Vulnerabilities (CVE)

Filtered by NVD-CWE-Other
Total 29911 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-2247 1 Webcalendar 1 Webcalendar 2026-06-16 5.0 MEDIUM N/A
WebCalendar 1.0.1 to 1.0.3 generates different error messages depending on whether or not a username is valid, which allows remote attackers to enumerate valid usernames.
CVE-2006-2246 1 Uapplication 1 Ublog 2026-06-16 5.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in UBlog 1.6 Access Edition allows remote attackers to inject arbitrary web script or HTML via text fields when adding a blog entry.
CVE-2006-2244 1 Web4future 1 News Portal 2026-06-16 6.4 MEDIUM N/A
Multiple SQL injection vulnerabilities in Web4Future News Portal allow remote attackers to execute arbitrary SQL commands via the ID parameter to (1) comentarii.php or (2) view.php.
CVE-2006-2243 1 Web4future 1 News Portal 2026-06-16 5.8 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Web4Future News Portal allow remote attackers to inject arbitrary web script or HTML via the ID parameter to (1) comentarii.php or (2) view.php. NOTE: this issue might be resultant from SQL injection.
CVE-2006-2242 1 Acftp 1 Acftp 2026-06-16 5.0 MEDIUM N/A
acFTP 1.4 allows remote attackers to cause a denial of service (application crash) via a long string with "{" (brace) characters to the USER command.
CVE-2006-2241 1 Ftrainsoft 1 Fast Click 2026-06-16 6.4 MEDIUM N/A
PHP remote file inclusion vulnerability in show.php in Fast Click SQL Lite 1.1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. NOTE: This is a different vulnerability than CVE-2006-2175.
CVE-2006-2240 1 Fujitsu 4 Netshelter Fw, Netshelter Fw-l, Netshelter Fw-m and 1 more 2026-06-16 5.0 MEDIUM N/A
Unspecified vulnerability in the (1) web cache or (2) web proxy in Fujitsu NetShelter/FW allows remote attackers to cause a denial of service (device unresponsiveness) via certain DNS packets, as demonstrated by the OUSPG PROTOS DNS test suite.
CVE-2006-2237 1 Awstats 1 Awstats 2026-06-16 5.1 MEDIUM N/A
The web interface for AWStats 6.4 and 6.5, when statistics updates are enabled, allows remote attackers to execute arbitrary code via shell metacharacters in the migrate parameter.
CVE-2006-2236 1 Id Software 4 Quake 3 Arena, Quake 3 Engine, Return To Castle Wolfenstein and 1 more 2026-06-16 7.6 HIGH N/A
Buffer overflow in the Quake 3 Engine, as used by (1) ET 2.60, (2) Return to Castle Wolfenstein 1.41, and (3) Quake III Arena 1.32b allows remote attackers to execute arbitrary commands via a long remapShader command.
CVE-2006-2235 1 Codemunkyx 1 Simple Poll 2026-06-16 7.6 HIGH N/A
CodeMunkyX (aka free-php.net) Simple Poll 1.0, when authentication is not required for the admin directory, allows remote attackers to gain administrative privileges by appending /admin/ to the top-level URI of the application.
CVE-2006-2234 1 Tyrocms 1 Tyrocms 2026-06-16 6.8 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in TyroCMS beta 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) a javascript URI in an img BBCode tag, or a JavaScript event in a (2) url BBCode tag or (3) color BBCode tag.
CVE-2006-2233 1 Banktown 1 Btcxctl20com Activex Control 2026-06-16 7.5 HIGH N/A
Buffer overflow in BankTown Client Control (aka BtCxCtl20Com) 1.4.2.51817, and possibly 1.5.2.50209, allows remote attackers to execute arbitrary code via a long string in the first argument to SetBannerUrl. NOTE: portions of these details are obtained from third party information.
CVE-2006-2232 1 Scriptsez 1 Cute Guestbook 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Scriptsez Cute Guestbook 20060211 allows remote attackers to inject arbitrary web script or HTML via the Comments field when signing the guestbook.
CVE-2006-2231 1 Big Webmaster 1 Big Webmaster Guestbook Script 2026-06-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in addguest.cgi in Big Webmaster Guestbook Script 1.02 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) mail, (2) site, (3) city, (4) state, (5) country, and possibly (6) name fields, which are viewed via viewguest.cgi.
CVE-2006-2230 1 Xine 1 Xine 2026-06-16 5.0 MEDIUM N/A
Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.4 might allow attackers to cause a denial of service via format string specifiers in an MP3 filename specified on the command line. NOTE: this is a different vulnerability than CVE-2006-1905. In addition, if the only attack vectors involve a user-assisted, local command line argument of a non-setuid program, this issue might not be a vulnerability.
CVE-2006-2229 1 Openvpn 2 Openvpn, Openvpn Access Server 2026-06-16 4.0 MEDIUM N/A
OpenVPN 2.0.7 and earlier, when configured to use the --management option with an IP that is not 127.0.0.1, uses a cleartext password for TCP sessions to the management interface, which might allow remote attackers to view sensitive information or cause a denial of service.
CVE-2006-2228 1 W-agora 1 W-agora 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in w-Agora (aka Web-Agora) 4.2.0 allows remote attackers to inject arbitrary web script or HTML via a post with a BBCode tag that contains a JavaScript event name followed by whitespace before the '=' (equals) character, which bypasses a restrictive regular expression that attempts to remove onmouseover and other events.
CVE-2006-2227 1 Punbb 1 Punbb 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in misc.php in PunBB 1.2.11 allows remote attackers to inject arbitrary web script or HTML via the req_message parameter, because the value of the redirect_url parameter is not sanitized.
CVE-2006-2226 1 Dxmsoft 1 Xm Easy Personal Ftp Server 2026-06-16 5.0 MEDIUM N/A
Buffer overflow in XM Easy Personal FTP Server 4.2 and 5.0.1 allows remote authenticated users to cause a denial of service via a long argument to the PORT command.
CVE-2006-2225 1 Dxmsoft 1 Xm Easy Personal Ftp Server 2026-06-16 7.5 HIGH N/A
Buffer overflow in XM Easy Personal FTP Server 4.3 and earlier allows remote attackers to execute arbitrary code, probably via a USER command with a long username.