Total
29911 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2999 | 1 Okscripts | 1 Quicklinks | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in OkScripts QuickLinks 1.1 allows remote attackers to inject arbitrary web script or HTML via the q parameter. | |||||
| CVE-2006-2998 | 1 Free Qboard | 1 Free Qboard | 2026-06-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in board/post.php in free QBoard 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the qb_path parameter. | |||||
| CVE-2006-2997 | 1 Zms Publishing | 1 Zms | 2026-06-16 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in ZMS 2.9 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the raw parameter in the search field. | |||||
| CVE-2006-2996 | 1 Lovecompass | 1 Aepartner | 2026-06-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in inc/design.inc.php in LoveCompass aePartner 0.8.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the dir[data] parameter. | |||||
| CVE-2006-2995 | 1 Webprojectdb | 1 Webprojectdb | 2026-06-16 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in WebprojectDB 0.1.3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the INCDIR parameter in (1) include/nav.php and (2) include/lang.php. | |||||
| CVE-2006-2993 | 1 My Photo Scrapbook | 1 My Photo Scrapbook | 2026-06-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in My Photo Scrapbook 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the key parameter in (1) Displayview.asp and (2) Details_Photo_bv.asp. | |||||
| CVE-2006-2992 | 1 My Photo Scrapbook | 1 My Photo Scrapbook | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in display.asp in My Photo Scrapbook 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the key_m parameter. | |||||
| CVE-2006-2991 | 1 Ringlink | 1 Ringlink | 2026-06-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Ringlink 3.2 allow remote attackers to inject arbitrary web script or HTML via a JavaScript URI in the SRC attribute of an IMG element, and possibly other manipulations, in the ringid parameter in (1) next.cgi, (2) stats.cgi, or (3) list.cgi. | |||||
| CVE-2006-2990 | 1 Vanillasoft | 1 Vanillasoft Helpdesk | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in default.asp in VanillaSoft Helpdesk 2005 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter. | |||||
| CVE-2006-2989 | 1 Iisworks | 1 Listpics | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in listpics.asp in ASP ListPics 4.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the info parameter. | |||||
| CVE-2006-2988 | 1 Chemical Dictionary | 1 Chemical Dictionary | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in dictionary.php in Chemical Dictionary allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in a browse action. | |||||
| CVE-2006-2987 | 1 Dominios Europa | 1 Picrate | 2026-06-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Dominios Europa PICRATE (aka TAL RateMyPic) 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id, (2) voteid, and (3) vfiel parameters to (a) index.php, and via the (4) nick, (5) email, (6) city, (7) messen, and (8) message form field parameters to (b) add.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-2986 | 1 Baby Katie Media | 2 Very Simple Car Lister, Very Simple Realty Lister | 2026-06-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Baby Katie Media (a) very Simple Car Lister (vSCAL) 1.0 and (b) very simple Realty Lister (vsREAL) 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) lid parameter in index.php and the (2) title parameter in myslideshow.php. | |||||
| CVE-2006-2985 | 1 Integramod | 1 Integramod | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in IntegraMOD 1.4.0 and earlier allows remote attackers to execute arbitrary SQL commands via double-encoded "'" characters in the STYLE_URL parameter. | |||||
| CVE-2006-2984 | 1 Integramod | 1 Integramod | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in IntegraMOD 1.4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the STYLE_URL parameter. NOTE: it is possible that this issue is resultant from SQL injection. | |||||
| CVE-2006-2983 | 1 Enterprise Payroll Systems | 1 Enterprise Payroll Systems | 2026-06-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in Enterprise Timesheet and Payroll Systems (EPS) 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the absolutepath parameter in cal.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-2982 | 1 Enterprise Payroll Systems | 1 Enterprise Payroll Systems | 2026-06-16 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Enterprise Timesheet and Payroll Systems (EPS) 1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the absolutepath parameter in (1) footer.php and (2) admin/footer.php. | |||||
| CVE-2006-2981 | 1 Arantius | 1 Vice Stats | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in vs_search.php in Arantius Vice Stats before 1.0.1 allows remote attackers to execute arbitrary SQL commands via unknown vectors, a different issue than CVE-2006-2972. | |||||
| CVE-2006-2980 | 1 Viart Ltd | 1 Viart Shop Free | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in block_forum_topic_new.php in ViArt Shop Free 2.5.5, and possibly other distributions including Light, Standard, and Enterprise, might allow remote attackers to execute arbitrary SQL commands via unknown vectors, probably involving the forum_id parameter. | |||||
| CVE-2006-2979 | 1 Viart | 1 Shop | 2026-06-16 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ViArt Shop Free 2.5.5, and possibly other distributions including Light, Standard, and Enterprise, allow remote attackers to inject arbitrary web script or HTML via the (1) forum_id parameter in forum.php, which is not properly handled in block_forum_topics.php, and (2) item_id parameter in reviews.php, which is not properly handled in block_reviews.php. | |||||
