Total
29911 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-3287 | 1 Cisco | 1 Wireless Control System | 2026-06-16 | 7.5 HIGH | N/A |
| Cisco Wireless Control System (WCS) for Linux and Windows 4.0(1) and earlier uses a default administrator username "root" and password "public," which allows remote attackers to gain access (aka bug CSCse21391). | |||||
| CVE-2006-3286 | 1 Cisco | 1 Wireless Control System | 2026-06-16 | 7.5 HIGH | N/A |
| The internal database in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(63) stores a hard-coded username and password in plaintext within unspecified files, which allows remote authenticated users to access the database (aka bug CSCsd15951). | |||||
| CVE-2006-3285 | 1 Cisco | 1 Wireless Control System | 2026-06-16 | 7.5 HIGH | N/A |
| The internal database in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) uses an undocumented, hard-coded username and password, which allows remote authenticated users to read, and possibly modify, sensitive configuration data (aka bugs CSCsd15955). | |||||
| CVE-2006-3284 | 1 Datetopia | 1 Dating Agent Pro | 2026-06-16 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Dating Agent PRO 4.7.1 allows remote attackers to inject arbitrary web script or HTML via the login parameter in (1) webmaster/index.php and (2) search.php. | |||||
| CVE-2006-3283 | 1 Datetopia | 1 Dating Agent Pro | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Dating Agent PRO 4.7.1 allows remote attackers to execute arbitrary SQL commands via the (1) pid parameter in picture.php, (2) mid parameter in mem.php, and the (3) sex and (4) relationship parameters in search.php. | |||||
| CVE-2006-3282 | 1 Datetopia | 1 Dating Agent Pro | 2026-06-16 | 5.0 MEDIUM | N/A |
| requirements.php in Dating Agent PRO 4.7.1 allows remote attackers to obtain sensitive information via a direct request, which calls the phpinfo function. | |||||
| CVE-2006-3280 | 1 Microsoft | 1 Internet Explorer | 2026-06-16 | 7.5 HIGH | N/A |
| Cross-domain vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, aka "Redirect Cross-Domain Information Disclosure Vulnerability." | |||||
| CVE-2006-3279 | 1 Aewebworks | 1 Aedating | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in aeDating 4.1 allows remote attackers to inject arbitrary web script or HTML via the (1) Sex parameter in index.php, (2) ProfileType parameter in join_form.php, and (3) Email parameter in forgot.php. | |||||
| CVE-2006-3278 | 1 Positive Software | 1 H-sphere | 2026-06-16 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in H-Sphere 2.5.1 Beta 1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) next_template, (2) start, (3) curr_menu_id, and (4) arid parameters in psoft/servlet/resadmin/psoft.hsphere.CP when using the mailman/massmail.html template_name. | |||||
| CVE-2006-3276 | 1 Realnetworks | 1 Helix Dna Server | 2026-06-16 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in RealNetworks Helix DNA Server 10.0 and 11.0 allows remote attackers to execute arbitrary code via (1) a long User-Agent HTTP header in the RTSP service and (2) unspecified vectors involving the "parsing of HTTP URL schemes". | |||||
| CVE-2006-3275 | 1 Yabb | 1 Yabb | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in profile.php in YaBB SE 1.5.5 and earlier allows remote attackers to execute SQL commands via a double-encoded user parameter in a viewprofile action. | |||||
| CVE-2006-3274 | 1 Webmin | 1 Webmin | 2026-06-16 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Webmin before 1.280, when run on Windows, allows remote attackers to read arbitrary files via \ (backslash) characters in the URL to certain directories under the web root, such as the image directory. | |||||
| CVE-2006-3273 | 1 Astrodog Press | 1 Some Chess | 2026-06-16 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in menu.php in Some Chess 1.5 rc1 allows remote attackers to inject arbitrary web script or HTML via the user parameter ("New Name" field). | |||||
| CVE-2006-3272 | 1 Astrodog Press | 1 Some Chess | 2026-06-16 | 5.0 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in menu.php in Some Chess 1.5 rc2 allows remote attackers to conduct actions as another user, such as changing usernames and passwords, via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-3271 | 1 Softbizscripts | 1 Dating Script | 2026-06-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Softbiz Dating 1.0 allow remote attackers to execute SQL commands via the (1) country and (2) sort_by parameters in (a) search_results.php; (3) browse parameter in (b) featured_photos.php; (4) cid parameter in (c) products.php, (d) index.php, and (e) news_desc.php. | |||||
| CVE-2006-3270 | 1 Thorcms | 1 Thorcms | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in cms_admin.php in THoRCMS 1.3.1 allows remote attackers to execute arbitrary SQL commands via multiple unspecified parameters, such as the add_link_mid parameter. NOTE: the provenance of this information is unknown; portions of the details are obtained from third party information. | |||||
| CVE-2006-3269 | 1 Thorcms | 1 Thorcms | 2026-06-16 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in includes/functions_cms.php in THoRCMS 1.3.1 allows remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter. | |||||
| CVE-2006-3268 | 1 Novell | 1 Groupwise | 2026-06-16 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Windows Client API in Novell GroupWise 5.x through 7 might allow users to obtain "random programmatic access" to other email within the same post office. | |||||
| CVE-2006-3267 | 1 Infinite Core Technologies | 1 Ict | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Infinite Core Technologies (ICT) 1.0 Gold and earlier allows remote attackers to execute arbitrary SQL commands via the post parameter. | |||||
| CVE-2006-3266 | 1 Magnet | 1 Bee-hive Lite | 2026-06-16 | 5.1 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Bee-hive Lite 1.2 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) header parameter to (a) conad/include/rootGui.inc.php and (b) include/rootGui.inc.php; (2) mysqlCall parameter to (c) conad/changeEmail.inc.php, (d) conad/changeUserDetails.inc.php, (e) conad/checkPasswd.inc.php, (f) conad/login.inc.php and (g) conad/logout.inc.php; (3) mysqlcall parameter to (h) include/listall.inc.php; (4) prefix parameter to (i) show/index.php; and (5) config parameter to (j) conad/include/mysqlCall.inc.php. | |||||
