Vulnerabilities (CVE)

Filtered by NVD-CWE-Other
Total 29911 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-2978 1 Mafia Moblog 1 Mafia Moblog 2026-06-16 5.0 MEDIUM N/A
Mafia Moblog 0.6M1 and earlier allows remote attackers to obtain the installation path in an error message via a direct request to (1) big.php and (2) upgrade.php.
CVE-2006-2976 1 Coppermine 1 Coppermine Photo Gallery 2026-06-16 7.5 HIGH N/A
Unspecified vulnerability in usermgr.php in Coppermine Photo Gallery before 1.4.7 has unknown impact and remote attack vectors, possibly related to authorization/authentication errors.
CVE-2006-2975 1 Pbl Guestbook 1 Pbl Guestbook 2026-06-16 2.6 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in pblguestbook.php in PBL Guestbook 1.31 allow remote attackers to inject arbitrary web script or HTML via javascript in the SRC attribute of IMG tags in the (1) name, (2) email, and (3) website parameter, which bypasses XSS protection mechanisms that check for SCRIPT tags but not IMG. NOTE: portions of this description's details are obtained from third party information.
CVE-2006-2974 1 Emailarchitect 1 Email Server 2026-06-16 2.6 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in EmailArchitect Email Server 6.1.0.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) errCode and (2) uid parameter in (a) default.asp and (3) dname parameter in (b) /admin/dns.asp and (c) /additional/regdomain_done.asp.
CVE-2006-2972 1 Arantius 1 Vice Stats 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in vs_resource.php in Arantius Vice Stats 0.5b and 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
CVE-2006-2971 1 Overkill 1 Overkill 2026-06-16 5.0 MEDIUM N/A
Integer overflow in the recv_packet function in 0verkill 0.16 allows remote attackers to cause a denial of service (daemon crash) via a UDP packet with fewer than 12 bytes, which results in a long length value to the crc32 function.
CVE-2006-2970 1 L0j1k 1 Tinymuw 2026-06-16 5.0 MEDIUM N/A
videoPage.php in L0j1k tinyMuw 0.1.0 allows remote attackers to obtain sensitive information via a certain id parameter, probably with an invalid value, which reveals the path in an error message.
CVE-2006-2969 1 L0j1k 1 Tinymuw 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in L0j1k tinyMuw 0.1.0 allow remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element in the input box in quickchat.php, and possibly other manipulations.
CVE-2006-2968 1 Php Labware 1 Labwiki 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in search.php in PHP Labware LabWiki 1.0 allows remote attackers to inject arbitrary web script or HTML via the search input box (query parameter).
CVE-2006-2967 1 Syworks 1 Safenet 2026-06-16 2.1 LOW N/A
Syworks SafeNET allows local users to bypass restrictions on network resource consumption by editing the policy.dat file.
CVE-2006-2966 1 Particle Soft 1 Particle Wiki 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Particle Soft Particle Wiki 1.0.2 allows remote attackers to inject arbitrary web script or HTML via a BR element with an extraneous IMG tag and a STYLE attribute that contains "/**/" comment sequences, which bypasses the XSS protection scheme.
CVE-2006-2965 1 Particle Soft 1 Particle Whois 2026-06-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Particle Soft Particle Whois 1.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) the target parameter in index.php and (2) the "input box."
CVE-2006-2964 1 Xtreme Scripts 1 Download Manager 2026-06-16 7.5 HIGH N/A
Multiple PHP remote file inclusion vulnerabilities in Xtreme Scripts Download Manager (aka Xtreme Downloads) 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter in (1) download.php, (2) manager.php, (3) admin/scripts/category.php, (4) includes/add_allow.php, (5) admin/index.php, and (6) admin/admin/login.php.
CVE-2006-2963 1 It-direkt 1 Cabacos Web Cms 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Suchergebnisse.asp in Cabacos Web CMS 3.8.498 and earlier allows remote attackers to inject arbitrary web script or HTML via the suchtext parameter.
CVE-2006-2962 1 Oxfam Australia 1 Emergencies Personnel Information System 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in sql_fcnsOLD.php in Emergenices Personnel Information System (Empris) 20020923 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phormationdir parameter.
CVE-2006-2961 1 Aclogic 1 Cesarftp 2026-06-16 7.5 HIGH N/A
Stack-based buffer overflow in CesarFTP 0.99g and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long MKD command. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-2960 1 Joomla 1 Joomla 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in includes/joomla.php in Joomla! 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the includepath parameter.
CVE-2006-2959 1 Snitz Communications 1 Snitz Forums 2000 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in inc_header.asp in Snitz Forum 3.4.05 and earlier allows remote attackers to execute arbitrary SQL commands via the %strCookieURL%.GROUP parameter in a cookie.
CVE-2006-2958 1 Filzip 1 Filzip 2026-06-16 2.6 LOW N/A
Directory traversal vulnerability in FilZip 3.05 allows remote attackers to write arbitrary files via a .. (dot dot) in a (1) .rar, (2) .tar, (3) .jar, or (4) .gz file. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-2957 1 Skoom 1 I.list 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in i.List 1.5 beta and earlier allows remote attackers to inject arbitrary web script or HTML via the banurl parameter to add.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.