Vulnerabilities (CVE)

Filtered by NVD-CWE-Other
Total 29922 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-3778 1 Ibm 1 Lotus Notes 2026-06-16 5.0 MEDIUM N/A
IBM Lotus Notes 6.0, 6.5, and 7.0 does not properly handle replies to e-mail messages with alternate name users when the (1) "Save As Draft" option is used or (2) a "," (comma) is inside the "phrase" portion of an address, which can cause the e-mail to be sent to users that were deleted from the To, CC, and BCC fields, which allows remote attackers to obtain the list of original recipients.
CVE-2006-3772 1 Php-post 1 Php-post 2026-06-16 5.1 MEDIUM N/A
PHP-Post 0.21 and 1.0, and possibly earlier versions, when auto-login is enabled, allows remote attackers to bypass security restrictions and obtain administrative privileges by modifying the logincookie[user] setting in the login cookie.
CVE-2006-3771 1 Imaginex-resource 1 Imanage Cms 2026-06-16 7.5 HIGH N/A
Multiple PHP remote file inclusion vulnerabilities in component.php in iManage CMS 4.0.12 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to (1) articles.php, (2) contact.php, (3) displaypage.php, (4) faq.php, (5) mainbody.php, (6) news.php, (7) registration.php, (8) whosOnline.php, (9) components/com_calendar.php, (10) components/com_forum.php, (11) components/minibb/index.php, (12) components/minibb/bb_admin.php, (13) components/minibb/bb_plugins.php, (14) modules/mod_calendar.php, (15) modules/mod_browser_prefs.php, (16) modules/mod_counter.php, (17) modules/mod_online.php, (18) modules/mod_stats.php, (19) modules/mod_weather.php, (20) themes/bizz.php, (21) themes/default.php, (22) themes/simple.php, (23) themes/original.php, (24) themes/portal.php, (25) themes/purple.php, and other unspecified files.
CVE-2006-3770 1 Phpfaber 1 Topsites 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in index.php in phpFaber TopSites 2.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) i_cat or (2) method parameters.
CVE-2006-3769 1 Top Xl 1 Top Xl 2026-06-16 2.6 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in Top XL 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) pass and (2) pass2 parameters in (a) add.php or the (3) id parameter in (b) members/index.php.
CVE-2006-3768 1 Intervations 1 Filecopa 2026-06-16 6.4 MEDIUM N/A
Integer underflow in filecpnt.exe in FileCOPA FTP Server 1.01 before 2006-07-21 allow remote authenticated users to execute arbitrary code via a long argument to the (1) CWD, (2) DELE, (3) MDTM, and (4) MKD commands, which triggers a stack-based buffer overflow.
CVE-2006-3767 1 Darrens 5-dollar Script Archive 1 Osdate 2026-06-16 6.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in showprofile.php in Darren's $5 Script Archive osDate 1.1.7 and earlier allows remote attackers to inject arbitrary web script or HTML via the onerror attribute in an HTML IMG tag with a non-existent source file in txtcomment parameter, which is used when posting a comment.
CVE-2006-3766 1 Darrens 5-dollar Script Archive 1 Osdate 2026-06-16 5.0 MEDIUM N/A
Darren's $5 Script Archive osDate 1.1.7 and earlier allows users to boost their own ratings via a txtrating parameter with a score greater than the intended maximum of 10.
CVE-2006-3765 1 Huttenlocher Webdesign 1 Hwdeguest 2026-06-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Huttenlocher Webdesign hwdeGUEST 2.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, as demonstrated by the "name input" field in new_entry.php.
CVE-2006-3764 1 Till Gerken 1 Phppolls 2026-06-16 5.0 MEDIUM N/A
Till Gerken phpPolls 1.0.3 allows remote attackers to create a new poll via a direct request to phpPollAdmin.php3 with the poll_action parameter set to create.
CVE-2006-3763 1 Dieselscripts 1 Diesel Joke Site 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in category.php in Diesel Joke Site allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2006-3762 1 Touch Control 1 Activex Control 2026-06-16 7.5 HIGH N/A
The Touch Control ActiveX control 2.0.0.55 allows remote attackers to read and possibly execute arbitrary files via a "file///" URI in the sPath parameter to the Execute function.
CVE-2006-3760 1 Mybulletinboard 1 Mybulletinboard 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) 1.1.4 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2006-3759 1 Mybulletinboard 1 Mybulletinboard 2026-06-16 5.0 MEDIUM N/A
Unspecified vulnerability in MyBB (aka MyBulletinBoard) 1.1.4, related has unspecified impact and attack vectors related to "user group manipulation."
CVE-2006-3758 1 Mybulletinboard 1 Mybulletinboard 2026-06-16 7.5 HIGH N/A
inc/init.php in Archive Mode (Light) in MyBB (aka MyBulletinBoard) 1.1.4 calls the extract function with EXTR_OVERWRITE on HTTP POST and GET variables, which allows remote attackers to overwrite arbitrary variables, as demonstrated via an SQL injection using the _SERVER[HTTP_CLIENT_IP] parameter in archive/index.php.
CVE-2006-3757 1 Zen Cart 1 Zen Cart 2026-06-16 5.0 MEDIUM N/A
index.php in Zen Cart 1.3.0.2 allows remote attackers to obtain sensitive information via empty (1) _GET[], (2) _SESSION[], (3) _POST[], (4) _COOKIE[], or (5) _SESSION[] array parameters, which reveals the installation path in an error message. NOTE: this issue might be resultant from a global overwrite vulnerability.
CVE-2006-3755 1 Flushcms 1 Flushcms 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in Include/editor/class.rich.php in FlushCMS 1.0.0-pre2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the class_path parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-3754 1 Flushcms 1 Flushcms 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in Include/editor/rich_files/class.rich.php in FlushCMS 1.0.0-pre2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the class_path parameter.
CVE-2006-3753 1 Professional Home Page Tools 1 Professional Home Page Tools Guestbook 2026-06-16 6.4 MEDIUM N/A
setcookie.php for the administration login in Professional Home Page Tools Guestbook records the hash of the administrator password in a cookie, which allows attackers to conduct brute force password guessing attacks after obtaining the hash.
CVE-2006-3752 1 Professional Home Page Tools 1 Professional Home Page Tools Guestbook 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in class.php in Professional Home Page Tools Guestbook allow remote attackers to execute arbitrary SQL commands via the (1) hidemail, (2) name, (3) mail, (4) ip, or (5) text parameters.