Vulnerabilities (CVE)

Filtered by NVD-CWE-Other
Total 29911 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-2367 1 Clansys 1 Clansys 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.php in Clansys (aka Clanpage System) 1.0 and 1.1 allows remote attackers to inject arbitrary web script or HTML via the func parameter in a search function.
CVE-2006-2366 1 Openobex 1 Openobex 2026-06-16 2.6 LOW N/A
ircp_io.c in libopenobex for ircp 1.2, when ircp is run with the -r option, does not prompt the user when overwriting files, which allows user-assisted remote attackers to overwrite dangerous files via an arbitrary destination file name in an OBEX File Transfer session.
CVE-2006-2365 1 Vizra 1 Vizra 2026-06-16 5.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in a_login.php in Vizra allows remote attackers to inject arbitrary web script or HTML via the message parameter.
CVE-2006-2364 1 Macromedia 1 Coldfusion 2026-06-16 5.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the validation feature in Macromedia ColdFusion 5 and earlier allows remote attackers to inject arbitrary web script or HTML via a "_required" field when the associated normal field is missing or empty, which is not sanitized before being presented in an error message.
CVE-2006-2361 2 Mxbb, Php Arena 2 Mxbb Portal, Pafiledb 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in pafiledb_constants.php in Download Manager (mxBB pafiledb) integration, as used with phpBB, allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.
CVE-2006-2360 1 Phpbb Group 1 Phpbb 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in charts.php in the Chart mod for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2006-2359 1 Phpbb Group 1 Phpbb 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in charts.php in the Chart mod for phpBB allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this issue might be resultant from SQL injection.
CVE-2006-2358 1 Web-labs 1 Web-labs Cms 2026-06-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in various scripts in Web-Labs CMS allow remote attackers to inject arbitrary web script or HTML via (1) the search parameter and (2) unspecified fields related to e-mail alerts. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-2357 1 Ipswitch 1 Whatsup Professional 2026-06-16 5.0 MEDIUM N/A
Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to obtain source code for scripts via a trailing dot in a request to NmConsole/Login.asp.
CVE-2006-2355 1 Ipswitch 1 Whatsup Professional 2026-06-16 5.0 MEDIUM N/A
Ipswitch WhatsUp Professional 2006 and Ipswitch WhatsUp Professional 2006 Premium allows remote attackers to obtain full path information via 404 error messages. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-2354 1 Ipswitch 1 Whatsup Professional 2026-06-16 5.0 MEDIUM N/A
NmConsole/Login.asp in Ipswitch WhatsUp Professional 2006 and Ipswitch WhatsUp Professional 2006 Premium generates different error messages in a way that allows remote attackers to enumerate valid usernames. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-2352 1 Ipswitch 1 Whatsup Professional 2026-06-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in IPswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allow remote attackers to inject arbitrary web script or HTML via unknown vectors in (1) NmConsole/Tools.asp and (2) NmConsole/DeviceSelection.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-2349 1 Oasyssoft 1 E-business Designer 2026-06-16 6.8 MEDIUM N/A
E-Business Designer (eBD) 3.1.4 and earlier allows remote attackers to upload or modify arbitrary files, and execute arbitrary code, via a direct request to (1) common/html_editor/image_browser.upload.html, (2) common/html_editor/image_browser.html, or (3) common/html_editor/html_editor.html. NOTE: this can also be used for cross-site scripting (XSS) attacks by uploading cascading style sheet (.CSS) files.
CVE-2006-2348 1 Oasyssoft 1 E-business Designer 2026-06-16 2.6 LOW N/A
Cross-site scripting (XSS) vulnerability in form_grupo.html in E-Business Designer (eBD) 3.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this issue might be resultant from SQL injection.
CVE-2006-2347 1 Oasyssoft 1 E-business Designer 2026-06-16 5.0 MEDIUM N/A
E-Business Designer (eBD) 3.1.4 and earlier allows remote attackers to obtain the full path of the web server via "'" characters, and possibly other invalid values, in (1) the id parameter to form_grupo.html, or requests to the (2) archivos/ and (3) files/ directories. NOTE: this issue might be resultant from SQL injection.
CVE-2006-2346 1 Inter7 1 Vpopmail \(vchkpw\) 2026-06-16 7.5 HIGH N/A
vpopmail 5.4.14 and 5.4.15, with cleartext passwords enabled, allows remote attackers to authenticate to an account that does not have a cleartext password set by using a blank password to (1) SMTP AUTH or (2) APOP.
CVE-2006-2345 1 Roostercode Ajax Softwares 1 Alipager 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in inc/elementz.php in AliPAGER 1.5 allows remote attackers to inject arbitrary web script or HTML via the ubild parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. NOTE: this issue might be resultant from SQL injection.
CVE-2006-2344 1 Ajax Softwares 1 Alipager 2026-06-16 6.4 MEDIUM N/A
SQL injection vulnerability in inc/elementz.php in AliPAGER 1.5, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the ubild parameter.
CVE-2006-2343 1 Adventnet 1 Manageengine Opmanager 2026-06-16 5.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Search.do in ManageEngine OpManager 6.0 allows remote attackers to inject arbitrary web script or HTML via the searchTerm parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-2342 1 Ibm 1 Websphere Application Server 2026-06-16 7.5 HIGH N/A
IBM WebSphere Application Server 6.0.2 before FixPack 3 allows remote attackers to bypass authentication for the Welcome Page via a request to the default context root.