Vulnerabilities (CVE)

Filtered by NVD-CWE-Other
Total 29925 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-3932 1 Gonafish 1 Linkscaffe 2026-06-16 5.1 MEDIUM N/A
SQL injection vulnerability in links.php in Gonafish LinksCaffe 3.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-3931 1 Tuomas Airaksinen 1 Midirecord 2026-06-16 4.6 MEDIUM N/A
Buffer overflow in the daemon function in midirecord.cc in Tuomas Airaksinen Midirecord 2.0 allows local users to execute arbitrary code via a long command line argument (filename). NOTE: This may not be a vulnerability if Midirecord is not installed setuid.
CVE-2006-3930 1 Mamboxchange 1 A6mambohelpdesk 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in admin.a6mambohelpdesk.php in a6mambohelpdesk Mambo Component 18RC1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.
CVE-2006-3929 1 Zyxel 1 Prestige 660h-61 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Forms/rpSysAdmin script on the Zyxel Prestige 660H-61 ADSL Router running firmware 3.40(PT.0)b32 allows remote attackers to inject arbitrary web script or HTML via hex-encoded values in the a parameter.
CVE-2006-3928 1 Mikael Software 1 Wmnews 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in index.php in WMNews 0.2a and earlier allows remote attackers to execute arbitrary PHP code via a URL in the base_datapath parameter.
CVE-2006-3927 1 Php Pro Bid 1 Php Pro Bid 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in auctionsearch.php in PhpProBid 5.24 allows remote attackers to inject arbitrary web script or HTML via the advsrc parameter.
CVE-2006-3926 1 Php Pro Bid 1 Php Pro Bid 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in PhpProBid 5.24 allow remote attackers to execute arbitrary SQL commands via the (1) view or (2) start parameters to (a) viewfeedback.php or the (3) orderType parameter to (b) categories.php.
CVE-2006-3925 1 Interactual Technologies 1 Interactual Player 2026-06-16 6.4 MEDIUM N/A
Stack-based buffer overflow in ITIRecorder.MicRecorder ActiveX control in iarecord.dll in InterActual Player before 2.6 allows remote attackers to execute arbitrary code via a long argument to the Files method. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-3923 1 Fire-mouse 1 Fire-mouse Toplist 2026-06-16 2.6 LOW N/A
Cross-site scripting (XSS) vulnerability in add.php in Fire-Mouse Toplist 1.1 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the Seitenname parameter.
CVE-2006-3922 1 Portailphp 1 Portailphp 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in mod_membre/inscription.php in PortailPHP 1.7 allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter.
CVE-2006-3921 1 Sun 2 Java System Application Server, Java System Web Server 2026-06-16 4.0 MEDIUM N/A
Sun Java System Application Server (SJSAS) 7 through 8.1 and Web Server (SJSWS) 6.0 and 6.1 allows remote authenticated users to read files outside of the "document root directory" via a direct request using a UTF-8 encoded URI.
CVE-2006-3920 1 Sun 2 Solaris, Sunos 2026-06-16 5.0 MEDIUM N/A
The TCP implementation in Sun Solaris 8, 9, and 10 before 20060726 allows remote attackers to cause a denial of service (resource exhaustion) via a TCP packet with an incorrect sequence number, which triggers an ACK storm.
CVE-2006-3919 1 Sd Studio 1 Sd Studio Cms 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in index.php in SD Studio CMS allows remote attackers to execute arbitrary SQL commands via the (1) news_id, (2) tid, and (3) page_id parameters.
CVE-2006-3917 1 R. Corson 1 Php Forge 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in inc/gabarits.php in R. Corson PHP Forge 3 beta 2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cfg_racine parameter.
CVE-2006-3916 1 Solucija 1 Snews 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in snews.php in sNews (aka Solucija News) 1.4 allows remote attackers to inject arbitrary web script or HTML via the search_query parameter.
CVE-2006-3915 1 Microsoft 2 Internet Explorer, Windows Xp 2026-06-16 5.0 MEDIUM N/A
Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by iterating over any native function, as demonstrated with the window.alert function, which triggers a null dereference.
CVE-2006-3914 1 Blackboard 1 Blackboard Academic Suite 2026-06-16 6.0 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Blackboard Academic Suite 6.2.3.23 allows remote authenticated users to inject arbitrary HTML or web script by bypassing client-side validation through disabling JavaScript when submitting an essay response, which has no server-side validation before being viewed via "View Attempt Details" in the Gradebook.
CVE-2006-3913 1 Freeciv 1 Freeciv 2026-06-16 7.5 HIGH N/A
Buffer overflow in Freeciv 2.1.0-beta1 and earlier, and SVN 15 Jul 2006 and earlier, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) negative chunk_length or a (2) large chunk->offset value in a PACKET_PLAYER_ATTRIBUTE_CHUNK packet in the generic_handle_player_attribute_chunk function in common/packets.c, and (3) a large packet->length value in the handle_unit_orders function in server/unithand.c.
CVE-2006-3911 1 Php Live 1 Php Live 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in OSI Codes PHP Live! 3.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the css_path parameter in (1) help.php and (2) setup/header.php.
CVE-2006-3910 1 Microsoft 1 Ie 2026-06-16 5.0 MEDIUM N/A
Internet Explorer 6 on Windows XP SP2, when Outlook is installed, allows remote attackers to cause a denial of service (crash) by calling the NewDefaultItem function of an OVCtl (OVCtl.OVCtl.1) ActiveX object, which triggers a null dereference.