Vulnerabilities (CVE)

Filtered by NVD-CWE-Other
Total 29911 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-3243 1 Mybulletinboard 1 Mybulletinboard 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in usercp.php in MyBB (MyBulletinBoard) 1.0 through 1.1.3 allows remote attackers to execute arbitrary SQL commands via the showcodebuttons parameter.
CVE-2006-3242 1 Mutt 1 Mutt 2026-06-16 7.5 HIGH N/A
Stack-based buffer overflow in the browse_get_namespace function in imap/browse.c of Mutt 1.4.2.1 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via long namespaces received from the IMAP server.
CVE-2006-3241 1 Xennobb 1 Xennobb 2026-06-16 2.6 LOW N/A
Cross-site scripting (XSS) vulnerability in messages.php in XennoBB 1.0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the tid parameter.
CVE-2006-3239 1 Vbzoom 1 Vbzoom 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in message.php in VBZooM 1.11 and earlier allows remote attackers to execute arbitrary SQL commands via the UserID parameter.
CVE-2006-3238 1 Vbzoom 1 Vbzoom 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in VBZooM 1.00 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) MemberID parameter to rank.php, and the (2) QuranID parameter to lng.php.
CVE-2006-3237 1 Senokian Solutions 1 Enterprise Groupware Systems 2026-06-16 2.6 LOW N/A
Cross-site scripting (XSS) vulnerability in index.php in Enterprise Groupware System (EGS) 1.2.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the module parameter.
CVE-2006-3236 1 Thinkfactory 1 Thinkwms 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in thinkWMS 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in (a) index.php or (b) printarticle.php, and the (2) catid parameter in index.php.
CVE-2006-3235 1 Looknet 1 Fineshop 2026-06-16 2.6 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in index.php in FineShop 3.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) promocja, (2) wysw, or (3) id_produc parameters.
CVE-2006-3234 1 Looknet 1 Fineshop 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in index.php in FineShop 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) produkt, (2) id_produc, and (3) id_kat parameters.
CVE-2006-3233 1 Open Webmail 1 Open Webmail 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in openwebmail-read.pl in Open WebMail (OWM) 2.52, and other versions released before 06/18/2006, allows remote attackers to inject arbitrary web script or HTML via the from field. NOTE: some third party sources have mentioned the "to" and "from" fields, although CVE analysis shows that these are associated with the previous version, a different executable, and a different CVE.
CVE-2006-3230 1 Azureus Tracker 1 Azureus Tracker 2026-06-16 2.6 LOW N/A
Cross-site scripting (XSS) vulnerability in index.tmpl in Azureus Tracker 2.4.0.2 and earlier (Java BitTorrent Client Tracker) allows remote attackers to inject arbitrary web script or HTML via the search parameter.
CVE-2006-3229 1 Open Webmail 1 Open Webmail 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Open WebMail (OWM) 2.52, and other versions released before 05/12/2006, allows remote attackers to inject arbitrary web script or HTML via the (1) To and (2) From fields in openwebmail-main.pl, and possibly (3) other unspecified vectors related to "openwebmailerror calls that need to display HTML."
CVE-2006-3228 1 Nullsoft 1 Winamp 2026-06-16 9.3 HIGH N/A
Buffer overflow in in_midi.dll for WinAmp 2.90 up to 5.23, including 5.21, allows remote attackers to execute arbitrary code via a crafted .mid (MIDI) file.
CVE-2006-3227 1 Microsoft 1 Internet Explorer 2026-06-16 2.6 LOW N/A
Interpretation conflict between Internet Explorer and other web browsers such as Mozilla, Opera, and Firefox might allow remote attackers to modify the visual presentation of web pages and possibly bypass protection mechanisms such as content filters via ASCII characters with the 8th bit set, which could be stripped by Internet Explorer to render legible text, but not when using other browsers. NOTE: there has been significant discussion about this issue, and as of 20060625, it is not clear where the responsibility for this issue lies, although it might be due to vagueness within the associated standards. NOTE: this might only be exploitable with certain encodings.
CVE-2006-3226 1 Cisco 1 Secure Access Control Server 2026-06-16 7.5 HIGH N/A
Cisco Secure Access Control Server (ACS) 4.x for Windows uses the client's IP address and the server's port number to grant access to an HTTP server port for an administration session, which allows remote attackers to bypass authentication via various methods, aka "ACS Weak Session Management Vulnerability."
CVE-2006-3225 1 Sun 2 Java System Application Server, One Application Server 2026-06-16 2.6 LOW N/A
Cross-site scripting (XSS) vulnerability in Sun ONE Application Server 7 before Update 9, Java System Application Server 7 2004Q2 before Update 5, and Java System Application Server Enterprise Edition 8.1 2005 Q1 allows remote attackers to inject arbitrary HTML or web script via unknown vectors.
CVE-2006-3224 1 Apple 1 Safari 2026-06-16 5.4 MEDIUM N/A
Apple Safari 2.0.3 (417.9.3) on Mac OS X 10.4.6 allows remote attackers to cause a denial of service (CPU consumption) via Javascript with an infinite for loop. NOTE: it could be argued that this is not a vulnerability, unless it interferes with the operation of the system outside of the scope of Safari itself.
CVE-2006-3223 1 Broadcom 3 Etrust Antivirus, Etrust Pestpatrol, Integrated Threat Management 2026-06-16 7.5 HIGH N/A
Format string vulnerability in CA Integrated Threat Management (ITM), eTrust Antivirus (eAV), and eTrust PestPatrol (ePP) r8 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a scan job with format strings in the description field.
CVE-2006-3222 1 Fortinet 1 Fortios 2026-06-16 5.0 MEDIUM N/A
The FTP proxy module in Fortinet FortiOS (FortiGate) before 2.80 MR12 and 3.0 MR2 allows remote attackers to bypass anti-virus scanning via the Enhanced Passive (EPSV) FTP mode.
CVE-2006-3221 1 Softnews Media Group 1 Datalife Engine 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in index.php in DataLife Engine 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via double-encoded values in the user parameter in a userinfo subaction.