Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.0

    MEDIUM
    CVE-2006-0882

    Directory traversal vulnerability in include.php in Noah's Classifieds 1.3 allows remote attackers to include arbitrary local files via the otherTemplate parameter to index.php.... Read more

    Affected Products : noahs_classifieds
    • Published: Feb. 24, 2006
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2006-0813

    Heap-based buffer overflow in WinACE 2.60 allows user-assisted attackers to execute arbitrary code via a large header block in an ARJ archive.... Read more

    Affected Products : winace
    • Published: Feb. 24, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-0878

    Noah's Classifieds 1.3 allows remote attackers to obtain the installation path via a direct request to include files, as demonstrated by classifieds/gorum/category.php.... Read more

    Affected Products : noahs_classifieds
    • Published: Feb. 24, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-0879

    SQL injection vulnerability in the search tool in Noah's Classifieds 1.3 allows remote attackers to execute arbitrary SQL commands via unspecified attack vectors.... Read more

    Affected Products : noahs_classifieds
    • Published: Feb. 24, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-0873

    Absolute path traversal vulnerability in docs/showdocs.php in Coppermine Photo Gallery 1.4.3 and earlier allows remote attackers to include arbitrary files via the f parameter, and possibly remote files using UNC share pathnames.... Read more

    • Published: Feb. 24, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2006-0874

    Multiple unspecified vulnerabilities in Intensive Point iUser Ecommerce before 2.2 have unspecified vectors and impact, as addressed by "Urgent secure fixes". NOTE: this might be a duplicate of CVE-2006-0854, but the vendor announcement for this issue (f... Read more

    Affected Products : iuser_ecommerce
    • Published: Feb. 24, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-0188

    webmail.php in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary web pages into the right frame via a URL in the right_frame parameter. NOTE: this has been called a cross-site scripting (XSS) issue, but it is different than what is ... Read more

    Affected Products : squirrelmail
    • Published: Feb. 24, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-0195

    Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via style sheet specifiers with invalid (1) "/*" and "*/" comments, or (2) a newline in a "url" specifier,... Read more

    Affected Products : squirrelmail
    • Published: Feb. 24, 2006
    • Modified: Apr. 03, 2025

  • 5.1

    MEDIUM
    CVE-2006-0300

    Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute code via unspecified vectors involving PAX extended headers.... Read more

    Affected Products : tar
    • Published: Feb. 24, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-0377

    CRLF injection vulnerability in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary IMAP commands via newline characters in the mailbox parameter of the sqimap_mailbox_select command, aka "IMAP injection."... Read more

    Affected Products : squirrelmail
    • Published: Feb. 24, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-0867

    Buffer overflow in certain versions of South River (aka SRT) WebDrive, possibly version 6.08 build 1131 and version 8, allows remote attackers to cause a denial of service (application crash and persistent erratic behavior) via a long string in the name e... Read more

    Affected Products : webdrive
    • Published: Feb. 23, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-0857

    Cross-site scripting (XSS) vulnerability in Chatbox Plugin 1.0 in e107 0.7.2 allows remote attackers to inject arbitrary HTML or web script via a Chatbox, as demonstrated using a SCRIPT element.... Read more

    Affected Products : e107 chatbox_plugin
    • Published: Feb. 23, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-0870

    SQL injection vulnerability in pages.asp in Mini-Nuke CMS System 1.8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: version 2.3 was later reported to be vulnerable as well.... Read more

    Affected Products : mini-nuke_cms
    • Published: Feb. 23, 2006
    • Modified: Apr. 03, 2025

  • 7.5

    HIGH
    CVE-2006-0868

    Multiple unspecified injection vulnerabilities in unspecified Auth Container back ends for PEAR::Auth before 1.2.4, and 1.3.x before 1.3.0r4, allow remote attackers to "falsify authentication credentials," related to the "underlying storage containers."... Read more

    Affected Products : pear xml_rpc
    • Published: Feb. 23, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-0865

    PunBB 1.2.10 and earlier allows remote attackers to cause a denial of service (resource consumption) by registering many user accounts quickly.... Read more

    Affected Products : punbb
    • Published: Feb. 23, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-0859

    Michael Salzer Guestbox 0.6, and other versions before 0.8, allows remote attackers to post an admin comment to a guestbook entry via a certain modified form, possibly related to the nummer parameter.... Read more

    Affected Products : guestbox
    • Published: Feb. 23, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-0863

    InfoVista PortalSE 2.0 Build 20087 on Solaris 8 allows remote attackers to obtain sensitive information by specifying a nonexistent server in the server field, which reveals the path in an error message.... Read more

    Affected Products : portalse
    • Published: Feb. 23, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-0866

    PunBB 1.2.10 and earlier allows remote attackers to conduct brute force guessing attacks for an account's password, which may be as short as 4 characters.... Read more

    Affected Products : punbb
    • Published: Feb. 23, 2006
    • Modified: Apr. 03, 2025

  • 4.3

    MEDIUM
    CVE-2006-0860

    Multiple cross-site scripting (XSS) vulnerabilities in Michael Salzer Guestbox 0.6, and other versions before 0.8, allow remote attackers to inject arbitrary web script or HTML via (1) HTML tags that follow a "http://" string, which bypasses a regular exp... Read more

    Affected Products : guestbox
    • Published: Feb. 23, 2006
    • Modified: Apr. 03, 2025

  • 5.0

    MEDIUM
    CVE-2006-0861

    Michael Salzer Guestbox 0.6, and other versions before 0.8, allows remote attackers to obtain the source IP addresses of guestbook entries via a direct request to /gb/gblog.... Read more

    Affected Products : guestbox
    • Published: Feb. 23, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 294744 Results