Vulnerabilities (CVE)

Filtered by NVD-CWE-Other
Total 29911 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-2673 1 E-board 1 Elite-board 2026-06-16 6.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in search.html in Bulletin Board Elite-Board (E-Board) 1.1 allows remote attackers to inject arbitrary web script or HTML via the search box.
CVE-2006-2672 1 Interquest Internet Services 1 Realty Pro One 2026-06-16 6.8 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Realty Pro One allow remote attackers to inject arbitrary web script or HTML via the (1) listingid parameter to (a) images.php, (b) index_other.php, or (c) request_info.php; (2) propertyid parameter to (d) searchlookup.php, (3) id parameter to (e) images.php, or (4) agentid parameter to (f) request_info.php. NOTE: some of these issues might be resultant from SQL injection.
CVE-2006-2671 1 Calendarscripts.com 1 Chatpat 2026-06-16 5.0 MEDIUM N/A
SQL injection vulnerability in ChatPat 1.0 allows remote attackers to execute arbitrary SQL commands via the nickname field.
CVE-2006-2670 1 Calendarscripts.com 1 Chatpat 2026-06-16 5.8 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in ChatPat 1.0 allow remote attackers to inject arbitrary web script or HTML via a chat message in (1) fastchat.php and (2) fastshow.php.
CVE-2006-2668 1 Docebolms 1 Docebolms 2026-06-16 7.5 HIGH N/A
Multiple PHP remote file inclusion vulnerabilities in Docebo LMS 2.05 allow remote attackers to execute arbitrary PHP code via a URL in the lang parameter to (1) modules/credits/business.php, (2) modules/credits/credits.php, or (3) modules/credits/help.php.
CVE-2006-2667 1 Wordpress 1 Wordpress 2026-06-16 7.5 HIGH N/A
Direct static code injection vulnerability in WordPress 2.0.2 and earlier allows remote attackers to execute arbitrary commands by inserting a carriage return and PHP code when updating a profile, which is appended after a special comment sequence into files in (1) wp-content/cache/userlogins/ (2) wp-content/cache/users/ which are later included by cache.php, as demonstrated using the displayname argument.
CVE-2006-2666 1 V-webmail 1 V-webmail 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in includes/mailaccess/pop3.php in V-Webmail 1.5 through 1.6.4 allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[pear_dir] parameter.
CVE-2006-2665 1 V-webmail 1 V-webmail 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in includes/mailaccess/pop3/core.php in V-Webmail 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[pear_dir] parameter.
CVE-2006-2664 1 Ifdate.com 1 Ifdate 2026-06-16 5.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in iFdate 1.2 allows remote attackers to inject arbitrary web script or HTML via the (1) username, (2) password fields, or certain other input text boxes.
CVE-2006-2662 1 Vmware 1 Server 2026-06-16 4.6 MEDIUM N/A
VMware Server before RC1 does not clear user credentials from memory after a console connection is made, which might allow local attackers to gain privileges.
CVE-2006-2660 1 Php 1 Php 2026-06-16 2.1 LOW N/A
Buffer consumption vulnerability in the tempnam function in PHP 5.1.4 and 4.x before 4.4.3 allows local users to bypass restrictions and create PHP files with fixed names in other directories via a pathname argument longer than MAXPATHLEN, which prevents a unique string from being appended to the filename.
CVE-2006-2659 1 Double Precision Incorporated 1 Courier Mta 2026-06-16 7.8 HIGH N/A
libs/comverp.c in Courier MTA before 0.53.2 allows attackers to cause a denial of service (CPU consumption) via unknown vectors involving usernames that contain the "=" (equals) character, which is not properly handled during encoding.
CVE-2006-2658 2 Mono, Suse 3 Xsp, Suse Linux, Suse Open Enterprise Server 2026-06-16 5.0 MEDIUM N/A
Directory traversal vulnerability in the xsp component in mod_mono in Mono/C# web server, as used in SUSE Open-Enterprise-Server 1 and SUSE Linux 9.2 through 10.0, allows remote attackers to read arbitrary files via a .. (dot dot) sequence in an HTTP request.
CVE-2006-2655 1 Freebsd 1 Freebsd 2026-06-16 6.4 MEDIUM N/A
The build process for ypserv in FreeBSD 5.3 up to 6.1 accidentally disables access restrictions when using the /var/yp/securenets file, which allows remote attackers to bypass intended access restrictions.
CVE-2006-2654 1 Freebsd 1 Freebsd 2026-06-16 6.4 MEDIUM N/A
Directory traversal vulnerability in smbfs smbfs on FreeBSD 4.10 up to 6.1 allows local users to escape chroot restrictions for an SMB-mounted filesystem via "..\\" sequences. NOTE: this is similar to CVE-2006-1864, but this is a different implementation of smbfs, so it has a different CVE identifier.
CVE-2006-2653 1 D-link 1 Dsa-3100 Airspot Gateway 2026-06-16 2.6 LOW N/A
Cross-site scripting (XSS) vulnerability in login_error.shtml for D-Link DSA-3100 allows remote attackers to inject arbitrary HTML or web script via an encoded uname parameter.
CVE-2006-2652 1 Wikini 1 Wikini 2026-06-16 6.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in WikiNi 0.4.2 and earlier allows remote attackers to inject arbitrary HTML and web script by editing a Wiki page to contain the script.
CVE-2006-2651 1 Vacation Rentals 1 Vacation Rental Script 2026-06-16 2.6 LOW N/A
Cross-site scripting (XSS) vulnerability in index.php in Vacation Rental Script 1.0 allows remote attackers to inject arbitrary web script or HTML via the obj parameter.
CVE-2006-2650 1 Cosmicphp 1 Cosmicshoppingcart 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in cosmicshop/search.php in CosmicShoppingCart allows remote attackers to execute arbitrary SQL commands via the max parameter.
CVE-2006-2648 1 Aspbb 1 Aspbb 2026-06-16 2.6 LOW N/A
Cross-site scripting (XSS) vulnerability in perform_search.asp for ASPBB 0.52 and earlier allows remote attackers to inject arbitrary HTML or web script via the search parameter.