Vulnerabilities (CVE)

Filtered by NVD-CWE-Other
Total 29911 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-2269 1 Mywebland 1 Mybloggie 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in myWebland MyBloggie 2.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode img tag.
CVE-2006-2267 1 Kerio 1 Winroute Firewall 2026-06-16 5.0 MEDIUM N/A
Kerio WinRoute Firewall before 6.2.1 allows remote attackers to cause a denial of service (application crash) via unknown vectors in the "email protocol inspectors," possibly (1) SMTP and (2) POP3.
CVE-2006-2266 1 Chirpy 1 Chirpy 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in Chirpy! 0.1 allows remote attackers to execute arbitrary SQL commands via unspecified parameters.
CVE-2006-2265 1 Ocean12 Technologies 1 Calendar Manager Pro 2026-06-16 2.6 LOW N/A
Cross-site scripting vulnerability in admin/main.asp in Ocean12 Calendar Manager Pro 1.00 allows remote attackers to inject arbitrary web script or HTML via the date parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-2264 1 Ocean12 Technologies 1 Calendar Manager Pro 2026-06-16 6.5 MEDIUM N/A
Multiple SQL injection vulnerabilities in Ocean12 Calendar Manager Pro 1.00 allow remote attackers to execute arbitrary SQL commands via the (1) date parameter to admin/main.asp, (2) SearchFor parameter to admin/view.asp, or (3) ID parameter to admin/edit.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-2263 1 Virtual Programming 1 Vp-asp 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in shopcurrency.asp in VP-ASP 6.00 allows remote attackers to execute arbitrary SQL commands via the cid parameter.
CVE-2006-2262 1 Singapore 1 Singapore 2026-06-16 2.6 LOW N/A
Cross-site scripting (XSS) vulnerability in index.php in singapore 0.9.7 allows remote attackers to inject arbitrary web script or HTML via the image parameter.
CVE-2006-2261 1 Acal 1 Acal 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in day.php in ACal 2.2.6 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
CVE-2006-2260 1 Drupal 1 Drupal 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the project module (project.module) in Drupal 4.5 and 4.6 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
CVE-2006-2258 1 Maxxcode 1 Maxxschedule 2026-06-16 2.6 LOW N/A
Cross-site scripting (XSS) vulnerability in Logon.asp in MaxxSchedule 1.0 allows remote attackers to inject arbitrary web script or HTML via the Error parameter.
CVE-2006-2257 1 Faktorystudios 1 Easyevent 2026-06-16 5.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.php in easyEvent 1.2 allows remote attackers to inject arbitrary web script or HTML via the curr_year parameter.
CVE-2006-2256 1 Eqdkp 1 Eqdkp 2026-06-16 6.4 MEDIUM N/A
PHP remote file inclusion vulnerability in includes/dbal.php in EQdkp 1.3.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the eqdkp_root_path parameter.
CVE-2006-2255 1 Creative Software 1 Community Portal 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in Creative Community Portal 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter to (a) ArticleView.php, (2) forum_id parameter to (b) DiscView.php or (c) Discussions.php, (3) event_id parameter to (d) EventView.php, (4) AddVote and (5) answer_id parameter to (e) PollResults.php, or (7) mid parameter to (f) DiscReply.php.
CVE-2006-2254 1 Intervations 1 Filecopa 2026-06-16 5.0 MEDIUM N/A
Buffer overflow in filecpnt.exe in FileCOPA 1.01 allows remote attackers to cause a denial of service (application crash) via a username with a large number of newline characters.
CVE-2006-2253 1 Otterware 1 Statit 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in visible_count_inc.php in Statit 4 (060207) allows remote attackers to execute arbitrary PHP code via a URL in the statitpath parameter.
CVE-2006-2252 1 Openfaq 1 Openfaq 2026-06-16 6.4 MEDIUM N/A
Cross-site scripting vulnerability in submit.php in OpenFAQ 0.4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter.
CVE-2006-2251 1 Invision Power Services 1 Invision Community Blog 2026-06-16 6.4 MEDIUM N/A
SQL injection vulnerability in the do_mmod function in mod.php in Invision Community Blog (ICB) 1.1.2 final through 1.2 allows remote attackers with moderator privileges to execute arbitrary SQL commands via the selectedbids parameter.
CVE-2006-2250 1 Cutephp 1 Cutenews 2026-06-16 6.4 MEDIUM N/A
CuteNews 1.4.1 allows remote attackers to obtain sensitive information via a direct request to (1) /inc/show.inc.php or (2) /inc/functions.inc.php, which reveal the path in an error message.
CVE-2006-2249 1 Cutephp 1 Cutenews 2026-06-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in search.php in CuteNews 1.4.1 and earlier, and possibly 1.4.5, allow remote attackers to inject arbitrary web script or HTML via the (1) user, (2) story, or (3) title parameters.
CVE-2006-2248 1 Northern Solutions 1 Xeneo Web Server 2026-06-16 5.0 MEDIUM N/A
Xeneo Web Server 2.2.22.0 allows remote attackers to obtain the source code of script files via crafted requests containing dot, space, and slash characters in the file extension.