Total
29911 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2834 | 1 Gnopaste | 1 Gnopaste | 2026-06-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/common.php in gnopaste 0.5.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter. | |||||
| CVE-2006-2833 | 1 Drupal | 1 Drupal | 2026-06-16 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the taxonomy module in Drupal 4.6.8 and 4.7.2 allows remote attackers to inject arbitrary web script or HTML via inputs that are not properly validated when the page title is output, possibly involving the $names variable. | |||||
| CVE-2006-2832 | 1 Drupal | 1 Drupal | 2026-06-16 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the upload module (upload.module) in Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2 allows remote attackers to inject arbitrary web script or HTML via the uploaded filename. | |||||
| CVE-2006-2831 | 1 Drupal | 1 Drupal | 2026-06-16 | 7.5 HIGH | N/A |
| Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743. | |||||
| CVE-2006-2830 | 1 Tibco | 3 Hawk, Rendezvous, Runtime Agent | 2026-06-16 | 7.5 HIGH | N/A |
| Buffer overflow in TIBCO Rendezvous before 7.5.1, TIBCO Runtime Agent (TRA) before 5.4, and Hawk before 4.6.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the HTTP administrative interface. | |||||
| CVE-2006-2829 | 1 Tibco | 3 Hawk, Hawk Monitoring Agent, Runtime Agent | 2026-06-16 | 6.8 MEDIUM | N/A |
| Buffer overflow in Hawk Monitoring Agent (HMA) for TIBCO Hawk before 4.6.1 and TIBCO Runtime Agent (TRA) before 5.4 allows authenticated users to execute arbitrary code via the configuration for tibhawkhma. | |||||
| CVE-2006-2828 | 1 Php-nuke | 1 Ev | 2026-06-16 | 6.4 MEDIUM | N/A |
| Global variable overwrite vulnerability in PHP-Nuke allows remote attackers to conduct remote PHP file inclusion attacks via a modified phpbb_root_path parameter to the admin scripts (1) index.php, (2) admin_ug_auth.php, (3) admin_board.php, (4) admin_disallow.php, (5) admin_forumauth.php, (6) admin_groups.php, (7) admin_ranks.php, (8) admin_styles.php, (9) admin_user_ban.php, (10) admin_words.php, (11) admin_avatar.php, (12) admin_db_utilities.php, (13) admin_forum_prune.php, (14) admin_forums.php, (15) admin_mass_email.php, (16) admin_smilies.php, (17) admin_ug_auth.php, and (18) admin_users.php, which overwrites $phpbb_root_path when the import_request_variables function is executed after $phpbb_root_path has been initialized to a static value. | |||||
| CVE-2006-2827 | 1 Qualiteam | 1 X-cart | 2026-06-16 | 6.4 MEDIUM | 9.8 CRITICAL |
| SQL injection vulnerability in search.php in X-Cart Gold and Pro 4.0.18, and X-Cart 4.1.0 beta 1, allows remote attackers to execute arbitrary SQL commands via the "Search for pattern" field, when the settings specify only "Search in Detailed description" and "Search also in ISBN." NOTE: the vendor disputed this issue in a comment on the original researcher's blog, saying "the bug does not impose any security threat and remote attackers can't add, modify, or delete information in the back-end database by sending specially-crafted SQL statements to the search.php script using various search parameters." As of 20060605, the original blog entry is unavailable, although ISS also reports the same dispute. CVE has not been able to investigate this issue further, although the researcher sometimes makes inaccurate claims | |||||
| CVE-2006-2826 | 1 Phplib Team | 1 Phplib | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in sessions.inc in PHP Base Library (PHPLib) before 7.4a allows remote attackers to execute arbitrary SQL commands via the id variable, which is set by a client through a query string or a cookie. | |||||
| CVE-2006-2825 | 1 Cpanel | 1 Cpanel | 2026-06-16 | 5.1 MEDIUM | N/A |
| cPanel does not automatically synchronize the PHP open_basedir configuration directive between the main server and virtual hosts that share physical directories, which might allow a local user to bypass open_basedir restrictions and access other virtual hosts via a PHP script that uses a main server URL (such as ~username) that is blocked by the user's own open_basedir directive, but not the main server's open_basedir directive. | |||||
| CVE-2006-2824 | 1 Logicalware | 1 Mailmanager | 2026-06-16 | 7.5 HIGH | N/A |
| Logicalware MailManager before 2.0.10 does not remove 0xc8 0x27 (0xc8 followed by a single-quote character) from the data stream to the server, which allows remote attackers to modify data and gain administrative access when PostgreSQL is used, aka "bug #1494281 - Postgres encoding security hole." NOTE: while this issue involves PostgreSQL, it is specific to MailManager's interface to PostgreSQL and is therefore a different vulnerability than CVE-2006-2313 and CVE-2006-2314. | |||||
| CVE-2006-2823 | 1 A.shopkart | 1 A.shopkart | 2026-06-16 | 5.0 MEDIUM | N/A |
| Katrien De Graeve a.shopKart 2.0 (aka ashopKart20) stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) admin/scart.mdb and possibly (2) admin/scart97.mdb. | |||||
| CVE-2006-2822 | 1 Xfairguy | 1 Codeavalanche Freeforum | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/default.asp in Dusan Drobac CodeAvalanche FreeForum (aka CAForum) 1.0 allows remote attackers to execute arbitrary SQL commands via the password parameter. | |||||
| CVE-2006-2821 | 1 Deltascripts | 1 Pro Publish | 2026-06-16 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in DeltaScripts Pro Publish allow remote attackers to inject arbitrary web script or HTML via the (1) artid parameter in art.php and the (2) catname parameter in cat.php. | |||||
| CVE-2006-2820 | 1 Hotwebscripts | 1 Weblog Oggi | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in HotWebScripts.com Weblog Oggi 1.0 allows remote attackers to inject arbitrary web script or HTML via a comment, possibly involving a javascript URI in the SRC attribute of an IMG element. | |||||
| CVE-2006-2819 | 1 Barnraiser | 1 Igloo | 2026-06-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in Wiki.php in Barnraiser Igloo 0.1.9 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the c_node[class_path] parameter. | |||||
| CVE-2006-2818 | 1 Cameron Mckay | 1 Informium | 2026-06-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in common-menu.php in Cameron McKay Informium 0.12.0 allows remote attackers to execute arbitrary PHP code via a URL in the CONF[local_path] parameter. | |||||
| CVE-2006-2817 | 1 Tekno.portal | 1 Tekno.portal | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in bolum.php in tekno.Portal allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-2814 | 1 Ishopcart | 1 Ishopcart | 2026-06-16 | 7.5 HIGH | N/A |
| Multiple buffer overflows in the (1) vGetPost and (2) main functions in easy-scart.c through easy-scart6.c in iShopCart allow remote attackers to execute arbitrary code by sending a large amount of data containing "Submit" in an sslinvoice action, and allow remote attackers to have an unknown impact via a large amount of posted data. | |||||
| CVE-2006-2813 | 1 Ishopcart | 1 Ishopcart | 2026-06-16 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in easy-scart.cgi in iShopCart allows remote attackers to read arbitrary files via a .. (dot dot) in the query string. | |||||
