Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2006-0366

    Cross-site scripting (XSS) vulnerability in Phpclanwebsite (aka PCW) allows remote attackers to inject arbitrary web script or HTML via a javascript URI in a BBCode img tag.... Read more

    Affected Products : phpclanwebsite
    • Published: Jan. 22, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-0376

    The 802.11 wireless client in certain operating systems including Windows 2000, Windows XP, and Windows Server 2003 does not warn the user when (1) it establishes an association with a station in ad hoc (aka peer-to-peer) mode or (2) a station in ad hoc m... Read more

    • Published: Jan. 22, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-0359

    Buffer overflow in CounterPath eyeBeam SIP Softphone allows remote attackers to (1) cause a denial of service (device crash) via SIP INVITE commands with a long header field name sent during startup and (2) cause a denial of service (device hang or crash)... Read more

    Affected Products : eyebeam_sip_softphone
    • Published: Jan. 22, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-0355

    Helmsman Research (aka CoolUtils) HomeFtp 1.1 allows remote attackers to cause an unspecified denial of service via a long USER command combined with a long PASS command and an NLST command.... Read more

    Affected Products : homeftp
    • Published: Jan. 22, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-0374

    Advantage Century Telecommunication (ACT) P202S IP Phone 1.01.21 running firmware 1.1.21 has multiple undocumented ports available, which (1) might allow remote attackers to obtain sensitive information, such as memory contents and internal operating-syst... Read more

    Affected Products : p202s
    • Published: Jan. 22, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-0371

    Directory traversal vulnerability in index.php in Noah Medling RCBlog 1.03 allows remote attackers to read arbitrary .txt files, possibly including one that stores the administrator's account name and password, via a .. (dot dot) in the post parameter.... Read more

    Affected Products : rcblog
    • Published: Jan. 22, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2006-0369

    MySQL 5.0.18 allows local users with access to a VIEW to obtain sensitive information via the "SELECT * FROM information_schema.views;" query, which returns the query that created the VIEW. NOTE: this issue has been disputed by third parties, saying that... Read more

    Affected Products : mysql
    • Published: Jan. 22, 2006
    • Modified: Apr. 03, 2025

  • 6.5

    MEDIUM
    CVE-2006-0367

    Unspecified vulnerability in Cisco CallManager 3.2 and earlier, 3.3 before 3.3(5)SR1, 4.0 before 4.0(2a)SR2c, and 4.1 before 4.1(3)SR2 allows remote authenticated users with read-only administrative privileges to obtain full administrative privileges via ... Read more

    Affected Products : call_manager
    • Published: Jan. 22, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-0361

    Cross-site scripting (XSS) vulnerability in addcomment.php in Bit 5 Blog 8.01 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in an <a> tag in the comment parameter, which strips most tags but not <a>.... Read more

    Affected Products : bit_5_blog
    • Published: Jan. 22, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-0357

    Grant Averett Cerberus FTP Server 2.32, and possibly earlier versions, allows remote attackers to cause an unspecified denial of service via a long string that does not contain a valid FTP command.... Read more

    Affected Products : cerberus_ftp_server
    • Published: Jan. 22, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-0365

    Cross-site scripting (XSS) vulnerability in XMB (aka extreme message board) allows remote attackers to inject arbitrary web script or HTML via JavaScript in the SRC attribute of an IMG element.... Read more

    Affected Products : xmb_forum
    • Published: Jan. 22, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-0370

    Noah Medling RCBlog 1.03 stores the data and config directories under the web root with insufficient access control, which allows remote attackers to view account names and MD5 password hashes.... Read more

    Affected Products : rcblog
    • Published: Jan. 22, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-0372

    Multiple SQL injection vulnerabilities in config.php in Insane Visions BlogPHP, possibly 1.0, allow remote attackers to execute arbitrary SQL commands via the (1) blogphp_username or (2) blogphp_password parameter in a cookie.... Read more

    Affected Products : blogphp
    • Published: Jan. 22, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-0375

    Advantage Century Telecommunication (ACT) P202S IP Phone 1.01.21 running firmware 1.1.21 on VxWorks uses a hardcoded Network Time Protocol (NTP) server in Taiwan, which could allow remote attackers to provide false time information, block access to time i... Read more

    Affected Products : p202s
    • Published: Jan. 22, 2006
    • Modified: Apr. 03, 2025

  • 7.8

    HIGH
    CVE-2006-0368

    Cisco CallManager 3.2 and earlier, 3.3 before 3.3(5)SR1, 4.0 before 4.0(2a)SR2c, and 4.1 before 4.1(3)SR2 allow remote attackers to (1) cause a denial of service (CPU and memory consumption) via a large number of open TCP connections to port 2000 and (2) ... Read more

    Affected Products : call_manager
    • Published: Jan. 22, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-0356

    Ari Pikivirta Home Ftp Server 1.0.7 allows remote attackers to cause an unspecified denial of service via a long USER command combined with a long PASS command.... Read more

    Affected Products : home_ftp_server
    • Published: Jan. 22, 2006
    • Modified: Apr. 03, 2025

  • 6.4

    MEDIUM
    CVE-2006-0360

    MPM SIP HP-180W Wireless IP Phone WE.00.17 allows remote attackers to obtain sensitive information and possibly cause a denial of service via a direct connection to UDP port 9090, which is undocumented and does not require authentication.... Read more

    Affected Products : hp-180w_voip_wifi_phone
    • Published: Jan. 22, 2006
    • Modified: Apr. 03, 2025

  • 5.5

    MEDIUM
    CVE-2006-0354

    Cisco IOS before 12.3-7-JA2 on Aironet Wireless Access Points (WAP) allows remote authenticated users to cause a denial of service (termination of packet passing or termination of client connections) by sending the management interface a large number of s... Read more

    • Published: Jan. 22, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-0358

    Multiple SQL injection vulnerabilities in PowerPortal, possibly 1.1 beta through 1.3, allow remote attackers to execute arbitrary SQL commands via the search parameter in (1) index.php and (2) search.php. NOTE: This issue might overlap CVE-2004-0663.2.... Read more

    Affected Products : powerportal
    • Published: Jan. 22, 2006
    • Modified: Apr. 03, 2025

  • 2.1

    LOW
    CVE-2006-0363

    The "Remember my Password" feature in MSN Messenger 7.5 stores passwords in an encrypted format under the HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Creds registry key, which might allow local users to obtain the original passwords via a program tha... Read more

    Affected Products : msn_messenger
    • Published: Jan. 22, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 293352 Results