Total
29911 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2897 | 1 Funkboard | 1 Funkboard | 2026-06-16 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in FunkBoard 0.71 allows remote attackers to inject arbitrary HTML or web script via unspecified vectors. | |||||
| CVE-2006-2896 | 1 Funkboard | 1 Funkboard | 2026-06-16 | 5.0 MEDIUM | N/A |
| profile.php in FunkBoard CF0.71 allows remote attackers to change arbitrary passwords via a modified uid hidden form field in an Edit Profile action. | |||||
| CVE-2006-2895 | 1 Mediawiki | 1 Mediawiki | 2026-06-16 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in MediaWiki 1.6.0 up to versions before 1.6.7 allows remote attackers to inject arbitrary HTML and web script via the edit form. | |||||
| CVE-2006-2893 | 1 Gantty | 1 Gantty | 2026-06-16 | 5.0 MEDIUM | N/A |
| index.php in GANTTy 1.0.3 allows remote attackers to obtain the full path of the web server via an invalid lang parameter in an authenticate action. | |||||
| CVE-2006-2892 | 1 Gantty | 1 Gantty | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in GANTTy 1.0.3 allows remote attackers to inject arbitrary HTML and web script via the message parameter in a login action. | |||||
| CVE-2006-2891 | 1 Pixelpost | 1 Pixelpost | 2026-06-16 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in admin/index.php for Pixelpost 1-5rc1-2 and earlier allows remote attackers to inject arbitrary HTML or web script via the loginmessage parameter. | |||||
| CVE-2006-2890 | 1 Pixelpost | 1 Pixelpost | 2026-06-16 | 5.1 MEDIUM | N/A |
| Pixelpost 1-5rc1-2 and earlier, when register_globals is enabled, allows remote attackers to gain administrator privileges and conduct other attacks by setting the _SESSION["pixelpost_admin"] parameter to 1 in calls to admin scripts such as admin/view_info.php. | |||||
| CVE-2006-2889 | 1 Pixelpost | 1 Pixelpost | 2026-06-16 | 5.1 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in index.php in Pixelpost 1-5rc1-2 and earlier allow remote attackers to execute arbitrary SQL commands, and leverage them to gain administrator privileges, via the (1) category or (2) archivedate parameter. | |||||
| CVE-2006-2888 | 1 Wikiwig | 1 Wikiwig | 2026-06-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in _wk/wk_lang.php in Wikiwig 4.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the WK[wkPath] parameter. | |||||
| CVE-2006-2887 | 1 Aspburst | 1 Mynewsletter | 2026-06-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in myNewsletter 1.1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the UserName parameter in (1) validatelogin.asp or (2) adminlogin.asp. | |||||
| CVE-2006-2886 | 1 Jam Warehouse | 1 Knowledgetree Open Source | 2026-06-16 | 4.3 MEDIUM | N/A |
| view.php in KnowledgeTree Open Source 3.0.3 and earlier allows remote attackers to obtain the full installation path via a crafted fDocumentId parameter, which displays the path in the resulting error message. NOTE: this might be resultant from another vulnerability, since this vector also produces XSS. | |||||
| CVE-2006-2885 | 1 Knowledgetree | 1 Knowledgetree | 2026-06-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in KnowledgeTree Open Source 3.0.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) fDocumentId parameter in view.php and the (2) fSearchableText parameter in /search/simpleSearch.php. | |||||
| CVE-2006-2884 | 1 Kke Info Media | 1 Kmita Faq | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Kmita FAQ 1.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||||
| CVE-2006-2883 | 1 Kke Info Media | 1 Kmita Faq | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in Kmita FAQ 1.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter. | |||||
| CVE-2006-2882 | 1 Aspscriptz | 1 Aspscriptz Guest Book | 2026-06-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities submit.asp in ASPScriptz Guest Book 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) GBOOK_UNAME, (2) GBOOK_EMAIL, (3) GBOOK_CITY, (4) GBOOK_COU, (5) GBOOK_WWW, and (6) GBOOK_MESS form fields. | |||||
| CVE-2006-2881 | 1 Dreamcost | 1 Dreamaccount | 2026-06-16 | 5.1 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in DreamAccount 3.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the da_path parameter in the (1) auth.cookie.inc.php, (2) auth.header.inc.php, or (3) auth.sessions.inc.php scripts. | |||||
| CVE-2006-2880 | 1 Pyblosxom | 1 Pyblosxom | 2026-06-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Contributed Packages for PyBlosxom 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the Comments plugin in the (1) url and (2) author fields. | |||||
| CVE-2006-2879 | 1 Alex | 1 News-engine | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in newscomments.php in Alex News-Engine 1.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via the newsid parameter. | |||||
| CVE-2006-2878 | 1 Andreas Gohr | 1 Dokuwiki | 2026-06-16 | 7.5 HIGH | N/A |
| The spellchecker (spellcheck.php) in DokuWiki 2006/06/04 and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" that is inserted into a regular expression that is processed by preg_replace with the /e (executable) modifier. | |||||
| CVE-2006-2877 | 1 Sangwan Kim | 1 Bookmark4u | 2026-06-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in Bookmark4U 2.0.0 and earlier allows remote attackers to include arbitrary PHP files via the include_prefix parameter in (1) inc/dbase.php, (2) inc/config.php, (3) inc/common.php, and (4) inc/function.php. NOTE: it has been reported that the inc directory is protected by a .htaccess file, so this issue only applies in certain environments or configurations. | |||||
