Vulnerabilities (CVE)

Filtered by NVD-CWE-Other
Total 29911 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-2956 1 Skoom 1 I.list 2026-06-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in i.List 1.5 beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) searchword parameter to search.php or (2) siteurl parameter to add.php.
CVE-2006-2955 1 Kaphotoservice 1 Kaphotoservice 2026-06-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in KAPhotoservice 7.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) New Category (newcategory) or (2) apage parameter to (a) edtalbum.asp, or the (3) cat or (4) albumid parameter to (b) album.asp.
CVE-2006-2954 1 Primoris Software 1 Officeflow 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in files.asp in OfficeFlow 2.6 and earlier allows remote attackers to execute arbitrary SQL commands via the Project parameter.
CVE-2006-2953 1 Primoris Software 1 Officeflow 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in default.asp in OfficeFlow 2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the sqlType parameter.
CVE-2006-2952 1 Net Portal Dynamic System 1 Net Portal Dynamic System 2026-06-16 5.0 MEDIUM N/A
Directory traversal vulnerability in Net Portal Dynamic System (NPDS) 5.10 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) sequence and trailing null (%00) byte in the (1) Default_Theme parameter to header.php or (2) ModPath parameter to modules/cluster-paradise/cluster-E.php.
CVE-2006-2949 1 Mybulletinboard 1 Mybulletinboard 2026-06-16 6.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in private.php in MyBB 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the do parameter.
CVE-2006-2948 1 Alan Ward 1 A-cart 2026-06-16 5.0 MEDIUM N/A
A-CART 2.0 stores the acart2_0.mdb file under the web document root with insufficient access control, which allows remote attackers to obtain username and password information.
CVE-2006-2947 1 Dmx Forum 1 Dmx Forum 2026-06-16 5.0 MEDIUM N/A
Dmx Forum 2.1a allows remote attackers to obtain username and password information via a direct request to pops/edit.php with a modified membre parameter.
CVE-2006-2946 1 Dmx Forum 1 Dmx Forum 2026-06-16 5.0 MEDIUM N/A
Dmx Forum 2.1a stores _includes/bd.inc under the web root with insufficient access control, which allows remote attackers to obtain database username and password information.
CVE-2006-2944 1 Cgi-rescue 1 Form2mail 2026-06-16 5.0 MEDIUM N/A
Unspecified vulnerability in CGI-RESCUE FORM2MAIL 1.21 and earlier allows remote attackers to inject email headers, which facilitates sending spam messages. NOTE: the details for this issue are obtained from third party information.
CVE-2006-2943 1 Cgi-rescue 1 Webform 2026-06-16 7.5 HIGH N/A
Unspecified vulnerability in CGI-RESCUE WebFORM 4.1 and earlier allows remote attackers to inject email headers, which facilitates sending spam messages. NOTE: the details for this issue are obtained from third party information.
CVE-2006-2942 1 Twiki 1 Twiki 2026-06-16 5.1 MEDIUM N/A
TWiki 4.0.0, 4.0.1, and 4.0.2 allows remote attackers to gain Twiki administrator privileges via a TWiki.TWikiRegistration form with a modified action attribute that references the Sandbox web instead of the user web, which can then be used to associate the user's login name with the WikiName of a member of the TWikiAdminGroup.
CVE-2006-2933 2 Kde, Redhat 3 Kde, Enterprise Linux, Enterprise Linux Desktop 2026-06-16 4.6 MEDIUM N/A
kdesktop_lock in kdebase before 3.1.3-5.11 for KDE in Red Hat Enterprise Linux (RHEL) 3 does not properly terminate, which can prevent the screensaver from activating or prevent users from manually locking the desktop.
CVE-2006-2931 1 Hotwebscripts 1 Cms Mundo 2026-06-16 5.1 MEDIUM N/A
CMS Mundo before 1.0 build 008 does not properly verify uploaded image files, which allows remote attackers to execute arbitrary PHP code by uploading and later directly accessing certain files.
CVE-2006-2930 1 Sun 2 Grid Engine, N1 Grid Engine 2026-06-16 4.6 MEDIUM N/A
Unspecified vulnerability in Sun Grid Engine 5.3 and Sun N1 Grid Engine 6.0, when configured in Certificate Security Protocol (CSP) Mode, allows local users to shut down the grid service or gain access, even if access is denied.
CVE-2006-2929 1 Openemr 1 Openemr 2026-06-16 6.8 MEDIUM N/A
PHP remote file inclusion vulnerability in contrib/forms/evaluation/C_FormEvaluation.class.php in OpenEMR 2.8.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[fileroot] parameter.
CVE-2006-2928 1 Cms-bandits 1 Cms-bandits 2026-06-16 5.1 MEDIUM N/A
Multiple PHP remote file inclusion vulnerabilities in CMS-Bandits 2.5 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter in (1) dialogs/img.php and (2) dialogs/td.php.
CVE-2006-2927 1 Xfairguy 1 Codeavalanche Freeforum 2026-06-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in post.asp in CodeAvalanche FreeForum (aka CAForum) 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) msg_subject and (2) msg_body parameters. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-2926 1 Qbik 1 Wingate 2026-06-16 7.5 HIGH N/A
Stack-based buffer overflow in the WWW Proxy Server of Qbik WinGate 6.1.1.1077 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long URL HTTP request.
CVE-2006-2925 1 Ingate 2 Ingate Firewall, Siparator 2026-06-16 4.0 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the web interface in Ingate Firewall before 4.4.1 and SIParator before 4.4.1 allows remote attackers to inject arbitrary web script or HTML, and steal cookies, via unspecified vectors related to "XSS exploits" in administrator functionality.