Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2006-0571

    Multiple cross-site scripting (XSS) vulnerabilities in phpstatus 1.0 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in the administrative interface.... Read more

    Affected Products : phpstatus
    • Published: Feb. 07, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-0570

    Multiple SQL injection vulnerabilities in phpstatus 1.0, when gpc_magic_quotes is disabled, allow remote attackers to execute arbitrary SQL commands and bypass authentication via (1) the username parameter in check.php and (2) unknown attack vectors in th... Read more

    Affected Products : phpstatus
    • Published: Feb. 07, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-0569

    Cross-site scripting (XSS) vulnerability in user_class.php in Papoo 2.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the username field during the registration of a new account. NOTE: the provenance of this information... Read more

    Affected Products : papoo
    • Published: Feb. 07, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-0567

    Directory traversal vulnerability in Files Xaraya module before 0.5.1, when the Archive Directory field on the Modify Config page is blank, allows remote attackers to access files outside of the web root via ".." (dot dot) sequences.... Read more

    Affected Products : files_xaraya_module
    • Published: Feb. 07, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-0564

    Stack-based buffer overflow in Microsoft HTML Help Workshop 4.74.8702.0, and possibly earlier versions, and as included in the Microsoft HTML Help 1.4 SDK, allows context-dependent attackers to execute arbitrary code via a .hhp file with a long Contents f... Read more

    Affected Products : html_help_workshop html_help
    • Published: Feb. 06, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-0513

    Directory traversal vulnerability in pkmslogout in Tivoli Web Server Plug-in 5.1.0.10 in Tivoli Access Manager (TAM) 5.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.... Read more

    • Published: Feb. 06, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-0566

    The LDAP component in CommuniGate Pro Core Server 5.0.7 allows remote attackers to cause a denial of service (application crash) via LDAP messages that contain Distinguished Names (DN) fields with a large number of elements.... Read more

    Affected Products : communigate_pro_core_server
    • Published: Feb. 06, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-0565

    PHP remote file include vulnerability in inc/backend_settings.php in Loudblog 0.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the $GLOBALS[path] parameter.... Read more

    Affected Products : loudblog
    • Published: Feb. 06, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-0562

    Cross-site scripting (XSS) vulnerability in problem.php in PluggedOut Blog 1.9.9c allows remote attackers to inject arbitrary web script or HTML via the data parameter.... Read more

    Affected Products : pluggedout_blog
    • Published: Feb. 06, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-0563

    SQL injection vulnerability in exec.php in PluggedOut Blog 1.9.9c allows remote attackers to execute arbitrary SQL commands via the entryid parameter in a comment_add action.... Read more

    Affected Products : pluggedout_blog
    • Published: Feb. 06, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-0437

    Cross-site scripting (XSS) vulnerability in admin_smilies.php in phpBB 2.0.19 allows remote attackers to inject arbitrary web script or HTML via Javascript events such as "onmouseover" in the (1) smile_url or (2) smile_emotion parameters, which bypasses a... Read more

    Affected Products : phpbb phpbb
    • Published: Feb. 06, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-0438

    Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.19, when Link to off-site Avatar or bbcode (IMG) are enabled, allows remote attackers to perform unauthorized actions as a logged in user via a link or IMG tag in a user profile, as demonstrated... Read more

    Affected Products : phpbb phpbb
    • Published: Feb. 06, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-0552

    Unspecified vulnerability in the Net Listener component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, and 9.2.0.7 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB11.... Read more

    • Published: Feb. 04, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-0545

    SQL injection vulnerability in showflat.php in Groupee (formerly known as Infopop) UBB.threads 6.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Number parameter.... Read more

    Affected Products : ubb.threads
    • Published: Feb. 04, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-0540

    Multiple SQL injection vulnerabilities in Tachyon Vanilla Guestbook 1.0 beta allow remote attackers to execute arbitrary SQL commands via unspecified vectors.... Read more

    Affected Products : vanilla_guestbook
    • Published: Feb. 04, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-0548

    SQL injection vulnerability in the Oracle Text component of Oracle Database 10g, and possibly earlier versions, might allow remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: due to the lack of relevant details from the Oracle a... Read more

    Affected Products : database_server
    • Published: Feb. 04, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-0543

    Cerulean Trillian 3.1.0.120 allows remote attackers to cause a denial of service (client crash) via an AIM message containing the Mac encoded Rich Text Format (RTF) escape sequences (1) \'d1, (2) \'d2, (3) \'d3, (4) \'d4, and (5) \'d5. NOTE: the provenan... Read more

    Affected Products : trillian
    • Published: Feb. 04, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-0549

    SQL injection vulnerability in the SYS.DBMS_METADATA_UTIL package in Oracle Database 10g, and possibly earlier versions, might allow remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: due to the lack of relevant details from the... Read more

    Affected Products : database_server
    • Published: Feb. 04, 2006
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2006-0539

    The convert-fcrontab program in fcron 3.0.0 might allow local users to gain privileges via a long command-line argument, which causes Linux glibc to report heap memory corruption, possibly because a strcpy in the strdup2 function can "overwrite some data.... Read more

    Affected Products : fcron
    • Published: Feb. 04, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-0550

    Buffer overflow in an unspecified Oracle Client utility might allow remote attackers to execute arbitrary code or cause a denial of service. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being created since it cann... Read more

    Affected Products : oracle_client
    • Published: Feb. 04, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 293361 Results