Total
29911 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2812 | 1 Dominios Europa | 1 Picrate | 2026-06-16 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in Dominios Europa PICRATE (aka TAL RateMyPic) 1.0 allow remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element in the (1) name (aka nick), (2) email, and (3) comment boxes; and via the (4) id parameter. | |||||
| CVE-2006-2811 | 1 Cantico | 1 Ovidentia | 2026-06-16 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Cantico Ovidentia 5.8.0 allow remote attackers to execute arbitrary PHP code via a URL in the babInstallPath parameter in (1) index.php, (2) topman.php, (3) approb.php, (4) vacadmb.php, (5) vacadma.php, (6) vacadm.php, (7) statart.php, (8) search.php, (9) posts.php, (10) options.php, (11) login.php, (12) frchart.php, (13) flbchart.php, (14) fileman.php, (15) faq.php, (16) event.php, (17) directory.php, (18) articles.php, (19) artedit.php, (20) calday.php, and additional unspecified PHP scripts. NOTE: the utilit.php vector is already covered by CVE-2005-1964. | |||||
| CVE-2006-2810 | 1 Belchior Foundry | 1 Vcard | 2026-06-16 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Belchior Foundry vCard 2.9 allow remote attackers to inject arbitrary web script or HTML via the page parameter in (1) toprated.php and (2) newcards.php. NOTE: the card_id vector is already covered by CVE-2006-1230. | |||||
| CVE-2006-2809 | 1 Ar-blog | 1 Ar-blog | 2026-06-16 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in ar-blog 5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) count parameter, and possibly the (2) next, (3) Year_the_news, and (4) mo parameters. NOTE: the year and month vectors are already covered by CVE-2006-0333. | |||||
| CVE-2006-2808 | 1 Lycos | 1 Htmlgear Guestgear | 2026-06-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Lycos Tripod htmlGEAR guestGEAR (aka Guest Gear) allows remote attackers to inject arbitrary web script or HTML via a guestbook post containing a javascript URI in the SRC attribute of the BR element after an extra "iframe" tagname within that element, followed by a double ">", which might bypass cleansing operations. | |||||
| CVE-2006-2807 | 1 Aspwebsoft | 1 Speedy Asp Discussion Forum | 2026-06-16 | 10.0 HIGH | N/A |
| ASPwebSoft Speedy Asp Discussion Forum allows remote attackers to change the password of any account via a modified account id and possibly arbitrary values of the name, email, country, password, and passwordre parameters to profileupdate.asp. | |||||
| CVE-2006-2806 | 1 Apache | 1 James | 2026-06-16 | 7.8 HIGH | N/A |
| The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command. | |||||
| CVE-2006-2805 | 1 Jelsoft | 1 Vbulletin | 2026-06-16 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in VBulletin 3.0.10 allows remote attackers to execute arbitrary SQL commands via the featureid parameter. | |||||
| CVE-2006-2804 | 1 Goss | 1 Icm | 2026-06-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.cfm in Goss Intelligent Content Management (iCM) 7.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party sources. | |||||
| CVE-2006-2802 | 1 Xine | 2 Gxine, Xine-lib | 2026-06-16 | 5.0 MEDIUM | N/A |
| Buffer overflow in the HTTP Plugin (xineplug_inp_http.so) for xine-lib 1.1.1 allows remote attackers to cause a denial of service (application crash) via a long reply from an HTTP server, as demonstrated using gxine 0.5.6. | |||||
| CVE-2006-2801 | 1 Unak | 1 Unak Cms | 2026-06-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Unak CMS 1.5 RC2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) u_a or (2) u_s parameters. | |||||
| CVE-2006-2799 | 1 Toenda Software Development | 1 Toendacms | 2026-06-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in content_footer.php in toendaCMS 0.7.0 allows remote attackers to inject arbitrary web scripts or HTML via the print_url variable. NOTE: the provenance of this information is unknown; the details are obtained solely from third party sources. | |||||
| CVE-2006-2798 | 1 Phpcommunitycalendar | 1 Phpcommunitycalendar | 2026-06-16 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpCommunityCalendar 4.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) LoName parameter in (a) week.php and (b) month.php and (2) AddressLink parameter in (c) event.php. | |||||
| CVE-2006-2797 | 1 Phpcommunitycalendar | 1 Phpcommunitycalendar | 2026-06-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in phpCommunityCalendar 4.0.3 allow remote attackers to execute arbitrary SQL commands via the (1) CalendarDetailsID parameter in (a) month.php, (b) day.php, and (c) delCalendar.php; (2) ID parameter in (d) event.php; (3) AdminUserID parameter in (e) delAdmin.php; (4) EventLocationID parameter in (f) delAddress.php; and (5) LocationID parameter in (g) delCategory.php. | |||||
| CVE-2006-2795 | 1 Xiti | 1 Xiti Tracking Script | 2026-06-16 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in XiTi Tracking Script 6 and 7 RC allow remote attackers to inject arbitrary web script or HTML via (1) the xtref parameter in xiti.js and (2) an HTTP Referer header field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-2794 | 1 Aspsitem | 1 Aspsitem | 2026-06-16 | 7.8 HIGH | N/A |
| Hesabim.asp in ASPSitem 2.0 and earlier allows remote attackers to read private messages of other users via a modified id parameter. | |||||
| CVE-2006-2793 | 1 Aspsitem | 1 Aspsitem | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Anket.asp in ASPSitem 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the hid parameter. | |||||
| CVE-2006-2792 | 1 Woltlab | 1 Burning Board | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in misc.php in Woltlab Burning Board (WBB) 2.3.4 allows remote attackers to execute arbitrary SQL commands via the sid parameter. | |||||
| CVE-2006-2791 | 1 Net Art Media | 1 Iboutique.mall | 2026-06-16 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in iBoutique.MALL and possibly iBoutique allows remote attackers to read arbitrary files via ".." sequences in the function parameter. | |||||
| CVE-2006-2790 | 1 Sun | 1 Storage Automated Diagnostic Environment | 2026-06-16 | 7.2 HIGH | N/A |
| A package component in Sun Storage Automated Diagnostic Environment (StorADE) 2.4 uses world-writable permissions for certain critical files and directories, which allows local users to gain privileges. | |||||
