Total
29916 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-3537 | 1 Randshop | 1 Randshop | 2026-06-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in Randshop before 1.2 allows remote attackers to execute arbitrary PHP code via the dateiPfad parameter, a different vector than CVE-2006-3375. | |||||
| CVE-2006-3536 | 1 Ej3 | 1 Topo | 2026-06-16 | 7.5 HIGH | N/A |
| Direct static code injection vulnerability in code/class_db_text.php in EJ3 TOPo 2.2.178 and earlier allows remote attackers to execute arbitrary PHP code via parameters such as (1) descripcion and (2) pais, which are stored directly in a PHP script. NOTE: the provenance of this information is unknown; the details are obtained solely from third party reports. | |||||
| CVE-2006-3535 | 1 Nullsoft | 1 Shoutcast Dsp | 2026-06-16 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Nullsoft SHOUTcast DSP before 1.9.7 allows remote attackers to read arbitrary files via unspecified vectors that are a "slight variation" of CVE-2006-3534. | |||||
| CVE-2006-3534 | 1 Nullsoft | 1 Shoutcast Server | 2026-06-16 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in Nullsoft SHOUTcast DSP before 1.9.6 filters directory traversal sequences before decoding, which allows remote attackers to read arbitrary files via encoded dot dot (%2E%2E) sequences in an HTTP GET request for a file path containing "/content". | |||||
| CVE-2006-3533 | 1 Pivot | 1 Pivot | 2026-06-16 | 5.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Pivot 1.30 RC2 and earlier, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) fg, (2) line1, (3) line2, (4) bg, (5) c1, (6) c2, (7) c3, and (8) c4 parameters in (a) includes/blogroll.php; (9) name and (10) js_name parameters in (b) includes/editor/edit_menu.php; and, even if register_globals is not enabled, the (11) h and (12) w parameters in (c) includes/photo.php. | |||||
| CVE-2006-3532 | 1 Pivot | 1 Pivot | 2026-06-16 | 5.1 MEDIUM | N/A |
| PHP file inclusion vulnerability in includes/edit_new.php in Pivot 1.30 RC2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a FTP URL or full file path in the Paths[extensions_path] parameter. | |||||
| CVE-2006-3531 | 1 Pivot | 1 Pivot | 2026-06-16 | 7.5 HIGH | N/A |
| includes/editor/insert_image.php in Pivot 1.30 RC2 and earlier creates the authentication credentials from parameters, which allows remote attackers to obtain privileges and upload arbitrary files via modified (1) pass and (2) session parameters, and (3) pass and (4) userlevel indices of the (a) Pivot_Vars[] or (b) Users[] array parameters. | |||||
| CVE-2006-3529 | 1 Juniper | 1 Junos | 2026-06-16 | 5.0 MEDIUM | N/A |
| Memory leak in Juniper JUNOS 6.4 through 8.0, built before May 10, 2006, allows remote attackers to cause a denial of service (kernel packet memory consumption and crash) via crafted IPv6 packets whose buffers are not released after they are processed. | |||||
| CVE-2006-3527 | 1 Bosdev | 1 Bosclassifieds Classified Ads | 2026-06-16 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in BosClassifieds Classified Ads allow remote attackers to execute arbitrary PHP code via a URL in the insPath parameter to (1) index.php, (2) recent.php, (3) account.php, (4) classified.php, or (5) search.php. | |||||
| CVE-2006-3526 | 1 Sport-slo | 1 Sport-slo Advanced Guestbook | 2026-06-16 | 5.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in guestbook.php in Sport-slo Advanced Guestbook 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) name and (2) form parameters. | |||||
| CVE-2006-3525 | 1 Phpcredo | 1 Phcdownload | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in category.php in PHCDownload 1.0.0 Final and 1.0.0 Release Candidate 6 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-3524 | 1 Sipfoundry | 1 Sipxtapi | 2026-06-16 | 7.5 HIGH | N/A |
| Buffer overflow in SIPfoundry sipXtapi released before 20060324 allows remote attackers to execute arbitrary code via a long CSeq field value in an INVITE message. | |||||
| CVE-2006-3523 | 1 Clearswift | 1 Mimesweeper For Web | 2026-06-16 | 5.0 MEDIUM | N/A |
| Clearswift MIMEsweeper for Web before 5.1.15 Hotfix allows remote attackers to cause a denial of service (crash) via an encrypted archived .RAR file, which triggers a scan error and causes the Web Policy Engine service to terminate. | |||||
| CVE-2006-3522 | 1 Clearswift | 1 Mimesweeper For Web | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Clearswift MIMEsweeper for Web before 5.1.15 Hotfix allows remote attackers to inject arbitrary web script or HTML via the URL, which is reflected back in an error message when trying to access a blocked web site. | |||||
| CVE-2006-3521 | 1 Simian Systems Inc | 1 Siteforge Collaborative Development Platform | 2026-06-16 | 5.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index/siteforge-bugs-action/proj.siteforge in SiteForge Collaborative Development Platform 1.0.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) _status, (2) _extra1, (3) _extra2, or (4) _extra3 parameters. | |||||
| CVE-2006-3520 | 1 Sabdrimer Cms | 1 Sabdrimer Cms | 2026-06-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in skins/advanced/advanced1.php in Sabdrimer Pro 2.2.4, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the pluginpath[0] parameter. | |||||
| CVE-2006-3519 | 1 Native Solutions | 1 The Banner Engine | 2026-06-16 | 5.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in The Banner Engine (tbe) 4.0 allow remote attackers to execute arbitrary web script or HTML via the (1) text parameter in a search action to (a) top.php, and the (2) adminpass or (3) adminlogin parameter to (b) signup.php. | |||||
| CVE-2006-3518 | 1 Webvizyon.net | 1 Webvizyon Portal | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in SayfalaAltList.asp in Webvizyon Portal 2006 allows remote attackers to execute arbitrary SQL commands via the ID parameter. | |||||
| CVE-2006-3517 | 1 Rwscripts.com | 1 Rw Download | 2026-06-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in stats.php in RW::Download, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter. | |||||
| CVE-2006-3516 | 1 Freehost | 1 Freehost | 2026-06-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in FreeHost allow remote attackers to execute arbitrary SQL commands via (1) readme parameter to FreeHost/misc.php or (2) index parameter to FreeHost/news.php. | |||||
