Total
29911 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2673 | 1 E-board | 1 Elite-board | 2026-06-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.html in Bulletin Board Elite-Board (E-Board) 1.1 allows remote attackers to inject arbitrary web script or HTML via the search box. | |||||
| CVE-2006-2672 | 1 Interquest Internet Services | 1 Realty Pro One | 2026-06-16 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Realty Pro One allow remote attackers to inject arbitrary web script or HTML via the (1) listingid parameter to (a) images.php, (b) index_other.php, or (c) request_info.php; (2) propertyid parameter to (d) searchlookup.php, (3) id parameter to (e) images.php, or (4) agentid parameter to (f) request_info.php. NOTE: some of these issues might be resultant from SQL injection. | |||||
| CVE-2006-2671 | 1 Calendarscripts.com | 1 Chatpat | 2026-06-16 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in ChatPat 1.0 allows remote attackers to execute arbitrary SQL commands via the nickname field. | |||||
| CVE-2006-2670 | 1 Calendarscripts.com | 1 Chatpat | 2026-06-16 | 5.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ChatPat 1.0 allow remote attackers to inject arbitrary web script or HTML via a chat message in (1) fastchat.php and (2) fastshow.php. | |||||
| CVE-2006-2668 | 1 Docebolms | 1 Docebolms | 2026-06-16 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Docebo LMS 2.05 allow remote attackers to execute arbitrary PHP code via a URL in the lang parameter to (1) modules/credits/business.php, (2) modules/credits/credits.php, or (3) modules/credits/help.php. | |||||
| CVE-2006-2667 | 1 Wordpress | 1 Wordpress | 2026-06-16 | 7.5 HIGH | N/A |
| Direct static code injection vulnerability in WordPress 2.0.2 and earlier allows remote attackers to execute arbitrary commands by inserting a carriage return and PHP code when updating a profile, which is appended after a special comment sequence into files in (1) wp-content/cache/userlogins/ (2) wp-content/cache/users/ which are later included by cache.php, as demonstrated using the displayname argument. | |||||
| CVE-2006-2666 | 1 V-webmail | 1 V-webmail | 2026-06-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/mailaccess/pop3.php in V-Webmail 1.5 through 1.6.4 allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[pear_dir] parameter. | |||||
| CVE-2006-2665 | 1 V-webmail | 1 V-webmail | 2026-06-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in includes/mailaccess/pop3/core.php in V-Webmail 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[pear_dir] parameter. | |||||
| CVE-2006-2664 | 1 Ifdate.com | 1 Ifdate | 2026-06-16 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in iFdate 1.2 allows remote attackers to inject arbitrary web script or HTML via the (1) username, (2) password fields, or certain other input text boxes. | |||||
| CVE-2006-2662 | 1 Vmware | 1 Server | 2026-06-16 | 4.6 MEDIUM | N/A |
| VMware Server before RC1 does not clear user credentials from memory after a console connection is made, which might allow local attackers to gain privileges. | |||||
| CVE-2006-2660 | 1 Php | 1 Php | 2026-06-16 | 2.1 LOW | N/A |
| Buffer consumption vulnerability in the tempnam function in PHP 5.1.4 and 4.x before 4.4.3 allows local users to bypass restrictions and create PHP files with fixed names in other directories via a pathname argument longer than MAXPATHLEN, which prevents a unique string from being appended to the filename. | |||||
| CVE-2006-2659 | 1 Double Precision Incorporated | 1 Courier Mta | 2026-06-16 | 7.8 HIGH | N/A |
| libs/comverp.c in Courier MTA before 0.53.2 allows attackers to cause a denial of service (CPU consumption) via unknown vectors involving usernames that contain the "=" (equals) character, which is not properly handled during encoding. | |||||
| CVE-2006-2658 | 2 Mono, Suse | 3 Xsp, Suse Linux, Suse Open Enterprise Server | 2026-06-16 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the xsp component in mod_mono in Mono/C# web server, as used in SUSE Open-Enterprise-Server 1 and SUSE Linux 9.2 through 10.0, allows remote attackers to read arbitrary files via a .. (dot dot) sequence in an HTTP request. | |||||
| CVE-2006-2655 | 1 Freebsd | 1 Freebsd | 2026-06-16 | 6.4 MEDIUM | N/A |
| The build process for ypserv in FreeBSD 5.3 up to 6.1 accidentally disables access restrictions when using the /var/yp/securenets file, which allows remote attackers to bypass intended access restrictions. | |||||
| CVE-2006-2654 | 1 Freebsd | 1 Freebsd | 2026-06-16 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in smbfs smbfs on FreeBSD 4.10 up to 6.1 allows local users to escape chroot restrictions for an SMB-mounted filesystem via "..\\" sequences. NOTE: this is similar to CVE-2006-1864, but this is a different implementation of smbfs, so it has a different CVE identifier. | |||||
| CVE-2006-2653 | 1 D-link | 1 Dsa-3100 Airspot Gateway | 2026-06-16 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in login_error.shtml for D-Link DSA-3100 allows remote attackers to inject arbitrary HTML or web script via an encoded uname parameter. | |||||
| CVE-2006-2652 | 1 Wikini | 1 Wikini | 2026-06-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WikiNi 0.4.2 and earlier allows remote attackers to inject arbitrary HTML and web script by editing a Wiki page to contain the script. | |||||
| CVE-2006-2651 | 1 Vacation Rentals | 1 Vacation Rental Script | 2026-06-16 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Vacation Rental Script 1.0 allows remote attackers to inject arbitrary web script or HTML via the obj parameter. | |||||
| CVE-2006-2650 | 1 Cosmicphp | 1 Cosmicshoppingcart | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in cosmicshop/search.php in CosmicShoppingCart allows remote attackers to execute arbitrary SQL commands via the max parameter. | |||||
| CVE-2006-2648 | 1 Aspbb | 1 Aspbb | 2026-06-16 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in perform_search.asp for ASPBB 0.52 and earlier allows remote attackers to inject arbitrary HTML or web script via the search parameter. | |||||
