Vulnerabilities (CVE)

Filtered by NVD-CWE-Other
Total 29911 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-2558 1 Iplogger 1 Iplogger 2026-06-16 5.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in IpLogger 1.7 and earlier allows remote attackers to inject arbitrary HTML or web script via the User-Agent (useragent) header in an HTTP request, which is not filtered when the log files are viewed.
CVE-2006-2557 1 Florian Amrhein 1 Newsportal 2026-06-16 6.4 MEDIUM N/A
PHP remote file inclusion vulnerability in extras/poll/poll.php in Florian Amrhein NewsPortal before 0.37, and TR Newsportal (TRanx rebuilded), allows remote attackers to execute arbitrary PHP code via a URL in the file_newsportal parameter.
CVE-2006-2556 1 Florian Amrhein 1 Newsportal 2026-06-16 5.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Florian Amrhein NewsPortal before 0.37, and possibly TR Newsportal (TRanx rebuilded), allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2006-2555 1 Genecys 1 Genecys 2026-06-16 5.0 MEDIUM N/A
The parse_command function in Genecys 0.2 and earlier allows remote attackers to cause a denial of service (crash) via a command with a missing ":" (colon) separator, which triggers a null dereference.
CVE-2006-2554 1 Genecys 1 Genecys 2026-06-16 6.4 MEDIUM N/A
Buffer overflow in the tell_player_surr_changes function in Genecys 0.2 and earlier might allow remote attackers to execute arbitrary code via long arguments.
CVE-2006-2553 1 Jemscripts 1 Downloadcontrol 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Jemscripts DownloadControl 1.0 allows remote attackers to inject arbitrary HTML or web script via the dcid parameter to dc.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. This issue appears to be independent from a different issue that involves the same vector.
CVE-2006-2552 1 Jemscripts 1 Downloadcontrol 2026-06-16 5.0 MEDIUM N/A
Jemscripts DownloadControl 1.0 allows remote attackers to obtain sensitive information via an invalid dcid parameter to dc.php, which leaks the pathname in an error message. NOTE: this was originally claimed to be SQL injection, but it is probably resultant from another issue in functions.php.
CVE-2006-2551 1 Hp 1 Hp-ux 2026-06-16 2.1 LOW N/A
Unspecified vulnerability in the kernel in HP-UX B.11.00 allows local users to cause an unspecified denial of service via unknown vectors.
CVE-2006-2550 1 Perlpodder 1 Perlpodder 2026-06-16 5.1 MEDIUM N/A
perlpodder before 0.5 allows remote attackers to execute arbitrary code via shell metacharacters in the URL of a podcast, which are executed when saving the URL to a log file. NOTE: the wget vector is already covered by CVE-2006-2548.
CVE-2006-2549 1 Pdf Tools Ag 1 Pdf Form Filling And Flattening Tool 2026-06-16 7.5 HIGH N/A
Stack-based buffer overflow in PDF Form Filling and Flattening Tool before 3.1.0.12 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via long field names.
CVE-2006-2547 1 Sap 1 Sapdba 2026-06-16 10.0 HIGH N/A
Unspecified vulnerability in the sapdba command in SAP with Informix before 700, and 700 up to patch 100, allows local users to execute arbitrary commands via unknown vectors related to "insecure environment variable" handling.
CVE-2006-2546 1 Bea 1 Weblogic Server 2026-06-16 5.0 MEDIUM N/A
A recommended admin password reset mechanism for BEA WebLogic Server 8.1, when followed before October 10, 2005, causes the administrator password to be stored in cleartext in the domain directory, which could allow attackers to gain privileges.
CVE-2006-2544 1 Xtreme Scripts 1 Xtreme Topsites 2026-06-16 5.1 MEDIUM N/A
Multiple SQL injection vulnerabilities in Xtreme Topsites 1.1, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the (1) searchthis parameter in lostid.php and (2) id parameter in stats.php. NOTE: the provenance of this information is unknown; portions of the details are obtained from third party information.
CVE-2006-2543 1 Xtreme Scripts 1 Xtreme Topsites 2026-06-16 5.1 MEDIUM N/A
Xtreme Topsites 1.1 allows remote attackers to trigger MySQL errors and possibly conduct SQL injection attacks via unspecified vectors in join.php.
CVE-2006-2542 1 Ti Kan 1 Xmcd 2026-06-16 2.1 LOW N/A
xmcdconfig in xmcd for Debian GNU/Linux 2.6-17.1 creates /var/lib/cddb and /var/lib/xmcd/discog with world writable permissions, which allows local users to cause a denial of service (disk consumption).
CVE-2006-2541 1 John Andersson 1 Zixforum 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in settings.asp in Zixforum 1.12 allows remote attackers to execute arbitrary SQL commands via the layid parameter to (1) login.asp and (2) main.asp.
CVE-2006-2540 1 Dieselscripts 1 Diesel Job Site 2026-06-16 5.0 MEDIUM N/A
Privacy leak in install.php for Diesel PHP Job Site sends sensitive information such as user credentials to an e-mail address controlled by the product developers.
CVE-2006-2539 1 Sybase 1 Easerver 2026-06-16 3.5 LOW N/A
Sybase EAServer 5.0 for HP-UX Itanium, 5.2 for IBM AIX, HP-UX PA-RISC, Linux x86, and Sun Solaris SPARC, and 5.3 for Sun Solaris SPARC does not properly protect passwords when they are being entered via the GUI, which allows local users to obtain the cleartext passwords via the getSelectedText function in javax.swing.JPasswordField component.
CVE-2006-2538 2 Ie Tab, Mozilla 2 Ie Tab, Firefox 2026-06-16 2.6 LOW N/A
IE Tab 1.0.9 plugin for Mozilla Firefox 1.5.0.3 allows remote user-assisted attackers to cause a denial of service (application crash), possibly due to a null dereference, via certain Javascript, as demonstrated using a url parameter to the content/reloaded.html page in a chrome:// URI. Some third-party researchers claim that they are unable to reproduce this vulnerability.
CVE-2006-2537 3 Horizontal Shooter Bor, Openbor, Senile Team 3 Horizontal Shooter Bor, Openbor, Beats Of Rage 2026-06-16 7.5 HIGH N/A
Multiple format string vulnerabilities in (a) OpenBOR 2.0046 and earlier, (b) Beats of Rage (BOR) 1.0029 and earlier, and (c) Horizontal Shooter BOR (HOR) 2.0000 and earlier allow remote attackers to execute code via format string specifiers in configurations used in various mod files, as demonstrated by the (1) music identifier in data/scenes/intro.txt, which is not properly handled in the update function, and (2) background identifier in data/easy/1aeasy.txt, which is not properly handled in the shutdown function.