Vulnerabilities (CVE)

Filtered by NVD-CWE-Other
Total 29911 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-2647 1 Ibm 1 Aix 2026-06-16 7.2 HIGH N/A
Untrusted search path vulnerability in update_flash for IBM AIX 5.1, 5.2 and 5.3 allows local users to execute arbitrary commands via unknown vectors involving lsmcode and possibly other commands.
CVE-2006-2646 1 Alt-n 1 Mdaemon 2026-06-16 7.5 HIGH N/A
Buffer overflow in Alt-N MDaemon, possibly 9.0.1 and earlier, allows remote attackers to execute arbitrary code via a long A0001 argument that begins with a '"' (double quote).
CVE-2006-2644 1 Awstats 1 Awstats 2026-06-16 4.0 MEDIUM N/A
AWStats 6.5, and possibly other versions, allows remote authenticated users to execute arbitrary code by using the configdir parameter to awstats.pl to upload a configuration file whose name contains shell metacharacters, then access that file using the LogFile directive.
CVE-2006-2643 1 Circle R 1 Monster Top List 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.php in Monster Top List (MTL) 1.4 allows remote attackers to inject arbitrary web script or HTML via the user_error_message parameter.
CVE-2006-2642 1 Php-residence 1 Php-residence 2026-06-16 4.3 MEDIUM N/A
** UNVERIFIABLE ** NOTE: this issue does not contain any verifiable or actionable details. Cross-site scripting (XSS) vulnerability in Marco M. F. De Santis Php-residence 0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via "any of its input." NOTE: the original disclosure is based on vague researcher claims without vendor acknowledgement; therefore this identifier cannot be linked with any future identifier that identifies more specific vectors. Perhaps this should not be included in CVE.
CVE-2006-2641 1 John Frank 1 Asset Manager 2026-06-16 5.8 MEDIUM N/A
** UNVERIFIABLE ** NOTE: this issue does not contain any verifiable or actionable details. Cross-site scripting (XSS) vulnerability in John Frank Asset Manager (AssetMan) 2.4a and earlier allows remote attackers to inject arbitrary web script or HTML via "any of its input." NOTE: the original disclosure is based on vague researcher claims without vendor acknowledgement; therefore this identifier cannot be linked with any future identifier that identifies more specific vectors. Perhaps this should not be included in CVE.
CVE-2006-2640 1 Omegasoft 1 Interneserviceslosungen 2026-06-16 5.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in OmegaMw7a.ASP in OMEGA (aka Omegasoft) INterneSErvicesLosungen (INSEL) allows remote attackers to inject arbitrary web script or HTML via the WCE parameter.
CVE-2006-2639 1 Phpsimplechoose 1 Phpsimplechoose 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the input forms in prattmic and Master5006 PHPSimpleChoose 0.3 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element.
CVE-2006-2638 1 Qjstudios 1 Qjforum 2026-06-16 6.4 MEDIUM N/A
SQL injection vulnerability in member.asp in qjForum allows remote attackers to execute arbitrary SQL commands via the uName parameter.
CVE-2006-2637 1 Tuttophp 3 Morris Guestbook, Pretty Guestbook, Smile Guestbook 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in view.php in TuttoPhp (1) Morris Guestbook 1, (2) Pretty Guestbook 1, and (3) Smile Guestbook 1 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element in the pagina parameter.
CVE-2006-2634 1 Neocrome 1 Seditio 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Neocrome Land Down Under (LDU) in Neocrome Seditio 102 allows remote attackers to inject arbitrary web script or HTML via an HTTP Referer field.
CVE-2006-2633 1 Andrew Godwin 1 Bytehoard 2026-06-16 4.0 MEDIUM N/A
Absolute path traversal vulnerability in the copy action in index.php in Andrew Godwin ByteHoard 2.1 and earlier allows remote authenticated users to create or overwrite files in other users' directories by specifying the absolute path of the directory in the infolder parameter and simultaneously specifying the filename in the filepath parameter.
CVE-2006-2632 1 Andrew Godwin 1 Bytehoard 2026-06-16 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in Andrew Godwin ByteHoard 2.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via file descriptions.
CVE-2006-2631 1 Phpfox 1 Phpfox 2026-06-16 4.0 MEDIUM N/A
phpFoX allows remote authenticated users to modify arbitrary accounts via a modified NATIO cookie value, possibly the phpfox_user parameter.
CVE-2006-2630 1 Symantec 2 Client Security, Norton Antivirus 2026-06-16 10.0 HIGH N/A
Stack-based buffer overflow in Symantec Antivirus 10.1 and Client Security 3.1 allows remote attackers to execute arbitrary code via unknown attack vectors.
CVE-2006-2629 1 Linux 1 Linux Kernel 2026-06-16 4.0 MEDIUM N/A
Race condition in Linux kernel 2.6.15 to 2.6.17, when running on SMP platforms, allows local users to cause a denial of service (crash) by creating and exiting a large number of tasks, then accessing the /proc entry of a task that is exiting, which causes memory corruption that leads to a failure in the prune_dcache function or a BUG_ON error in include/linux/list.h.
CVE-2006-2617 1 Alstrasoft 1 Webhost Directory 2026-06-16 5.0 MEDIUM N/A
(1) AlstraSoft Web Host Directory 1.2, aka (2) HyperStop WebHost Directory 1.2, allows remote attackers to obtain the installation path via an invalid entry in the Username field on the login page, which causes the path to be displayed in an SQL error. NOTE: this issue might be resultant from SQL injection.
CVE-2006-2616 1 Alstrasoft 1 Webhost Directory 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the search script in (1) AlstraSoft Web Host Directory 1.2, aka (2) HyperStop WebHost Directory 1.2, allows remote attackers to execute arbitrary SQL commands via the uri parameter.
CVE-2006-2615 1 Russcom Network 1 Russcom.ping 2026-06-16 7.5 HIGH N/A
ping.php in Russcom.Ping allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter.
CVE-2006-2614 1 Sun 1 N1 System Manager 2026-06-16 4.6 MEDIUM N/A
Sun N1 System Manager 1.1 for Solaris 10 before patch 121161-01 records system passwords in the world-readable scripts (1) /cr/hd_jobs_db.sh, (2) /cr/hd_plan_checkin.sh, and (3) /cr/oracle_plan_checkin.sh, which allows local users to obtain System Manager passwords.