Total
29911 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2924 | 1 Ingate | 2 Ingate Firewall, Ingate Siparator | 2026-06-16 | 5.0 MEDIUM | N/A |
| Ingate Firewall in the SIP module before 4.4.1 and SIParator before 4.4.1, when TLS is enabled or when SSL/TLS is enabled in the web server, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake. | |||||
| CVE-2006-2922 | 1 Miraks | 1 Miraksgalerie | 2026-06-16 | 5.1 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in MiraksGalerie 2.62 allow remote attackers to execute arbitrary PHP code via a URL in the (1) g_pcltar_lib_dir parameter in (a) pcltar.lib.php when register_globals is enabled, and (2) listconfigfile[] parameter in (b) galsecurity.lib.php and (c) galimage.lib.php. | |||||
| CVE-2006-2921 | 1 Cmpro Team | 1 Clan Manager Pro | 2026-06-16 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in cmpro_header.inc.php in Clan Manager Pro (CMPRO) 1.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the (1) cm_ext_server and (2) sitepath parameters. | |||||
| CVE-2006-2919 | 1 Microsoft | 1 Netmeeting | 2026-06-16 | 7.8 HIGH | N/A |
| Unspecified vulnerability in Microsoft NetMeeting 3.01 allows remote attackers to cause a denial of service (crash or CPU consumption) and possibly execute arbitrary code via crafted inputs that trigger memory corruption. | |||||
| CVE-2006-2917 | 1 Qbik | 1 Wingate | 2026-06-16 | 5.5 MEDIUM | N/A |
| Directory traversal vulnerability in the IMAP server in WinGate 6.1.2.1094 and 6.1.3.1096, and possibly other versions before 6.1.4 Build 1099, allows remote authenticated users to read email of other users, or perform unauthorized operations on directories, via the (1) CREATE, (2) SELECT, (3) DELETE, (4) RENAME, (5) COPY, (6) APPEND, and (7) LIST commands. | |||||
| CVE-2006-2915 | 1 Deluxebb | 1 Deluxebb | 2026-06-16 | 5.1 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in DeluxeBB 1.06 allow remote attackers to execute arbitrary SQL commands via the (1) hideemail, (2) languagex, (3) xthetimeoffset, and (4) xthetimeformat parameters during account registration. | |||||
| CVE-2006-2914 | 1 Deluxebb | 1 Deluxebb | 2026-06-16 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in DeluxeBB 1.06 allows remote attackers to execute arbitrary code via a URL in the templatefolder parameter to (1) postreply.php, (2) posting.php, (3) and pm/newpm.php in the deluxe/ directory, and (4) postreply.php, (5) posting.php, and (6) pm/newpm.php in the default/ directory. | |||||
| CVE-2006-2913 | 1 Out Of The Trees Web Design | 1 Selectapix | 2026-06-16 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in SelectaPix 1.31 allows remote attackers to inject arbitrary web script or HTML via the albumID parameter to (1) popup.php and (2) view_album.php. | |||||
| CVE-2006-2912 | 1 Out Of The Trees Web Design | 1 Selectapix | 2026-06-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in SelectaPix 1.31 allow remote attackers to execute arbitrary SQL commands via the (1) albumID parameter to (a) view_album.php or (b) index.php, (2) imageID parameter to (c) popup.php, or (3) username and (4) password parameters to (d) admin/member.php. | |||||
| CVE-2006-2911 | 1 Hotwebscripts | 1 Cms Mundo | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in controlpanel/index.php in CMS Mundo before 1.0 build 008 allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2006-2910 | 1 Cowon America | 1 Jetaudio | 2026-06-16 | 5.1 MEDIUM | N/A |
| Buffer overflow in jetAudio 6.2.6.8330 (Basic), and possibly other versions, allows user-assisted attackers to execute arbitrary code via an audio file (such as WMA) with long ID Tag values including (1) Title, (2) Author, and (3) Album, which triggers the overflow in the tooltip display string if the sound card driver is disabled or incorrectly installed. | |||||
| CVE-2006-2909 | 1 Picozip | 1 Picozip | 2026-06-16 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the info tip shell extension (zipinfo.dll) in PicoZip 4.01 allows remote attackers to execute arbitrary code via a long filename in an (1) ACE, (2) RAR, or (3) ZIP archive, which is triggered when the user moves the mouse over the archive. | |||||
| CVE-2006-2908 | 1 Mybulletinboard | 1 Mybulletinboard | 2026-06-16 | 7.5 HIGH | N/A |
| The domecode function in inc/functions_post.php in MyBulletinBoard (MyBB) 1.1.2, and possibly other versions, allows remote attackers to execute arbitrary PHP code via the username field, which is used in a preg_replace function call with a /e (executable) modifier. | |||||
| CVE-2006-2906 | 1 Thomas Boutell | 1 Graphics Draw Library | 2026-06-16 | 5.4 MEDIUM | N/A |
| The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas Boutell graphics draw (GD) library (aka libgd) 2.0.33 allows remote attackers to cause a denial of service (CPU consumption) via malformed GIF data that causes an infinite loop. | |||||
| CVE-2006-2905 | 1 Particle Soft | 1 Particle Links | 2026-06-16 | 5.0 MEDIUM | N/A |
| Partial Links 1.2.2 allows remote attackers to obtain sensitive information via a direct request to (1) page_footer.php and (2) page_header.php, which displays the path in an error message. | |||||
| CVE-2006-2904 | 1 Particle Soft | 1 Particle Links | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Partial Links 1.2.2 allows remote attackers to execute arbitrary SQL commands via the topic parameter. | |||||
| CVE-2006-2903 | 1 Particle Soft | 1 Particle Links | 2026-06-16 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in admin.php in Particle Links 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the username parameter. | |||||
| CVE-2006-2902 | 1 Particle Soft | 1 Particle Links | 2026-06-16 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Particle Links 1.2.2 might allow remote attackers to access arbitrary files via ".." sequences in an HTTP request. NOTE: it is not clear whether this issue is legitimate, as the original researcher seems unsure. | |||||
| CVE-2006-2901 | 1 D-link | 1 Dwl-2100ap | 2026-06-16 | 5.0 MEDIUM | N/A |
| The web server for D-Link Wireless Access-Point (DWL-2100ap) firmware 2.10na and earlier allows remote attackers to obtain sensitive system information via a request to an arbitrary .cfg file, which returns configuration information including passwords. | |||||
| CVE-2006-2899 | 1 Estsoft | 1 Internetdisk | 2026-06-16 | 6.5 MEDIUM | N/A |
| Unspecified vulnerability in ESTsoft InternetDISK versions before 2006/04/20 allows remote authenticated users to execute arbitrary code, possibly by uploading a file with multiple extensions into the WebLink directory. | |||||
