption key, which makes it easier for attackers to decrypt the database and steal passwords by generati... Read more

    Affected Products : password_safe
    • Published: Mar. 24, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-1377

    Cross-site scripting (XSS) vulnerability in img.php in (1) EasyMoblog 0.5.1 and (2) CoMoblog 1.1 allows remote attackers to inject arbitrary web script or HTML via the i parameter.... Read more

    Affected Products : comoblog easymoblog
    • Published: Mar. 24, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-1375

    AdMan 1.0.20051221 and earlier allows remote attackers to obtain the full path via (1) a blank campaignId parameter to editCampaign.php and (2) a blank schemeId parameter to viewPricingScheme.php.... Read more

    Affected Products : adman
    • Published: Mar. 24, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2006-1376

    The installation of Debian GNU/Linux 3.1r1 from the network install CD creates /var/log/debian-installer/cdebconf with world writable permissions, which allows local users to cause a denial of service (disk consumption).... Read more

    Affected Products : debian_linux
    • Published: Mar. 24, 2006
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2006-1369

    Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) 2.1.5 and earlier before 20060308 allows remote attackers to inject arbitrary web script or HTML via a Private Message (PM) in certain circumstances.... Read more

    Affected Products : invision_power_board
    • Published: Mar. 23, 2006
    • Modified: Apr. 03, 2025

  • 9.3

    HIGH
    CVE-2006-0323

    Buffer overflow in swfformat.dll in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, Rhapsody 3, and Helix Player allows remote attackers to execute arbitrary code via a crafted SWF (Flash) file with (1) a size value ... Read more

    • Published: Mar. 23, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2006-1368

    Buffer overflow in the USB Gadget RNDIS implementation in the Linux kernel before 2.6.16 allows remote attackers to cause a denial of service (kmalloc'd memory corruption) via a remote NDIS response to OID_GEN_SUPPORTED_LIST, which causes memory to be all... Read more

    Affected Products : linux_kernel
    • Published: Mar. 23, 2006
    • Modified: Apr. 03, 2025

  • 7.8

    HIGH
    CVE-2006-1366

    Buffer overflow in the Motorola PEBL U6 08.83.76R, and possibly other Motorola P2K-based phones, allows remote attackers to cause a denial of service (device shutdown), and possibly execute arbitrary code, via a long OBEX setpath to the OBEX File Transfer... Read more

    Affected Products : pebl_u6
    • Published: Mar. 23, 2006
    • Modified: Apr. 03, 2025

  • 9.0

    HIGH
    CVE-2006-1371

    Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5 and earlier allows remote authenticated users to use the HTMLArea FileManager plugin to upload and execute arbitrary PHP files using (1) manager.php, (2) standalonemanager.php, and (3) images.php.... Read more

    Affected Products : cms
    • Published: Mar. 23, 2006
    • Modified: Apr. 03, 2025

  • 9.3

    HIGH
    CVE-2006-1370

    Buffer overflow in RealNetworks RealPlayer 10.5 6.0.12.1040 through 6.0.12.1348, RealPlayer 10, RealOne Player v2, RealOne Player v1, RealPlayer 8, and RealPlayer Enterprise before 20060322 allows remote attackers to have an unknown impact via a malicious... Read more

    Affected Products : realplayer realone_player
    • Published: Mar. 23, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-1365

    The Motorola PEBL U6, the Motorola V600, and possibly the Motorola E398 and other Motorola phones allow remote attackers to add an entry for their own Bluetooth device to a target device's list of trusted devices (aka Device History), and possibly obtain ... Read more

    Affected Products : e398 pebl_u6 v600
    • Published: Mar. 23, 2006
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2006-1367

    The Motorola PEBL U6 08.83.76R, the Motorola V600, and possibly the Motorola E398 and other Motorola P2K-based phones does not require pairing for a connection related to the Headset Audio Gateway service, which allows user-assisted remote attackers to ob... Read more

    Affected Products : pebl_u6 v600
    • Published: Mar. 23, 2006
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2006-1283

    opiepasswd in One-Time Passwords in Everything (OPIE) in FreeBSD 4.10-RELEASE-p22 through 6.1-STABLE before 20060322 uses the getlogin function to determine the invoking user account, which might allow local users to configure OPIE access to the root acco... Read more

    Affected Products : freebsd
    • Published: Mar. 23, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-0999

    The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server (OES) allows a client to force the server to use weak encryption by stating that a weak cipher is required for client compatibility, which might allow remote... Read more

    Affected Products : netware open_enterprise_server
    • Published: Mar. 23, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-1363

    images.php in Justin White (aka YTZ) Free Web Publishing System (FreeWPS) 2.11 allows remote attackers to execute arbitrary PHP code by uploading a .php file into the /upload directory as specified in the dirPath parameter, then performing a direct reques... Read more

    Affected Products : freewps
    • Published: Mar. 23, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 293577 Results