Vulnerabilities (CVE)

Filtered by NVD-CWE-Other
Total 29911 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-2293 1 Expinion.net 1 Multicalendars 2026-06-16 6.4 MEDIUM N/A
SQL injection vulnerability in all_calendars.asp in MultiCalendars 3.0 allows remote attackers to execute arbitrary SQL commands via the calsids parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-2292 1 Inhouse Associates 1 Ia-calendar 2026-06-16 6.4 MEDIUM N/A
Multiple SQL injection vulnerabilities in IA-Calendar allow remote attackers to execute arbitrary SQL commands via the (1) type parameter in (a) calendar_new.asp and (b) default.asp, and (2) ID parameter in (c) calendar_detail.asp. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-2291 1 Inhouse Associates 1 Ia-calendar 2026-06-16 5.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in calendar_new.asp in IA-Calendar allows remote attackers to inject arbitrary web script or HTML via the TypeName1 parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-2290 1 Www.goel.ch 1 2005-comments-script 2026-06-16 6.8 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in kommentar.php in 2005-Comments-Script allow remote attackers to inject arbitrary web script or HTML via the (1) id, (2) email, and (3) url parameter.
CVE-2006-2289 1 Avahi 1 Avahi 2026-06-16 2.1 LOW N/A
Buffer overflow in avahi-core in Avahi before 0.6.10 allows local users to execute arbitrary code via unknown vectors.
CVE-2006-2288 1 Avahi 1 Avahi 2026-06-16 3.6 LOW N/A
Avahi before 0.6.10 allows local users to cause a denial of service (mDNS/DNS-SD service disconnect) via unspecified mDNS name conflicts.
CVE-2006-2287 1 Vision Source 1 Vision Source Cms 2026-06-16 5.8 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Vision Source 0.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the fields in a user's profile.
CVE-2006-2285 1 Dokeos 1 Open Source Learning And Knowledge Management Tool 2026-06-16 5.1 MEDIUM N/A
PHP remote file inclusion vulnerability in authldap.php in Dokeos 1.6.4 allows remote attackers to execute arbitrary PHP code via a URL in the includePath parameter.
CVE-2006-2284 2 Claroline, Dokeos 2 Claroline, Dokeos 2026-06-16 6.8 MEDIUM N/A
Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.5 allow remote attackers to execute arbitrary PHP code via a URL in the (1) clarolineRepositorySys parameter in ldap.inc.php and the (2) claro_CasLibPath parameter in casProcess.inc.php.
CVE-2006-2283 1 Spiffyjr 1 Phpraid 2026-06-16 7.5 HIGH N/A
Multiple PHP remote file inclusion vulnerabilities in SpiffyJr phpRaid 2.9.5 through 3.0.b3 allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter in (1) auth.php and (2) auth_phpbb when the phpBB portal is enabled, and via a URL in the smf_root_path parameter in (3) auth.php and (4) auth_SMF when the SMF portal is enabled.
CVE-2006-2282 1 X7 Group 1 X7 Chat 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in X7 Chat 2.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the URL of an avatar, possibly related to the avatar parameter in register.php.
CVE-2006-2280 1 Openengine 1 Openengine 2026-06-16 5.0 MEDIUM N/A
Directory traversal vulnerability in website.php in openEngine 1.8 Beta 2 and earlier allows remote attackers to list arbitrary directories and read arbitrary files via a .. (dot dot) in the template parameter.
CVE-2006-2279 1 Arabless 1 Saphplesson 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in SaphpLesson 3.0 allow remote attackers to execute arbitrary SQL commands via (1) the Find parameter in (a) search.php, and the (2) LID and (3) Rate parameters in (b) misc.php.
CVE-2006-2278 1 Arabless 1 Saphplesson 2026-06-16 5.0 MEDIUM N/A
SaphpLesson 3.0 does not initialize array variables, which allows remote attackers to obtain the full path via an non-array (1) hrow parameter to (a) show.php or (b) index.php; the (2) Lsnrow parameter to (c) showcat.php; or the (3) rows parameter to index.php.
CVE-2006-2277 1 Apple 1 Mac Os X 2026-06-16 5.0 MEDIUM N/A
Multiple Apple Mac OS X 10.4 applications might allow context-dependent attackers to cause a denial of service (application crash) via a crafted OpenEXR (.exr) image file, which triggers the crash when opening a folder using Finder, displaying the image in Safari, or using Preview to open the file.
CVE-2006-2274 1 Lksctp 1 Stream Control Transmission Protocol 2026-06-16 5.0 MEDIUM N/A
Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (infinite recursion and crash) via a packet that contains two or more DATA fragments, which causes an skb pointer to refer back to itself when the full message is reassembled, leading to infinite recursion in the sctp_skb_pull function.
CVE-2006-2273 1 Verisign 1 I-nav 2026-06-16 9.3 HIGH N/A
The InstallProduct routine in the Verisign VUpdater.Install (aka i-Nav) ActiveX control does not verify Microsoft Cabinet (.CAB) files, which allows remote attackers to run an arbitrary executable file.
CVE-2006-2272 1 Lksctp 1 Stream Control Transmission Protocol 2026-06-16 7.8 HIGH N/A
Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (kernel panic) via incoming IP fragmented (1) COOKIE_ECHO and (2) HEARTBEAT SCTP control chunks.
CVE-2006-2271 1 Lksctp 1 Lksctp 2026-06-16 7.8 HIGH N/A
The ECNE chunk handling in Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (kernel panic) via an unexpected chunk when the session is in CLOSED state.
CVE-2006-2270 1 Jetbox 1 Jetbox Cms 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in includes/config.php in Jetbox CMS 2.1 allows remote attackers to execute arbitrary code via a URL in the relative_script_path parameter.