Vulnerabilities (CVE)

Filtered by NVD-CWE-Other
Total 29911 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-3072 1 Symantec 1 Security Information Manager 2026-06-16 4.6 MEDIUM N/A
M4 Macro Library in Symantec Security Information Manager before 4.0.2.29 HOTFIX 1 allows local users to execute arbitrary commands via crafted "rule definitions", which produces dangerous Java code during M4 transformation.
CVE-2006-3071 1 Anton Belev 1 Mp3 Search Archive 2026-06-16 2.6 LOW N/A
Cross-site scripting (XSS) vulnerability in index.php in MP3 Search/Archive 1.2 allows remote attackers to inject arbitrary web script or HTML via the (1) keywords parameter, as used by the "search box", and (2) res parameter.
CVE-2006-3070 1 Zeroboard 1 Zeroboard 2026-06-16 5.0 MEDIUM N/A
write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with mod_mime, allows remote attackers to bypass restrictions for uploading files with executable extensions by uploading a .htaccess file that with an AddType directive that assigns an executable module to files with assumed-safe extensions, as demonstrated by assigning the txt extension to be handled by application/x-httpd-php.
CVE-2006-3069 1 Iglooweb 1 Doublespeak 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in DoubleSpeak 0.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the config[private] parameter in multiple files, as demonstrated by (1) index.php, (2) faq.php, and (3) hardware.php. NOTE: this issue has been disputed by multiple third-party researchers, who state that config[private] is initialized in an include file before being used
CVE-2006-3067 1 Ibm 1 Db2 Universal Database 2026-06-16 5.0 MEDIUM N/A
Multiple unspecified vulnerabilities in IBM DB2 Universal Database (UDB) before 8.1 FixPak 12 allow remote attackers to cause a denial of service (application crash) via a (1) "long column list" in the (a) REPLACE INTO and (b) INSERT INTO portions of the LOAD command or a (2) large number of values in an IN clause, possibly related to a buffer overflow.
CVE-2006-3066 1 Ibm 1 Db2 Universal Database 2026-06-16 5.0 MEDIUM N/A
Buffer overflow in the TCP/IP listener in IBM DB2 Universal Database (UDB) before 8.1 FixPak 12 allows remote attackers to cause a denial of service (application crash) via a long MGRLVLLS message inside of an EXCSAT message when establishing a connection.
CVE-2006-3065 1 Blursoft 1 Blur6ex 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in engine/shards/blog.php in blur6ex 0.3.462 allows remote attackers to execute arbitrary SQL commands via the ID parameter in a proc_reply action in the blog shard. NOTE: This is a similar vulnerability to CVE-2006-1763, but the affected code and versions are different.
CVE-2006-3063 1 Myphp Guestbook 1 Myphp Guestbook 2026-06-16 2.6 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in myPHP Guestbook 1.x through 2.0.0-r1 and before 2.0.1 RC5 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) email, (3) homepage, (4) id, (5) name, and (6) text parameters in (a) index.php, the (7) comment, (8) email, (9) homepage, (10) number, (11) name, and (12) text parameters in (b) admin/guestbook.php, and the (13) email, (14) homepage, (15) icq, (16) name, and (17) text parameters in (c) admin/edit.php.
CVE-2006-3062 1 Myphp Guestbook 1 Myphp Guestbook 2026-06-16 2.6 LOW N/A
Cross-site scripting (XSS) vulnerability in index.php in myPHP Guestbook 2.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
CVE-2006-3060 1 Webexceluk 1 P.a.i.d 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in P.A.I.D 2.2 allows remote attackers to inject arbitrary web script or HTML via the (1) read parameter in index.php, (2) farea parameter in faq.php, and (3) unspecified input fields on the "My Account" login page.
CVE-2006-3057 1 Gnome 1 Dhcdbd 2026-06-16 5.0 MEDIUM N/A
Unspecified vulnerability in NetworkManager daemon for DHCP (dhcdbd) allows remote attackers to cause a denial of service (crash) via certain invalid DHCP responses that trigger memory corruption.
CVE-2006-3056 1 Vbzoom 1 Vbzoom 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in language.php in VBZooM 1.01 allows remote attackers to execute arbitrary SQL commands via the Action parameter.
CVE-2006-3055 1 Vbzoom 1 Vbzoom 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in VBZooM 1.02 allow remote attackers to execute arbitrary SQL commands via the (1) QuranID, (2) ShowByQuranID, or (3) Action parameters to meaning.php.
CVE-2006-3054 1 Vbzoom 1 Vbzoom 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in VBZooM 1.11 allow remote attackers to execute arbitrary SQL commands via the (1) sobjectID or (2) MAINID parameters to (a) show.php or (3) MainID parameter to (b) subject.php.
CVE-2006-3053 1 Phorum 1 Phorum 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in common.php in PHORUM 5.1.13 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the PHORUM[http_path] parameter. NOTE: this issue has been disputed by the vendor, who states "common.php is checked on the very first line of non-comment code that it is not being called directly. It has been this way in all 5.x version of Phorum." CVE analysis concurs with the vendor
CVE-2006-3052 1 Cescripts 4 Event Registration 2checkout, Event Registration Corporate, Event Registration Paypal and 1 more 2026-06-16 6.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Event Registration allows remote attackers to inject arbitrary web script or HTML via the (1) event_id parameter to view-event-details.php or (2) select_events parameter to event-registration.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-3051 1 Six Offene Systeme Gmbh 1 Sixcms 2026-06-16 5.1 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in list.php in SixCMS 6.0, and other versions before 6.0.6patch2, allows remote attackers to inject arbitrary script code or HTML via the page parameter.
CVE-2006-3050 1 Six Offene Systeme Gmbh 1 Sixcms 2026-06-16 2.6 LOW N/A
Directory traversal vulnerability in detail.php in SixCMS 6.0, and other versions before 6.0.6patch2, allows remote attackers to read arbitrary files via a .. (dot dot) sequence and trailing null (%00) byte in the template parameter.
CVE-2006-3049 1 Mole Group Ticket Booking Script 1 Mole Group Ticket Booking Script 2026-06-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in booking3.php in Mole Group Ticket Booking Script allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) address1, (3) address2, (4) county, (5) postcode, (6) email, (7) phone, or (8) mobile parameters to booking2.php.
CVE-2006-3046 1 Subtext 1 Subtext 2026-06-16 6.5 MEDIUM N/A
Unspecified vulnerability in the admin login feature in Subtext 1.5, in a multiblog setup, allows remote administrators of one blog to login to another blog.