Vulnerabilities (CVE)

Filtered by NVD-CWE-Other
Total 29911 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-2222 1 Norz 1 Zawhttpd 2026-06-16 5.0 MEDIUM N/A
Buffer overflow in zawhttpd 0.8.23, and possibly previous versions, allows remote attackers to cause a denial of service (daemon crash) via a request for a URI composed of several "\" (backslash) characters.
CVE-2006-2221 2 Bitrock, Process-one 2 Install Builder, Ejabberd 2026-06-16 2.1 LOW N/A
A third-party installer generation tool, possibly BitRock InstallBuilder, as used in products including Process-one ejabberd 1.1.1_1 and earlier, generates an installer that allows local users to cause a denial of service via a symlink attack on the bitrock_installer.log temporary file. NOTE: it is possible that this vulnerability is present in other products that use this installer.
CVE-2006-2217 1 Invision Power Services 1 Invision Power Board 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in index.php in Invision Power Board allows remote attackers to execute arbitrary SQL commands via the pid parameter in a reputation action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-2216 1 Devsyn 1 Open Bulletin Board 2026-06-16 5.0 MEDIUM N/A
Open Bulletin Board (OpenBB) 1.0.8 allows remote attackers to obtain the full path of the web server via an invalid pforums parameter to (1) misc.php and (2) member.php.
CVE-2006-2214 1 4images 1 Image Gallery Management System 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in 4images 1.7.1 and earlier allow remote attackers to execute arbitrary SQL commands via the sessionid parameter in (1) top.php and (2) member.php. NOTE: this issue has also been reported to affect 1.7.2.
CVE-2006-2213 1 Hostapd 1 Hostapd 2026-06-16 5.0 MEDIUM N/A
Hostapd 0.3.7-2 allows remote attackers to cause a denial of service (segmentation fault) via an unspecified value in the key_data_length field of an EAPoL frame.
CVE-2006-2212 1 Karjasoft 1 Sami Ftp Server 2026-06-16 6.4 MEDIUM N/A
Buffer overflow in KarjaSoft Sami FTP Server 2.0.2 and earlier allows remote attackers to execute arbitrary code via a long (1) USER or (2) PASS command.
CVE-2006-2211 1 321soft 1 Php-gallery 2026-06-16 5.0 MEDIUM N/A
Absolute path traversal vulnerability in index.php in 321soft PhP-Gallery 0.9 allows remote attackers to browse arbitrary directories via the path parameter.
CVE-2006-2210 1 321soft 1 Php-gallery 2026-06-16 5.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.php in 321soft PhP-Gallery 0.9 allows remote attackers to inject arbitrary web script or HTML via the path parameter. NOTE: this issue might be resultant from the directory traversal vulnerability.
CVE-2006-2209 1 Php Arena 1 Pacheckbook 2026-06-16 6.4 MEDIUM N/A
Multiple SQL injection vulnerabilities in index.php in PHP Arena paCheckBook 1.1 allow remote attackers to execute arbitrary SQL commands via (1) the transtype parameter in an add action or (2) entry parameter in an edit action. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-2208 1 Planetluc 1 Mynews 2026-06-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in mynews.inc.php in MyNews 1.6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) hash and (2) page parameters.
CVE-2006-2206 1 Ultravnc 1 Ultravnc 2026-06-16 10.0 HIGH N/A
The MS-Logon authentication scheme in UltraVNC (aka Ultr@VNC) 1.0.1 uses weak encryption (XOR) for challenge/response, which allows remote attackers to gain privileges by sniffing and decrypting passwords.
CVE-2006-2205 1 Netbsd 1 Netbsd 2026-06-16 2.1 LOW N/A
The audio_write function in NetBSD 3.0 allows local users to cause a denial of service (kernel crash) by using the audiosetinfo ioctl to change the sample rate of an audio device.
CVE-2006-2204 1 Invision Power Services 1 Invision Power Board 2026-06-16 5.5 MEDIUM N/A
SQL injection vulnerability in the topic deletion functionality (post_delete function in func_mod.php) for Invision Power Board 2.1.5 allows remote authenticated moderators to execute arbitrary SQL commands via the selectedpids parameter, which bypasses an integer value check when the $id variable is an array.
CVE-2006-2203 1 Kerio 1 Kerio Mailserver 2026-06-16 6.4 MEDIUM N/A
Unspecified vulnerability in Kerio MailServer before 6.1.4 has unknown impact and remote attack vectors related to a "possible bypass of attachment filter."
CVE-2006-2202 1 Invision Power Services 1 Invision Gallery 2026-06-16 6.4 MEDIUM N/A
SQL injection vulnerability in post.php in Invision Gallery 2.0.6 allows remote attackers to execute arbitrary SQL commands via the album parameter.
CVE-2006-2196 1 Jochen Friedrich 1 Pinball 2026-06-16 4.6 MEDIUM N/A
Unspecified vulnerability in pinball 0.3.1 allows local users to gain privileges via unknown attack vectors that cause pinball to load plugins from an attacker-controlled directory while operating at raised privileges.
CVE-2006-2195 1 Horde 1 Horde 2026-06-16 6.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in horde 3 (horde3) before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) templates/problem/problem.inc and (2) test.php.
CVE-2006-2194 1 Point-to-point Protocol Project 1 Point-to-point Protocol 2026-06-16 7.2 HIGH N/A
The winbind plugin in pppd for ppp 2.4.4 and earlier does not check the return code from the setuid function call, which might allow local users to gain privileges by causing setuid to fail, such as exceeding PAM limits for the maximum number of user processes, which prevents the winbind NTLM authentication helper from dropping privileges.
CVE-2006-2193 1 Libtiff 1 Libtiff 2026-06-16 7.5 HIGH N/A
Buffer overflow in the t2p_write_pdf_string function in tiff2pdf in libtiff 3.8.2 and earlier allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a TIFF file with a DocumentName tag that contains UTF-8 characters, which triggers the overflow when a character is sign extended to an integer that produces more digits than expected in an sprintf call.