Vulnerabilities (CVE)

Filtered by NVD-CWE-Other
Total 29911 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-2999 1 Okscripts 1 Quicklinks 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in search.php in OkScripts QuickLinks 1.1 allows remote attackers to inject arbitrary web script or HTML via the q parameter.
CVE-2006-2998 1 Free Qboard 1 Free Qboard 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in board/post.php in free QBoard 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the qb_path parameter.
CVE-2006-2997 1 Zms Publishing 1 Zms 2026-06-16 2.6 LOW N/A
Cross-site scripting (XSS) vulnerability in ZMS 2.9 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the raw parameter in the search field.
CVE-2006-2996 1 Lovecompass 1 Aepartner 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in inc/design.inc.php in LoveCompass aePartner 0.8.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the dir[data] parameter.
CVE-2006-2995 1 Webprojectdb 1 Webprojectdb 2026-06-16 7.5 HIGH N/A
Multiple PHP remote file inclusion vulnerabilities in WebprojectDB 0.1.3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the INCDIR parameter in (1) include/nav.php and (2) include/lang.php.
CVE-2006-2993 1 My Photo Scrapbook 1 My Photo Scrapbook 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in My Photo Scrapbook 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the key parameter in (1) Displayview.asp and (2) Details_Photo_bv.asp.
CVE-2006-2992 1 My Photo Scrapbook 1 My Photo Scrapbook 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in display.asp in My Photo Scrapbook 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the key_m parameter.
CVE-2006-2991 1 Ringlink 1 Ringlink 2026-06-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Ringlink 3.2 allow remote attackers to inject arbitrary web script or HTML via a JavaScript URI in the SRC attribute of an IMG element, and possibly other manipulations, in the ringid parameter in (1) next.cgi, (2) stats.cgi, or (3) list.cgi.
CVE-2006-2990 1 Vanillasoft 1 Vanillasoft Helpdesk 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in default.asp in VanillaSoft Helpdesk 2005 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter.
CVE-2006-2989 1 Iisworks 1 Listpics 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in listpics.asp in ASP ListPics 4.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the info parameter.
CVE-2006-2988 1 Chemical Dictionary 1 Chemical Dictionary 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in dictionary.php in Chemical Dictionary allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in a browse action.
CVE-2006-2987 1 Dominios Europa 1 Picrate 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in Dominios Europa PICRATE (aka TAL RateMyPic) 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id, (2) voteid, and (3) vfiel parameters to (a) index.php, and via the (4) nick, (5) email, (6) city, (7) messen, and (8) message form field parameters to (b) add.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-2986 1 Baby Katie Media 2 Very Simple Car Lister, Very Simple Realty Lister 2026-06-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Baby Katie Media (a) very Simple Car Lister (vSCAL) 1.0 and (b) very simple Realty Lister (vsREAL) 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) lid parameter in index.php and the (2) title parameter in myslideshow.php.
CVE-2006-2985 1 Integramod 1 Integramod 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in index.php in IntegraMOD 1.4.0 and earlier allows remote attackers to execute arbitrary SQL commands via double-encoded "'" characters in the STYLE_URL parameter.
CVE-2006-2984 1 Integramod 1 Integramod 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.php in IntegraMOD 1.4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the STYLE_URL parameter. NOTE: it is possible that this issue is resultant from SQL injection.
CVE-2006-2983 1 Enterprise Payroll Systems 1 Enterprise Payroll Systems 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in Enterprise Timesheet and Payroll Systems (EPS) 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the absolutepath parameter in cal.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-2982 1 Enterprise Payroll Systems 1 Enterprise Payroll Systems 2026-06-16 7.5 HIGH N/A
Multiple PHP remote file inclusion vulnerabilities in Enterprise Timesheet and Payroll Systems (EPS) 1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the absolutepath parameter in (1) footer.php and (2) admin/footer.php.
CVE-2006-2981 1 Arantius 1 Vice Stats 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in vs_search.php in Arantius Vice Stats before 1.0.1 allows remote attackers to execute arbitrary SQL commands via unknown vectors, a different issue than CVE-2006-2972.
CVE-2006-2980 1 Viart Ltd 1 Viart Shop Free 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in block_forum_topic_new.php in ViArt Shop Free 2.5.5, and possibly other distributions including Light, Standard, and Enterprise, might allow remote attackers to execute arbitrary SQL commands via unknown vectors, probably involving the forum_id parameter.
CVE-2006-2979 1 Viart 1 Shop 2026-06-16 2.6 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in ViArt Shop Free 2.5.5, and possibly other distributions including Light, Standard, and Enterprise, allow remote attackers to inject arbitrary web script or HTML via the (1) forum_id parameter in forum.php, which is not properly handled in block_forum_topics.php, and (2) item_id parameter in reviews.php, which is not properly handled in block_reviews.php.