Total
29911 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-3195 | 1 Singapore | 1 Singapore | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in singapore 0.10.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the template parameter. | |||||
| CVE-2006-3194 | 1 Singapore | 1 Singapore | 2026-06-16 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in singapore 0.10.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) sequence and trailing null (%00) byte in the (1) gallery and (2) template parameter. | |||||
| CVE-2006-3192 | 1 Php Web Scripts | 1 Ad Manager Pro | 2026-06-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in Ad Manager Pro 2.6 allows remote attackers to execute arbitrary PHP code via a URL in the (1) ipath parameter in common.php and (2) unspecified vectors in ad.php. | |||||
| CVE-2006-3191 | 1 Tpvgames | 1 Mpcs | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in comment.php in MPCS 0.2 allows remote attackers to inject arbitrary web script or HTML via the pageid parameter. | |||||
| CVE-2006-3190 | 1 Hotplug Cms | 1 Hotplug Cms | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in administration/includes/login/auth.php in HotPlug CMS 1.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username and (2) password parameters. | |||||
| CVE-2006-3189 | 1 Hotplug Cms | 1 Hotplug Cms | 2026-06-16 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in administration/tblcontent/login1.php in HotPlug CMS 1.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | |||||
| CVE-2006-3188 | 1 Sharky E-shop | 1 Sharky E-shop | 2026-06-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Sharky e-shop 3.05 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) maingroup and (2) secondgroup parameters to (a) search_prod_list.asp, and the (3) maingroup parameter to (b) meny2.asp. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-3187 | 1 Sharky E-shop | 1 Sharky E-shop | 2026-06-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Sharky e-shop 3.05 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) maingroup and (2) secondgroup parameters to (a) search_prod_list.asp, and the (3) maingroup parameter to (b) meny2.asp. NOTE: it is possible that this is resultant from SQL injection or a forced SQL error. | |||||
| CVE-2006-3186 | 1 Cms Faethon | 1 Cms Faethon | 2026-06-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in CMS Faethon 1.3.2 allow remote attackers to inject arbitrary web script or HTML via the mainpath parameter to (1) data/footer.php and (2) admin/header.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-3185 | 1 Cms Faethon | 1 Cms Faethon | 2026-06-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in data/header.php in CMS Faethon 1.3.2 allows remote attackers to execute arbitrary PHP code via a URL in the mainpath parameter. | |||||
| CVE-2006-3184 | 1 Asp Stats Generator | 1 Asp Stats Generator | 2026-06-16 | 4.0 MEDIUM | N/A |
| Direct static code injection vulnerability in ASP Stats Generator before 2.1.2 allows remote authenticated attackers to execute arbitrary ASP code via the strAsgSknPageBgColour parameter to settings_skin.asp, which is stored in inc_skin_file.asp. | |||||
| CVE-2006-3183 | 1 Mobescripts | 1 Mobile Space Community | 2026-06-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in MobeScripts Mobile Space Community 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) browse parameter, which is not filtered in the resulting error message, and multiple unspecified input fields, including those involved when (2) updating a profile, (3) posting comments or entries in a blog, (4) uploading files, (5) picture captions, and (6) sending a private message (PM). | |||||
| CVE-2006-3182 | 1 Mobescripts | 1 Mobile Space Community | 2026-06-16 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in index.php in MobeScripts Mobile Space Community 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the uid parameter in the rss page. | |||||
| CVE-2006-3180 | 1 Swsoft | 1 Confixx | 2026-06-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ftp_index.php in Confixx Pro 3.0 allows remote attackers to inject arbitrary web script or HTML via the path parameter. | |||||
| CVE-2006-3179 | 1 Swsoft | 1 Confixx | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in tools_ftp_pwaendern.php in Confixx Pro 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the account parameter. | |||||
| CVE-2006-3178 | 1 Jed Wing | 1 Chm Lib | 2026-06-16 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in extract_chmLib example program in CHM Lib (chmlib) before 0.38 allows remote attackers to overwrite arbitrary files via a CHM archive containing files with a .. (dot dot) in their filename. | |||||
| CVE-2006-3177 | 1 Bible Portal Project | 1 Bible Portal Project | 2026-06-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in Admin/rtf_parser.php in The Bible Portal Project 2.12 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the destination parameter. | |||||
| CVE-2006-3176 | 1 Xaran | 1 Xaran Cms | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in xarancms_haupt.php in xarancms 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-3174 | 1 Squirrelmail | 1 Squirrelmail | 2026-06-16 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in SquirrelMail 1.5.1 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary HTML via the mailbox parameter. | |||||
| CVE-2006-3173 | 1 Content\*builder | 1 Content\*builder | 2026-06-16 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Content*Builder 0.7.5 allow remote attackers to execute arbitrary PHP code via a URL in the (1) path[cb] parameter to (a) libraries/comment/postComment.php and (b) modules/poll/poll.php, (2) rel parameter to (c) modules/archive/overview.inc.php, and the (3) actualModuleDir parameter to (d) modules/forum/showThread.inc.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
