Total
29911 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2697 | 1 Easy-content Forums | 1 Easy-content Forums | 2026-06-16 | 6.4 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Easy-Content Forums 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) startletter parameter in userview.asp and the (2) forumname parameter in topics.asp. | |||||
| CVE-2006-2696 | 1 Easy-content Forums | 1 Easy-content Forums | 2026-06-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerabilities in Easy-Content Forums 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) startletter parameter in userview.asp and the (2) catid parameter in topics.asp. | |||||
| CVE-2006-2695 | 1 Dgnews | 1 Dgnews | 2026-06-16 | 5.1 MEDIUM | N/A |
| admin/upprocess.php in DGNews 1.5 and earlier allows remote attackers to execute arbitrary code by uploading scripts with arbitrary extensions to the img directory. | |||||
| CVE-2006-2694 | 1 Scriptscenter | 1 Ezupload Pro | 2026-06-16 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in EzUpload Pro 2.10 allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) form.php, (2) customize.php, and (3) initialize.php. | |||||
| CVE-2006-2693 | 1 Nivisec | 1 Hacks List | 2026-06-16 | 7.1 HIGH | N/A |
| Directory traversal vulnerability in admin/admin_hacks_list.php in Nivisec Hacks List 1.20 and earlier for phpBB, when register_globals is enabled, allows remote attackers to read arbitrary files via a ".." in the phpEx parameter. | |||||
| CVE-2006-2692 | 1 Amule | 1 Amule | 2026-06-16 | 5.0 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in aMuleWeb for AMule before 2.1.2 allow remote attackers to read arbitrary image, HTML, or PHP files via unknown vectors, probably related to directory traversal. | |||||
| CVE-2006-2691 | 1 Amule | 1 Amule | 2026-06-16 | 5.0 MEDIUM | N/A |
| Unspecified "information leakage" vulnerabilities in aMuleWeb for AMule before 2.1.2 allow remote attackers to access arbitrary images, including dynamically generated images, via unknown vectors. | |||||
| CVE-2006-2690 | 1 Eva-web | 1 Eva-web | 2026-06-16 | 7.8 HIGH | N/A |
| An unspecified script in EVA-Web 2.1.2 and earlier, probably index.php, allows remote attackers to obtain the full path of the web server via invalid (1) perso or (2) aide parameters. | |||||
| CVE-2006-2689 | 1 Eva-web | 1 Eva-web | 2026-06-16 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in EVA-Web 2.1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) debut_image parameter in (a) article-album.php3, (2) date parameter in (b) rubrique.php3, and the (3) perso and (4) aide parameters to (c) an unknown script, probably index.php. | |||||
| CVE-2006-2688 | 1 Achievo | 1 Achievo | 2026-06-16 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in the employees node (class.employee.inc) in Achievo 1.1.0 and earlier and 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the atkselector parameter. | |||||
| CVE-2006-2687 | 1 Agtc Websolutions | 1 Php-agtc Membership System | 2026-06-16 | 4.9 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in adduser.php in PHP-AGTC Membership System 1.1a and earlier allows remote attackers to inject arbitrary web script or HTML via the email address (useremail parameter). | |||||
| CVE-2006-2684 | 1 Hotwebscripts | 1 Cms Mundo | 2026-06-16 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the search module in CMS Mundo 1.0 allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter. | |||||
| CVE-2006-2683 | 1 Open-medium | 1 Open-medium Cms | 2026-06-16 | 6.4 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in 404.php in open-medium.CMS 0.25 allows remote attackers to execute arbitrary PHP code via a URL in the REDSYS[MYPATH][TEMPLATES] parameter. | |||||
| CVE-2006-2682 | 1 Back-end | 1 Back-end Cms | 2026-06-16 | 6.4 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in BE_config.php in Back-End CMS 0.7.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _PSL[classdir] parameter. | |||||
| CVE-2006-2680 | 1 Php4script | 1 Az Photo Album Script Pro | 2026-06-16 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in AZ Photo Album Script Pro allows remote attackers to inject arbitrary web script or HTML via the gazpart parameter. | |||||
| CVE-2006-2678 | 1 Pre Projects | 1 Pre News Manager | 2026-06-16 | 5.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Pre News Manager 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to (a) index.php, and the (2) nid parameter to (b) news_detail.php, (c) email_story.php, (d) thankyou.php, (e) printable_view.php, (f) tella_friend.php, and (g) send_comments.php. | |||||
| CVE-2006-2677 | 1 Sitescape | 1 Sitescape Forum | 2026-06-16 | 5.0 MEDIUM | N/A |
| SiteScape Forum 7.2 and possibly earlier stores the avf.rc configuraiton file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive path information. | |||||
| CVE-2006-2676 | 1 Sitescape | 1 Sitescape Forum | 2026-06-16 | 5.0 MEDIUM | N/A |
| Dispatch.cgi/_user/uservCard/ in SiteScape Forum 7.2 and possibly earlier generates different responses in a way that allows remote attackers to enumerate valid usernames. | |||||
| CVE-2006-2675 | 1 Ubbcentral | 1 Ubb.threads | 2026-06-16 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in ubbt.inc.php in UBBThreads 5.x and 6.x allows remote attackers to execute arbitrary PHP code via a URL in the (1) thispath or (2) configdir parameters. | |||||
| CVE-2006-2674 | 1 Tamber Forum | 1 Tamber Forum | 2026-06-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Tamber Forum 1.9.13 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) frm_id parameter to (a) show_forum.asp, (2) a search field to (b) forum_search.asp, (3) Email address or (4) Password to (c) admin/index.asp, (5) frm_cat_id parameter to (d) browse_forum_cat.asp, or (6) Message Subject or (7) Message Text field to (e) post_message.asp. | |||||
