Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.0

    MEDIUM
    CVE-2006-1391

    The (a) Quick 'n Easy Web Server before 3.1.1 and (b) Baby ASP Web Server 2.7.2 allows remote attackers to obtain the source code of ASP files via (1) . (dot) and (2) space characters in the extension of a URL.... Read more

    • Published: Mar. 25, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-1388

    Unspecified vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to execute HTA files via unknown vectors.... Read more

    Affected Products : internet_explorer ie
    • Published: Mar. 24, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-0816

    Orion Application Server before 2.0.7, when running on Windows, allows remote attackers to obtain the source code of JSP files via (1) . (dot) and (2) space characters in the extension of a URL.... Read more

    Affected Products : orion_application_server
    • Published: Mar. 24, 2006
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2006-1380

    ISNTSmtp directory in Trend Micro InterScan Messaging Security Suite (IMSS) 5.5 build 1183 and possibly other versions before 5.7.0.1121, uses insecure DACLs for critical files, which allows local users to gain SYSTEM privileges by modifying ISNTSysMonito... Read more

    • Published: Mar. 24, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-1384

    Cross-site scripting (XSS) vulnerability in apwc_win_main.jsp in the web console in IBM Tivoli Business Systems Manager (TBSM) before 3.1.0.1 allows remote attackers to inject arbitrary web script or HTML via the skin parameter.... Read more

    Affected Products : tivoli_business_systems_manager
    • Published: Mar. 24, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-1382

    PHP remote file inclusion vulnerability in impex/ImpExData.php in vBulletin ImpEx module 1.74, when register_globals is disabled, allows remote attackers to include arbitrary files via the systempath parameter.... Read more

    Affected Products : impex
    • Published: Mar. 24, 2006
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2006-1383

    Directory traversal vulnerability in Baby FTP Server (BabyFTP) 1.24 allows remote authenticated users to determine existence of files outside the intended document root via unspecified manipulations, which generate different error messages depending on wh... Read more

    Affected Products : baby_ftp_server
    • Published: Mar. 24, 2006
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2006-1385

    Stack-based buffer overflow in the parseTaggedData function in WavePacket.mm in KisMAC R54 through R73p allows remote attackers to execute arbitrary code via multiple SSIDs in a Cisco vendor tag in a 802.11 management frame.... Read more

    Affected Products : kismac
    • Published: Mar. 24, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2006-1381

    Trend Micro OfficeScan 5.5, and probably other versions before 6.5, uses insecure DACLs for critical files, which allows local users to gain SYSTEM privileges by modifying tmlisten.exe.... Read more

    Affected Products : officescan
    • Published: Mar. 24, 2006
    • Modified: Apr. 03, 2025

  • 7.2

    HIGH
    CVE-2006-1379

    Trend Micro PC-cillin Internet Security 2006 14.00.1485 and 14.10.0.1023, uses insecure DACLs for critical files, which allows local users to gain SYSTEM privileges by modifying executable programs such as (1) tmntsrv.exe and (2) tmproxy.exe.... Read more

    Affected Products : pc-cillin_2006
    • Published: Mar. 24, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-1373

    Cross-site scripting (XSS) vulnerability in status_image.php in PHP Live! 3.0 allows remote attackers to inject arbitrary web script or HTML via the base_url parameter.... Read more

    Affected Products : php_live
    • Published: Mar. 24, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-1374

    SQL injection vulnerability in viewStatement.php in AdMan 1.0.20051221 and earlier allows remote attackers to execute arbitrary SQL commands via the transactions_offset parameter.... Read more

    Affected Products : adman
    • Published: Mar. 24, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-1372

    Multiple SQL injection vulnerabilities in 1WebCalendar 4.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) EventID parameter in viewEvent.cfm, (2) NewsID parameter in newsView.cfm, or (3) ThisDate parameter in mainCal.cfm.... Read more

    Affected Products : 1webcalendar
    • Published: Mar. 24, 2006
    • Modified: Apr. 03, 2025

  • 4.9

    MEDIUM
    CVE-2006-1378

    PasswordSafe 3.0 beta, when running on Windows before XP, uses a weak random number generator (C++ rand function) during generation of the database encryption key, which makes it easier for attackers to decrypt the database and steal passwords by generati... Read more

    Affected Products : password_safe
    • Published: Mar. 24, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-1377

    Cross-site scripting (XSS) vulnerability in img.php in (1) EasyMoblog 0.5.1 and (2) CoMoblog 1.1 allows remote attackers to inject arbitrary web script or HTML via the i parameter.... Read more

    Affected Products : comoblog easymoblog
    • Published: Mar. 24, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-1375

    AdMan 1.0.20051221 and earlier allows remote attackers to obtain the full path via (1) a blank campaignId parameter to editCampaign.php and (2) a blank schemeId parameter to viewPricingScheme.php.... Read more

    Affected Products : adman
    • Published: Mar. 24, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2006-1376

    The installation of Debian GNU/Linux 3.1r1 from the network install CD creates /var/log/debian-installer/cdebconf with world writable permissions, which allows local users to cause a denial of service (disk consumption).... Read more

    Affected Products : debian_linux
    • Published: Mar. 24, 2006
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2006-1369

    Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) 2.1.5 and earlier before 20060308 allows remote attackers to inject arbitrary web script or HTML via a Private Message (PM) in certain circumstances.... Read more

    Affected Products : invision_power_board
    • Published: Mar. 23, 2006
    • Modified: Apr. 03, 2025

  • 9.3

    HIGH
    CVE-2006-0323

    Buffer overflow in swfformat.dll in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, Rhapsody 3, and Helix Player allows remote attackers to execute arbitrary code via a crafted SWF (Flash) file with (1) a size value ... Read more

    • Published: Mar. 23, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2006-1368

    Buffer overflow in the USB Gadget RNDIS implementation in the Linux kernel before 2.6.16 allows remote attackers to cause a denial of service (kmalloc'd memory corruption) via a remote NDIS response to OID_GEN_SUPPORTED_LIST, which causes memory to be all... Read more

    Affected Products : linux_kernel
    • Published: Mar. 23, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 293605 Results