Total
29911 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-3378 | 1 Ubuntu | 1 Ubuntu Linux | 2026-06-16 | 7.2 HIGH | N/A |
| passwd command in shadow in Ubuntu 5.04 through 6.06 LTS, when called with the -f, -g, or -s flag, does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits. | |||||
| CVE-2006-3377 | 1 Jmb Software | 1 Autorank | 2026-06-16 | 4.0 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in JMB Software AutoRank PHP 3.02 and earlier, and AutoRank Pro 5.01 and earlier, allows remote attackers to inject arbitrary web script or HTML via the (1) Keyword parameter in search.php and the (2) Username parameter in main.cgi. | |||||
| CVE-2006-3376 | 1 Wvware | 2 Libwmf, Wv2 | 2026-06-16 | 7.5 HIGH | N/A |
| Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple products including (1) wv, (2) abiword, (3) freetype, (4) gimp, (5) libgsf, and (6) imagemagick allows remote attackers to execute arbitrary code via the MaxRecordSize header field in a WMF file. | |||||
| CVE-2006-3375 | 1 Randshop | 1 Randshop | 2026-06-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/header.inc.php in Randshop 1.1.1 allows remote attackers to execute arbitrary PHP code via the dateiPfad parameter. | |||||
| CVE-2006-3374 | 1 Randshop | 1 Randshop | 2026-06-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in Randshop 1.2 and earlier, including 0.9.3, allows remote attackers to execute arbitrary PHP code via a URL in the incl parameter. | |||||
| CVE-2006-3373 | 1 Hobbit Monitor | 1 Hobbit Monitor | 2026-06-16 | 2.1 LOW | N/A |
| Unspecified vulnerability in the client/bin/logfetch script in Hobbit 4.2-beta allows local users to read arbitrary files, related to logfetch running as setuid root. | |||||
| CVE-2006-3372 | 1 Apple | 1 Safari | 2026-06-16 | 5.0 MEDIUM | N/A |
| Apple Safari 2.0.4/419.3 allows remote attackers to cause a denial of service (application crash) via a DHTML setAttributeNode function call with zero arguments, which triggers a null dereference. | |||||
| CVE-2006-3371 | 1 Eupla | 1 Foros | 2026-06-16 | 5.0 MEDIUM | N/A |
| Eupla Foros 1.0 stores the inc/config.inc file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information, including the database configuration. | |||||
| CVE-2006-3370 | 1 Bb-news | 1 Blueboy | 2026-06-16 | 5.0 MEDIUM | N/A |
| Blueboy 1.0.3 stores bb_news_config.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information, including the database configuration. | |||||
| CVE-2006-3369 | 1 Iduprey | 1 Kamikaze-qscm | 2026-06-16 | 5.0 MEDIUM | N/A |
| Kamikaze-QSCM 0.1 stores config.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information, including the database configuration. | |||||
| CVE-2006-3368 | 1 Efone | 1 Efone | 2026-06-16 | 5.0 MEDIUM | N/A |
| Efone 20000723 stores config.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information. | |||||
| CVE-2006-3367 | 1 Mp3netbox | 1 Mp3netbox | 2026-06-16 | 5.0 MEDIUM | N/A |
| Mp3 JudeBox Server (Mp3NetBox) Beta 1 stores config.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information, including the database configuration. | |||||
| CVE-2006-3366 | 1 V3 Chat | 1 V3 Chat | 2026-06-16 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in V3 Chat allow remote attackers to inject arbitrary web script or HTML via crafted HTML tags, as demonstrated by the IMG tag, in the (1) id parameter in (a) mail/index.php and (b) mail/reply.php; (2) login_id parameter in (c) members/is_online.php; (3) site_id parameter in (d) messenger/online.php, (e) messenger/search.php, and (f) messenger/profile.php; (4) contact_name parameter in messenger/search.php; (5) membername parameter in (g) messenger/profileview.php; (6) unspecified parameters used when "editing a profile"; and (7) cust_name parameter in (h) messenger/expire.php. NOTE: The vendor disputes the vectors involving files in the messenger directory, stating "... the referenced folder 'messenger' was never available to the general public...". | |||||
| CVE-2006-3364 | 1 F-art Agency | 1 Blog Cms | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the NP_SEO plugin in BLOG:CMS before 4.1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-3363 | 1 Xoops | 1 Xoops Glossaire Module | 2026-06-16 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in index.php in the Glossaire module 1.7 for Xoops allows remote attackers to execute arbitrary PHP code via a URL in the pa parameter. | |||||
| CVE-2006-3362 | 2 Geeklog, Toenda Software Development | 2 Geeklog, Toendacms | 2026-06-16 | 5.1 MEDIUM | N/A |
| Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip. | |||||
| CVE-2006-3361 | 1 Stud.ip | 1 Stud.ip | 2026-06-16 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in Stud.IP 1.3.0-2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the (1) _PHPLIB[libdir] parameter in studip-phplib/oohforms.inc and (2) ABSOLUTE_PATH_STUDIP parameter in studip-htdocs/archiv_assi.php. | |||||
| CVE-2006-3359 | 1 Newsphp | 1 Newsphp | 2026-06-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in NewsPHP 2006 PRO allow remote attackers to inject arbitrary web script or HTML via the (1) words, (2) id, (3) topmenuitem, and (4) cat_id parameters in (a) index.php; and the (5) category parameter in (b) inc/rss_feed.php. | |||||
| CVE-2006-3358 | 1 Newsphp | 1 Newsphp | 2026-06-16 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in NewsPHP 2006 PRO allow remote attackers to inject arbitrary web script or HTML via the (1) words, (2) id, (3) cat_id, and (4) tim parameters, which are not sanitized before being returned in an error page. NOTE: it is possible that some of these vectors are resultant from an SQL injection issue. | |||||
| CVE-2006-3357 | 1 Microsoft | 1 Internet Explorer | 2026-06-16 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in HTML Help ActiveX control (hhctrl.ocx) in Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code by repeatedly setting the Image field of an Internet.HHCtrl.1 object to certain values, possibly related to improper escaping and long strings. | |||||
