Total
29911 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2757 | 1 Chipmunk Scripts | 1 Chipmunk Guestbook | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Chipmunk guestbook allows remote attackers to inject arbitrary web script or HTML via the (1) start parameter in (a) index.php; (2) forumID parameter in index.php, (b) newtopic.php, and (c) reply.php; and (3) ID parameter to (d) edit.php. | |||||
| CVE-2006-2756 | 1 Eitsop | 1 My Web Server | 2026-06-16 | 5.0 MEDIUM | N/A |
| Eitsop My Web Server 1.0 allows remote attackers to cause a denial of service (application crash) via a long GET request. NOTE: CVE analysis suggests that this is a different product, and therefore a different vulnerability, than CVE-2002-1897. | |||||
| CVE-2006-2755 | 1 Ubbcentral | 1 Ubb.threads | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in UBBThreads 5.x and earlier allows remote attackers to inject arbitrary web script or HTML via the debug parameter, as demonstrated by stealing MD5 hashes of passwords. | |||||
| CVE-2006-2754 | 1 Openldap | 1 Openldap | 2026-06-16 | 5.0 MEDIUM | N/A |
| Stack-based buffer overflow in st.c in slurpd for OpenLDAP before 2.3.22 might allow attackers to execute arbitrary code via a long hostname. | |||||
| CVE-2006-2753 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in MySQL 4.1.x before 4.1.20 and 5.0.x before 5.0.22 allows context-dependent attackers to execute arbitrary SQL commands via crafted multibyte encodings in character sets such as SJIS, BIG5, and GBK, which are not properly handled when the mysql_real_escape function is used to escape the input. | |||||
| CVE-2006-2752 | 1 Suse | 1 Suse Linux | 2026-06-16 | 6.4 MEDIUM | N/A |
| The RedCarpet /etc/ximian/rcd.conf configuration file in Novell Linux Desktop 9 and SUSE SLES 9 has world-readable permissions, which allows attackers to obtain the rc (RedCarpet) password. | |||||
| CVE-2006-2751 | 1 Open Searchable Image Catalogue | 1 Open Searchable Image Catalogue | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Open Searchable Image Catalogue (OSIC) 0.7.0.1 and earlier allows remote attackers to inject arbitrary web scripts or HTML via the item_list parameter in search.php. | |||||
| CVE-2006-2750 | 1 Open Searchable Image Catalogue | 1 Open Searchable Image Catalogue | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the do_mysql_query function in core.php for Open Searchable Image Catalogue (OSIC) before 0.7.0.1 allows remote attackers to inject arbitrary web scripts or HTML via failed SQL queries, which is reflected in an error message. | |||||
| CVE-2006-2749 | 1 Open Searchable Image Catalogue | 1 Open Searchable Image Catalogue | 2026-06-16 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in search.php in Open Searchable Image Catalogue (OSIC) 0.7.0.1 and earlier allows remote attackers to inject arbitrary SQL commands via the (1) txtCustomField and (2) CustomFieldID array parameters. | |||||
| CVE-2006-2748 | 1 Open Searchable Image Catalogue | 1 Open Searchable Image Catalogue | 2026-06-16 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in the do_mysql_query function in core.php for Open Searchable Image Catalogue (OSIC) before 0.7.0.1 allows remote attackers to inject arbitrary SQL commands via multiple vectors, as demonstrated by the (1) type parameter in adminfunctions.php and the (2) catalogue_id parameter in editcatalogue.php. | |||||
| CVE-2006-2747 | 1 Fredi Bach | 1 Phpmydesktop Arcade | 2026-06-16 | 5.1 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in PhpMyDesktop|arcade 1.0 FINAL allows remote attackers to read arbitrary files or execute PHP code via a .. (dot dot) sequence and trailing null (%00) byte in the subsite parameter in a showsubsite todo. | |||||
| CVE-2006-2746 | 1 Facile Interactive Web | 1 Facile Interactive Web | 2026-06-16 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in F@cile Interactive Web 0.8.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) lang parameter in index.php, and the (2) mytheme and (3) myskin parameters in multiple "p-themes" index.inc.php files including (c) lowgraphic, (d) classic, (e) puzzle, (f) simple, and (g) ciao. NOTE: vectors 2 and 3 might be resultant from file inclusion issues. | |||||
| CVE-2006-2745 | 1 Facile Interactive Web | 1 Facile Interactive Web | 2026-06-16 | 5.1 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in F@cile Interactive Web 0.8.5 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) pathfile parameter in (a) p-editpage.php and (b) p-editbox.php, and the (2) mytheme and (3) myskin parameters in multiple "p-themes" index.inc.php files including (c) lowgraphic, (d) classic, (e) puzzle, (f) simple, and (g) ciao. | |||||
| CVE-2006-2744 | 1 Facile Interactive Web | 1 Facile Interactive Web | 2026-06-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in p-popupgallery.php in F@cile Interactive Web 0.8.41 through 0.8.5 allows remote attackers to execute arbitrary PHP code via a URL in the l parameter. | |||||
| CVE-2006-2743 | 1 Drupal | 1 Drupal | 2026-06-16 | 5.1 MEDIUM | N/A |
| Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory. | |||||
| CVE-2006-2742 | 1 Drupal | 1 Drupal | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Drupal 4.6.x before 4.6.7 and 4.7.0 allows remote attackers to execute arbitrary SQL commands via the (1) count and (2) from variables to (a) database.mysql.inc, (b) database.pgsql.inc, and (c) database.mysqli.inc. | |||||
| CVE-2006-2741 | 1 Epic Designs | 1 Tinybb | 2026-06-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Epicdesigns tinyBB 0.3 allow remote attackers to inject arbitrary web script or HTML via the q parameter in forgot.php, which is echoed in an error message, and other unspecified vectors. | |||||
| CVE-2006-2740 | 1 Epic Designs | 1 Tinybb | 2026-06-16 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Epicdesigns tinyBB 0.3 allow remote attackers to execute arbitrary SQL commands via the (1) q parameter in (a) forgot.php, and the (2) username and (3) password parameters in (b) login.php, and other unspecified vectors. | |||||
| CVE-2006-2739 | 1 Epic Designs | 1 Tinybb | 2026-06-16 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in footers.php in Epicdesigns tinyBB 0.3, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the tinybb_footers parameter. | |||||
| CVE-2006-2738 | 1 Open-xchange | 1 Open-xchange | 2026-06-16 | 7.5 HIGH | N/A |
| The open source version of Open-Xchange 0.8.2 and earlier uses a static default username and password with a valid login shell in the initfile for the ldap-server, which allows remote attackers to access any server where the default has not been changed. | |||||
