Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.0

    MEDIUM
    CVE-2006-0794

    help.php in V-webmail 1.6.2 allows remote attackers to obtain the installation path via unspecified invalid parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.... Read more

    Affected Products : v-webmail
    • Published: Feb. 19, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-0791

    PHP remote file inclusion vulnerability in index.php in DreamCost HostAdmin allows remote attackers to include arbitrary files via the $path variable, which is not initialized before use.... Read more

    Affected Products : hostadmin
    • Published: Feb. 19, 2006
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2006-0799

    Microsoft Internet Explorer allows remote attackers to spoof a legitimate URL in the status bar and conduct a phishing attack via a web page with an anchor element with a legitimate "href" attribute, a form whose action points to a malicious URL, and an I... Read more

    Affected Products : internet_explorer
    • Published: Feb. 19, 2006
    • Modified: Apr. 03, 2025

  • 7.8

    HIGH
    CVE-2006-0797

    Nokia N70 cell phone allows remote attackers to cause a denial of service (reboot or shutdown) through a wireless Bluetooth connection via a malformed Logical Link Control and Adaptation Protocol (L2CAP) packet whose length field is less than the actual l... Read more

    Affected Products : n70
    • Published: Feb. 19, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-0796

    Cross-site scripting (XSS) vulnerability in default.php in Clever Copy 3.0 allows remote attackers to inject arbitrary web script or HTML via the Subject field when sending private messages (privatemessages.php). NOTE: the provenance of this information i... Read more

    Affected Products : clever_copy
    • Published: Feb. 19, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-0795

    Absolute path traversal vulnerability in convert.cgi in Quirex 2.0.2 and earlier allows remote attackers to read arbitrary files, and possibly execute arbitrary code, via the (1) quiz_head, (2) quiz_foot, and (3) template variables.... Read more

    Affected Products : quirex
    • Published: Feb. 19, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-0782

    Unspecified vulnerability in weblog.pl in PerlBlog 1.09b and earlier allows remote attackers to create arbitrary files and possibly execute arbitrary code via unspecified attack vectors related to improper handling of (1) the reply parameter, possibly inv... Read more

    Affected Products : perlblog
    • Published: Feb. 19, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-0788

    Kyocera 3830 (aka FS-3830N) printers have a back door that allows remote attackers to read and alter configuration settings via strings that begin with "!R!SIOP0", as demonstrated using (1) a connection to to TCP port 9100 or (2) the UNIX lp command.... Read more

    Affected Products : fs-3830n
    • Published: Feb. 19, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-0780

    Multiple cross-site scripting (XSS) vulnerabilities in weblog.pl in PerlBlog 1.09b and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) email parameters.... Read more

    Affected Products : perlblog
    • Published: Feb. 19, 2006
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2006-0786

    Incomplete blacklist vulnerability in include.php in PHPKIT 1.6.1 Release 2 and earlier, with allow_url_fopen enabled, allows remote attackers to conduct PHP remote file include attacks via a path parameter that specifies a (1) UNC share or (2) ftps URL, ... Read more

    Affected Products : phpkit
    • Published: Feb. 19, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2006-0789

    Certain unspecified Kyocera printers have a default "admin" account with a blank password, which allows remote attackers to access an administrative menu via a telnet session.... Read more

    Affected Products : fs-3830n
    • Published: Feb. 19, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-0781

    Directory traversal vulnerability in weblog.pl in PerlBlog 1.09b and earlier allows remote attackers to read certain files via the month parameter.... Read more

    Affected Products : perlblog
    • Published: Feb. 19, 2006
    • Modified: Apr. 03, 2025

  • 4.0

    MEDIUM
    CVE-2006-0787

    wimpy_trackplays.php in Plaino Wimpy MP3 Player, possibly 5.2 and earlier, allows remote attackers to insert arbitrary strings into trackme.txt via the (1) trackFile, (2) trackArtist, and (3) trackTitle parameters, which can result in providing false info... Read more

    Affected Products : wimpy_mp3
    • Published: Feb. 19, 2006
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2006-0785

    Absolute path traversal vulnerability in include.php in PHPKIT 1.6.1 Release 2 and earlier allows remote attackers to include and execute arbitrary local files via a direct request with a path parameter with a null character and beginning with (1) '/' (sl... Read more

    Affected Products : phpkit
    • Published: Feb. 19, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-0784

    D-Link DWL-G700AP with firmware 2.00 and 2.01 allows remote attackers to cause a denial of service (CAMEO HTTP service crash) via a request composed of "GET" followed by a space and two newlines, possibly triggering the crash due to missing arguments.... Read more

    Affected Products : dwl-g700ap
    • Published: Feb. 19, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-0783

    Cross-site scripting (XSS) vulnerability in page.php in in Siteframe Beaumont, possibly 5.0.2 or 5.0.1a, allows remote attackers to inject arbitrary web script or HTML via the comment_text parameter to the user comment page (/edit/Comment).... Read more

    Affected Products : siteframe_beaumont
    • Published: Feb. 19, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-0772

    SQL injection vulnerability in Hitachi Business Logic - Container 02-03 through 03-00-/B on Windows, and 03-00 through 03-00-/B on Linux, allows remote attackers to execute arbitrary SQL commands via unspecified vectors in the extended receiving box funct... Read more

    Affected Products : business_logic
    • Published: Feb. 19, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-0777

    Unspecified vulnerability in guestex.pl in Teca Scripts Guestex 1.0 allows remote attackers to execute arbitrary shell commands via the email parameter, possibly involving shell metacharacters.... Read more

    Affected Products : guestex
    • Published: Feb. 19, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-0774

    SQL injection vulnerability in deleteSession() in DB_eSession library 1.0.2 and earlier, as used in multiple products, allows remote attackers to execute arbitrary SQL commands via the $_sess_id_set variable, which is usually derived from PHPSESSID.... Read more

    Affected Products : db_esession
    • Published: Feb. 19, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-0779

    Cross-site scripting (XSS) vulnerability in u2u.php in XMB Forums 1.9.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter, as demonstrated using a URL-encoded iframe tag.... Read more

    Affected Products : xmb
    • Published: Feb. 19, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 293507 Results