Vulnerabilities (CVE)

Filtered by NVD-CWE-Other
Total 29911 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-2924 1 Ingate 2 Ingate Firewall, Ingate Siparator 2026-06-16 5.0 MEDIUM N/A
Ingate Firewall in the SIP module before 4.4.1 and SIParator before 4.4.1, when TLS is enabled or when SSL/TLS is enabled in the web server, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake.
CVE-2006-2922 1 Miraks 1 Miraksgalerie 2026-06-16 5.1 MEDIUM N/A
Multiple PHP remote file inclusion vulnerabilities in MiraksGalerie 2.62 allow remote attackers to execute arbitrary PHP code via a URL in the (1) g_pcltar_lib_dir parameter in (a) pcltar.lib.php when register_globals is enabled, and (2) listconfigfile[] parameter in (b) galsecurity.lib.php and (c) galimage.lib.php.
CVE-2006-2921 1 Cmpro Team 1 Clan Manager Pro 2026-06-16 5.1 MEDIUM N/A
PHP remote file inclusion vulnerability in cmpro_header.inc.php in Clan Manager Pro (CMPRO) 1.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the (1) cm_ext_server and (2) sitepath parameters.
CVE-2006-2919 1 Microsoft 1 Netmeeting 2026-06-16 7.8 HIGH N/A
Unspecified vulnerability in Microsoft NetMeeting 3.01 allows remote attackers to cause a denial of service (crash or CPU consumption) and possibly execute arbitrary code via crafted inputs that trigger memory corruption.
CVE-2006-2917 1 Qbik 1 Wingate 2026-06-16 5.5 MEDIUM N/A
Directory traversal vulnerability in the IMAP server in WinGate 6.1.2.1094 and 6.1.3.1096, and possibly other versions before 6.1.4 Build 1099, allows remote authenticated users to read email of other users, or perform unauthorized operations on directories, via the (1) CREATE, (2) SELECT, (3) DELETE, (4) RENAME, (5) COPY, (6) APPEND, and (7) LIST commands.
CVE-2006-2915 1 Deluxebb 1 Deluxebb 2026-06-16 5.1 MEDIUM N/A
Multiple SQL injection vulnerabilities in DeluxeBB 1.06 allow remote attackers to execute arbitrary SQL commands via the (1) hideemail, (2) languagex, (3) xthetimeoffset, and (4) xthetimeformat parameters during account registration.
CVE-2006-2914 1 Deluxebb 1 Deluxebb 2026-06-16 5.1 MEDIUM N/A
PHP remote file inclusion vulnerability in DeluxeBB 1.06 allows remote attackers to execute arbitrary code via a URL in the templatefolder parameter to (1) postreply.php, (2) posting.php, (3) and pm/newpm.php in the deluxe/ directory, and (4) postreply.php, (5) posting.php, and (6) pm/newpm.php in the default/ directory.
CVE-2006-2913 1 Out Of The Trees Web Design 1 Selectapix 2026-06-16 2.6 LOW N/A
Cross-site scripting (XSS) vulnerability in SelectaPix 1.31 allows remote attackers to inject arbitrary web script or HTML via the albumID parameter to (1) popup.php and (2) view_album.php.
CVE-2006-2912 1 Out Of The Trees Web Design 1 Selectapix 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in SelectaPix 1.31 allow remote attackers to execute arbitrary SQL commands via the (1) albumID parameter to (a) view_album.php or (b) index.php, (2) imageID parameter to (c) popup.php, or (3) username and (4) password parameters to (d) admin/member.php.
CVE-2006-2911 1 Hotwebscripts 1 Cms Mundo 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in controlpanel/index.php in CMS Mundo before 1.0 build 008 allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVE-2006-2910 1 Cowon America 1 Jetaudio 2026-06-16 5.1 MEDIUM N/A
Buffer overflow in jetAudio 6.2.6.8330 (Basic), and possibly other versions, allows user-assisted attackers to execute arbitrary code via an audio file (such as WMA) with long ID Tag values including (1) Title, (2) Author, and (3) Album, which triggers the overflow in the tooltip display string if the sound card driver is disabled or incorrectly installed.
CVE-2006-2909 1 Picozip 1 Picozip 2026-06-16 7.5 HIGH N/A
Stack-based buffer overflow in the info tip shell extension (zipinfo.dll) in PicoZip 4.01 allows remote attackers to execute arbitrary code via a long filename in an (1) ACE, (2) RAR, or (3) ZIP archive, which is triggered when the user moves the mouse over the archive.
CVE-2006-2908 1 Mybulletinboard 1 Mybulletinboard 2026-06-16 7.5 HIGH N/A
The domecode function in inc/functions_post.php in MyBulletinBoard (MyBB) 1.1.2, and possibly other versions, allows remote attackers to execute arbitrary PHP code via the username field, which is used in a preg_replace function call with a /e (executable) modifier.
CVE-2006-2906 1 Thomas Boutell 1 Graphics Draw Library 2026-06-16 5.4 MEDIUM N/A
The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas Boutell graphics draw (GD) library (aka libgd) 2.0.33 allows remote attackers to cause a denial of service (CPU consumption) via malformed GIF data that causes an infinite loop.
CVE-2006-2905 1 Particle Soft 1 Particle Links 2026-06-16 5.0 MEDIUM N/A
Partial Links 1.2.2 allows remote attackers to obtain sensitive information via a direct request to (1) page_footer.php and (2) page_header.php, which displays the path in an error message.
CVE-2006-2904 1 Particle Soft 1 Particle Links 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in index.php in Partial Links 1.2.2 allows remote attackers to execute arbitrary SQL commands via the topic parameter.
CVE-2006-2903 1 Particle Soft 1 Particle Links 2026-06-16 2.6 LOW N/A
Cross-site scripting (XSS) vulnerability in admin.php in Particle Links 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the username parameter.
CVE-2006-2902 1 Particle Soft 1 Particle Links 2026-06-16 5.0 MEDIUM N/A
Directory traversal vulnerability in Particle Links 1.2.2 might allow remote attackers to access arbitrary files via ".." sequences in an HTTP request. NOTE: it is not clear whether this issue is legitimate, as the original researcher seems unsure.
CVE-2006-2901 1 D-link 1 Dwl-2100ap 2026-06-16 5.0 MEDIUM N/A
The web server for D-Link Wireless Access-Point (DWL-2100ap) firmware 2.10na and earlier allows remote attackers to obtain sensitive system information via a request to an arbitrary .cfg file, which returns configuration information including passwords.
CVE-2006-2899 1 Estsoft 1 Internetdisk 2026-06-16 6.5 MEDIUM N/A
Unspecified vulnerability in ESTsoft InternetDISK versions before 2006/04/20 allows remote authenticated users to execute arbitrary code, possibly by uploading a file with multiple extensions into the WebLink directory.