Vulnerabilities (CVE)

Filtered by NVD-CWE-Other
Total 29911 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-2855 1 Xuebook 1 Xuebook 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in index.php in xueBook 1.0 allows remote attackers to execute arbitrary SQL commands via the start parameter.
CVE-2006-2854 1 Ibwd 1 Ibwd Guestbook 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in index.php in iBWd Guestbook 1.0 allows remote attackers to execute arbitrary SQL commands via the offset parameter.
CVE-2006-2853 1 Abarcar 1 Abarcar Realty Portal 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in content.php in abarcar Realty Portal 5.1.5 allows remote attackers to execute arbitrary SQL commands via the cat parameter.
CVE-2006-2851 1 Dotproject 1 Dotproject 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.php in dotProject 2.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, which are not properly handled when the client is using Internet Explorer.
CVE-2006-2850 1 Php Labware 1 Labwiki 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in recentchanges.php in PHP Labware LabWiki 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the help parameter.
CVE-2006-2849 1 Andrew Godwin 1 Bytehoard 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in includes/webdav/server.php in Bytehoard 2.1 Epsilon/Delta allows remote attackers to execute arbitrary PHP code via a URL in the bhconfig[bhfilepath] parameter.
CVE-2006-2848 1 Full Revolution 1 Aspweblinks 2026-06-16 5.0 MEDIUM N/A
links.asp in aspWebLinks 2.0 allows remote attackers to change the administrative password, possibly via a direct request with a modified txtAdministrativePassword field.
CVE-2006-2847 1 Full Revolution 1 Aspweblinks 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in links.asp in aspWebLinks 2.0 allows remote attackers to execute arbitrary SQL commands via the linkID parameter.
CVE-2006-2846 1 Visiongate 1 Visiongate Portal System 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Print.PHP in VisionGate Portal System allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-2845 1 Redaxo 1 Redaxo 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in Redaxo 3.0 up to 3.2 allows remote attackers to execute arbitrary PHP code via a URL in the REX[INCLUDE_PATH] parameter to image_resize/pages/index.inc.php.
CVE-2006-2844 1 Redaxo 1 Redaxo 2026-06-16 7.5 HIGH N/A
Multiple PHP remote file inclusion vulnerabilities in Redaxo 3.0 allow remote attackers to execute arbitrary PHP code via a URL in the REX[INCLUDE_PATH] parameter to (1) simple_user/pages/index.inc.php and (2) stats/pages/index.inc.php.
CVE-2006-2843 1 Redaxo 1 Redaxo 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in Redaxo 2.7.4 allows remote attackers to execute arbitrary PHP code via a URL in the (1) REX[INCLUDE_PATH] parameter in (a) addons/import_export/pages/index.inc.php and (b) pages/community.inc.php.
CVE-2006-2842 1 Squirrelmail 1 Squirrelmail 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in functions/plugin.php in SquirrelMail 1.4.6 and earlier, if register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter. NOTE: this issue has been disputed by third parties, who state that Squirrelmail provides prominent warnings to the administrator when register_globals is enabled. Since the varieties of administrator negligence are uncountable, perhaps this type of issue should not be included in CVE. However, the original developer has posted a security advisory, so there might be relevant real-world environments under which this vulnerability is applicable
CVE-2006-2841 1 Associated 1 Associated Cms 2026-06-16 7.5 HIGH N/A
Multiple PHP remote file inclusion vulnerabilities in AssoCIateD (aka ACID) CMS 1.1.3 allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) menu.php, (2) profile.php, (3) users.php, (4) cache_mngt.php, and (5) gallery_functions.php.
CVE-2006-2840 1 Pmwiki 1 Pmwiki 2026-06-16 6.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in (1) uploads.php and (2) "url links" in PmWiki 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
CVE-2006-2839 1 Webwork 1 Webwork 2026-06-16 6.4 MEDIUM N/A
Directory traversal vulnerability in PG Problem Editor module (PGProblemEditor.pm) in WeBWorK Online Homework Delivery System 2.2.0 and earlier allows remote attackers to read and write files outside of the templates directory.
CVE-2006-2838 1 F-secure 2 F-secure Anti-virus, Internet Gatekeeper 2026-06-16 7.6 HIGH N/A
Buffer overflow in the web console in F-Secure Anti-Virus for Microsoft Exchange 6.40, and Internet Gatekeeper 6.40 through 6.42 and 6.50 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors. NOTE: By default, the connections are only allowed from the local host.
CVE-2006-2837 1 Techno Dreams 1 Techno Dreams Guest Book 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Techno Dreams Guest Book allows remote attackers to inject arbitrary web script or HTML via certain comment fields in the "Sign Our GuestBook" page, probably the x_Comments parameter to guestbookadd.asp.
CVE-2006-2836 1 Pineapple Technologies 1 Lore 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in comment.php in Pineapple Technologies Lore 1.5.6 and earlier allows remote attackers to execute arbitrary SQL commands via the article_id parameter.
CVE-2006-2835 1 Arabless 1 Saphplesson 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in saphplesson 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) forumid parameter in add.php and (2) lessid parameter in show.php.