Total
29911 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2536 | 1 Greg Donald | 1 Destiney Links Script | 2026-06-16 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Destiney Links Script 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the (1) "Search" (term parameter in index.php) and (2) "Add a Site" (add.php) fields. | |||||
| CVE-2006-2534 | 1 Greg Donald | 1 Destiney Links Script | 2026-06-16 | 5.0 MEDIUM | N/A |
| Destiney Links Script 2.1.2 does not protect library and other support files, which allows remote attackers to obtain the installation path via a direct URL to files in the (1) include and (2) themes/original directories. | |||||
| CVE-2006-2533 | 1 Greg Donald | 1 Destiney Rated Images Script | 2026-06-16 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in (1) addWeblog.php and (2) leaveComments.php in Destiney Rated Images Script 0.5.0 does not properly filter all vulnerable HTML tags, which allows remote attackers to inject arbitrary web script or HTML via Javascript in a DIV tag. | |||||
| CVE-2006-2532 | 1 Greg Donald | 1 Destiney Rated Images Script | 2026-06-16 | 6.4 MEDIUM | N/A |
| stats.php in Destiney Rated Images Script 0.5.0 allows remote attackers to obtain the installation path via an invalid s parameter, which displays the path in an error message. NOTE: this issue was originally claimed to be SQL injection, but CVE analysis shows that the problem is related to an invalid value that prevents some variables from being set. | |||||
| CVE-2006-2531 | 1 Ipswitch | 1 Whatsup | 2026-06-16 | 7.5 HIGH | N/A |
| Ipswitch WhatsUp Professional 2006 only verifies the user's identity via HTTP headers, which allows remote attackers to spoof being a trusted console and bypass authentication by setting HTTP User-Agent header to "Ipswitch/1.0" and the User-Application header to "NmConsole". | |||||
| CVE-2006-2529 | 1 Fckeditor | 1 Fckeditor | 2026-06-16 | 5.0 MEDIUM | N/A |
| editor/filemanager/upload/php/upload.php in FCKeditor before 2.3 Beta, when the upload feature is enabled, does not verify the Type parameter, which allows remote attackers to upload arbitrary file types. NOTE: It is not clear whether this is related to CVE-2006-0658. | |||||
| CVE-2006-2528 | 1 Smartisoft | 1 Phpbazar | 2026-06-16 | 6.4 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in classified_right.php in phpBazar 2.1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the language_dir parameter. | |||||
| CVE-2006-2527 | 1 Smartisoft | 1 Phpbazar | 2026-06-16 | 7.5 HIGH | N/A |
| Admin/admin.php in phpBazar 2.1.0 and earlier allows remote attackers to bypass the authentication process and gain unauthorized access to the administrative section by setting the action parameter to edit_member and the value parameter to 1. | |||||
| CVE-2006-2526 | 1 Power Place | 1 Php Easy Galerie | 2026-06-16 | 6.4 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in index.php in PHP Easy Galerie 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the includepath parameter. | |||||
| CVE-2006-2525 | 1 Usebb | 1 Usebb | 2026-06-16 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in UseBB 1.0 RC1 and earlier allows remote attackers to execute arbitrary SQL commands via the member list search module. | |||||
| CVE-2006-2524 | 1 Usebb | 1 Usebb | 2026-06-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in UseBB 1.0 RC1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors when processing the user date format. | |||||
| CVE-2006-2523 | 1 Smartisoft | 1 Phplistpro | 2026-06-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in config.php in phpListPro 2.0.1 and earlier, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary PHP code via a URL in the Language cookie. | |||||
| CVE-2006-2522 | 1 Dayfox Designs | 1 Dayfox Blog | 2026-06-16 | 7.5 HIGH | N/A |
| Dayfox Blog 2.0 and earlier stores user credentials in edit/slog_users.txt under the web document root with insufficient access control, which allows remote attackers to gain privileges. | |||||
| CVE-2006-2520 | 1 Bitberry Software | 1 Bitzipper | 2026-06-16 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in BitZipper 4.1.2 SR-1 and earlier allows remote attackers to create files in arbitrary directories via a .. (dot dot) in the filename of a file that is stored in a (1) RAR (.rar), (2) TAR (.tar), (3) ZIP (.zip), (4) GZ (.gz), or (5) JAR (.jar) archive. | |||||
| CVE-2006-2519 | 1 Phpwcms | 1 Phpwcms | 2026-06-16 | 2.6 LOW | N/A |
| Directory traversal vulnerability in include/inc_ext/spaw/spaw_control.class.php in phpwcms 1.2.5-DEV allows remote attackers to include arbitrary local files via .. (dot dot) sequences in the spaw_root parameter. NOTE: CVE analysis suggests that this issue is actually in SPAW Editor PHP Edition. | |||||
| CVE-2006-2518 | 1 Phpwcms | 1 Phpwcms | 2026-06-16 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in phpwcms 1.2.5-DEV allows remote attackers to inject arbitrary web script or HTML via the BL[be_cnt_plainhtml] parameter to include/inc_tmpl/content/cnt6.inc.php. | |||||
| CVE-2006-2517 | 1 Fujitsu | 1 Myweb Portal Office | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in MyWeb Portal Office, Standard Edition, Public Edition, Medical Edition, Citizen Edition, School Edition, and Light Edition allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. | |||||
| CVE-2006-2515 | 1 Hiox India | 1 Guest Book | 2026-06-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Hiox Guestbook 3.1 allows remote attackers to inject arbitrary web script or HTML via the input forms for signing the guestbook. | |||||
| CVE-2006-2514 | 1 Coppermine | 1 Coppermine Photo Gallery | 2026-06-16 | 7.5 HIGH | N/A |
| Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions. | |||||
| CVE-2006-2513 | 1 Sun | 1 Java System Directory Server | 2026-06-16 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the installation process in Sun Java System Directory Server 5.2 causes wrong user data to be written to a file created by the installation, which allows remote attackers or local users to gain privileges. | |||||
