Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 2.6

    LOW
    CVE-2006-0722

    settings.php in Reamday Enterprises Magic Downloads 1.1.3, when register_globals is enabled, allows remote attackers to modify program behavior, potentially bypassing authentication controls, via modified (1) action, (2) passwd, (3) admin_password, (4) ne... Read more

    Affected Products : magic_downloads
    • Published: Feb. 16, 2006
    • Modified: Apr. 03, 2025

  • 6.8

    MEDIUM
    CVE-2006-0725

    PHP remote file inclusion vulnerability in prepend.php in Plume CMS 1.0.2, when register_globals is enabled, allows remote attackers to include arbitrary files via a URL in the _PX_config[manager_path] parameter. NOTE: this is a different executable and ... Read more

    Affected Products : plume_cms
    • Published: Feb. 16, 2006
    • Modified: Apr. 03, 2025

  • 4.6

    MEDIUM
    CVE-2006-0455

    gpgv in GnuPG before 1.4.2.1, when using unattended signature verification, returns a 0 exit code in certain cases even when the detached signature file does not carry a signature, which could cause programs that use gpgv to assume that the signature veri... Read more

    Affected Products : privacy_guard
    • Published: Feb. 15, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-0719

    SQL injection vulnerability in member_login.php in PHP Classifieds 6.18 through 6.20 allows remote attackers to execute arbitrary SQL commands via the (1) username parameter, which is used by the E-mail address field, and (2) password parameter.... Read more

    Affected Products : php_classifieds
    • Published: Feb. 15, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-0718

    The Internet Key Exchange version 1 (IKEv1) implementation in Avaya VSU 100, 2000, 7500, 10000, and CSU 5000, when running IPSec, allows remote attackers to cause a denial of service (crash) via certain IKE packets, as demonstrated by the PROTOS ISAKMP Te... Read more

    • Published: Feb. 15, 2006
    • Modified: Apr. 03, 2025

  • 2.6

    LOW
    CVE-2006-0704

    iE Integrator 4.4.220114, when configured without a "bespoke error page" in acm.ini, allows remote attackers to obtain sensitive information via a URL that calls a non-existent .aspx script in the integrator/apps directory, which results in an error messa... Read more

    Affected Products : ie_integrator
    • Published: Feb. 15, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-0703

    Unspecified vulnerability in index.php in imageVue 16.1 has unknown impact, probably a cross-site scripting (XSS) vulnerability involving the query string that is not quoted when inserted into style and body tags, as demonstrated using a bgcol parameter.... Read more

    Affected Products : imagevue
    • Published: Feb. 15, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-0707

    PyBlosxom before 1.3.2, when running on certain webservers, allows remote attackers to read arbitrary files via an HTTP request with multiple leading / (slash) characters, which is accessed using the PATH_INFO variable.... Read more

    Affected Products : pyblosxom
    • Published: Feb. 15, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-0716

    SQL injection vulnerability in index.php in sNews 1.3 allows remote attackers to execute arbitrary SQL commands via the (1) category and (2) id parameters.... Read more

    Affected Products : snews
    • Published: Feb. 15, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-0694

    Unspecified vulnerability in the loaders (load_*.php) in Ansilove before 1.03 allows remote attackers to read arbitrary files via unspecified vectors involving "converting files accessible by the webserver".... Read more

    Affected Products : ansilove
    • Published: Feb. 15, 2006
    • Modified: Apr. 03, 2025

  • 4.9

    MEDIUM
    CVE-2006-0666

    Unspecified vulnerability in the (1) unix_mp and (2) unix_64 kernels in IBM AIX 5.3 VRMF 5.3.0.30 through 5.3.0.33 allows local users to cause a denial of service (system crash) via unknown vectors related to EMULATE_VMX.... Read more

    Affected Products : aix
    • Published: Feb. 15, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-0711

    The (1) addfolder and (2) deletefolder functions in neomail-prefs.pl in NeoMail 1.28 do not validate the Session ID, which allows remote attackers to add and delete arbitrary files, when configured with homedirfolders and homedirspools disabled.... Read more

    Affected Products : neomail
    • Published: Feb. 15, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-0715

    Cross-site scripting (XSS) vulnerability in sNews 1.3 allows remote attackers to inject arbitrary web script or HTML via the comment field.... Read more

    Affected Products : snews
    • Published: Feb. 15, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-0690

    Multiple SQL injection vulnerabilities in TTS Time Tracking Software 3.0 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.... Read more

    Affected Products : time_tracking_software
    • Published: Feb. 15, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-0702

    admin/upload.php in imageVue 16.1 allows remote attackers to upload arbitrary files to certain allowed folders via .. (dot dot) sequences in the path parameter. NOTE: due to the lack of details, the specific vulnerability type cannot be determined, altho... Read more

    Affected Products : imagevue
    • Published: Feb. 15, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-0710

    Double free vulnerability in isode.eddy in Isode M-Vault Server 11.3 allows remote attackers to execute arbitrary code via a crafted LDAP request, as demonstrated by ProtoVer Sample LDAP.... Read more

    Affected Products : m-vault_server
    • Published: Feb. 15, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-0713

    Directory traversal vulnerability in LinPHA 1.0 allows remote attackers to include arbitrary files via .. (dot dot) sequences in the (1) lang parameter in docs/index.php and the language parameter in (2) install/install.php, (3) install/sec_stage_install.... Read more

    Affected Products : linpha
    • Published: Feb. 15, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-0717

    IBM Tivoli Directory Server 6.0 allows remote attackers to cause a denial of service (crash) via a crafted LDAP request, as demonstrated by test 2532 in the ProtoVer Sample LDAP test suite.... Read more

    Affected Products : tivoli_directory_server
    • Published: Feb. 15, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2006-0697

    Zen Cart before 1.2.7 does not protect the admin/includes directory, which allows remote attackers to cause unknown impact via unspecified vectors, probably direct requests.... Read more

    Affected Products : zen_cart
    • Published: Feb. 15, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2006-0698

    Unspecified vulnerabilities in Zen Cart before 1.2.7 allow remote attackers to cause unknown impact via unspecified vectors related to "other attempted exploits" other than SQL injection.... Read more

    Affected Products : zen_cart
    • Published: Feb. 15, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 293542 Results