Vulnerabilities (CVE)

Filtered by NVD-CWE-Other
Total 29928 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-4109 1 Drupal 1 Bibliography Module 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Bibliography (biblio.module) 4.6 before revision 1.1.1.1.4.11 and 4.7 before revision 1.13.2.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2006-4108 1 Drupal 1 Bibliography Module 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in Bibliography (biblio.module) 4.6 before revision 1.1.1.1.4.11 and 4.7 before revision 1.13.2.5 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2006-4107 1 Drupal 1 Job Search 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the Job Search module (job.module) 4.6 before revision 1.3.2.1 in Drupal allows remote attackers to execute arbitrary SQL commands via a job or resume search.
CVE-2006-4106 1 Blursoft 1 Blur6ex 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in blursoft blur6ex 0.3 allows remote attackers to inject arbitrary web script or HTML via a comment title.
CVE-2006-4105 1 Fill Threads Database 1 Fill Threads Database 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Fill Threads Database (FTD) 3.7.3 allows remote attackers to inject arbitrary web script or HTML via the (1) search field or (2) an e-mail message.
CVE-2006-4104 1 Mojoscripts 1 Mojogallery 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in admin.cgi in mojoscripts.com mojoGallery allows remote attackers to inject arbitrary web script or HTML via "password input."
CVE-2006-4103 1 Jason Alexander 1 Phnntp 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in article-raw.php in Jason Alexander phNNTP 1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the file_newsportal parameter.
CVE-2006-4102 1 Falko Timme And Till Brehm 1 Sqlitewebadmin 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in tpl.inc.php in Falko Timme and Till Brehm SQLiteWebAdmin 0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the conf[classpath] parameter.
CVE-2006-4099 1 Businessobjects 1 Crystal Enterprise 2026-06-16 7.5 HIGH N/A
Business Objects Crystal Enterprise 9 and 10 generates predictable session identifiers, which allows remote attackers to hijack sessions of other users via WCSID cookie values.
CVE-2006-4098 1 Cisco 1 Secure Access Control Server 2026-06-16 10.0 HIGH N/A
Stack-based buffer overflow in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted RADIUS Accounting-Request packet.
CVE-2006-4096 1 Isc 1 Bind 2026-06-16 5.0 MEDIUM N/A
BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via a flood of recursive queries, which cause an INSIST failure when the response is received after the recursion queue is empty.
CVE-2006-4093 3 Canonical, Debian, Linux 3 Ubuntu Linux, Debian Linux, Linux Kernel 2026-06-16 4.9 MEDIUM N/A
Linux kernel 2.x.6 before 2.6.17.9 and 2.4.x before 2.4.33.1 on PowerPC PPC970 systems allows local users to cause a denial of service (crash) related to the "HID0 attention enable on PPC970 at boot time."
CVE-2006-4092 1 Simpliciti 1 Locked Browser 2026-06-16 3.6 LOW N/A
Simpliciti Locked Browser does not properly limit a user's actions to ones within the intended Internet Explorer environment, which allows local users to perform unauthorized actions by visiting a web site that executes a JavaScript window.blur loop to remove focus from the browser window, then pressing CTRL-SHIFT-ESC to invoke the Task Manager.
CVE-2006-4091 1 Archangelmgt 1 Weblog 2026-06-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Archangel Management Archangel Weblog 0.90.02 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Comment section.
CVE-2006-4090 1 Webligo 1 Bloghoster 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Webligo BlogHoster 2.2 allows remote attackers to inject arbitrary web script or HTML via the "From: part of the comment post," probably involving the nickname parameter to previewcomment.php.
CVE-2006-4089 1 Andy Lo-a-foe 1 Alsaplayer 2026-06-16 5.0 MEDIUM N/A
Multiple buffer overflows in Andy Lo-A-Foe AlsaPlayer 0.99.76 and earlier allow remote attackers to cause a denial of service (application crash), or have other unknown impact, via (1) a long Location field sent by a web server, which triggers an overflow in the reconnect function in reader/http/http.c; (2) a long URL sent by a web server when AlsaPlayer is seeking a media file for the playlist, which triggers overflows in new_list_item and CbUpdated in interface/gtk/PlaylistWindow.cpp; and (3) a long response sent by a CDDB server, which triggers an overflow in cddb_lookup in input/ccda/cdda_engine.c.
CVE-2006-4088 1 Civicspace 1 Civicspace 2026-06-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in CivicSpace 0.8.5 allow remote attackers to inject arbitrary web script or HTML via the (1) Subject, (2) Comment, and (3) Add new comment sections.
CVE-2006-4087 1 Mojoscripts 1 Mojogallery 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in admin.cgi in mojoscripts.com mojoGallery allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-4086 1 Ozjournals 1 Ozjournals 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.php in Elaine Aquino Online Zone Journals (OZJournals) 1.5 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-4085 1 Olaf Noehring 1 The Search Engine Project 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in Olaf Noehring The Search Engine Project (TSEP) 0.942 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the tsep_config[absPath] parameter to pagenavigation.php, a different vector than CVE-2006-4055. NOTE: the provenance of this information is unknown; the details are obtained from third party information.