Total
29911 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2168 | 1 Fileprotection Express | 1 Fileprotection Express | 2026-06-16 | 7.5 HIGH | N/A |
| FileProtection Express 1.0.1 and earlier allows remote attackers to bypass authentication via a cookie with an Admin value of 1. | |||||
| CVE-2006-2167 | 1 Sloughflash | 1 Sf-users | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SloughFlash SF-Users 1.0, possibly in register.php, allows remote attackers to inject arbitrary web script or HTML by setting the username field to contain JavaScript in the SRC attribute of an IMG element. | |||||
| CVE-2006-2166 | 1 Cisco | 2 Unity Express, Unity Express Software | 2026-06-16 | 2.1 LOW | N/A |
| Unspecified vulnerability in the HTTP management interface in Cisco Unity Express (CUE) 2.2(2) and earlier, when running on any CUE Advanced Integration Module (AIM) or Network Module (NM), allows remote authenticated attackers to reset the password for any user with an expired password. | |||||
| CVE-2006-2165 | 1 Pentasoft Corp. | 1 Avactis Shopping Cart | 2026-06-16 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Avactis Shopping Cart 0.1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) category_id parameter in (a) store_special_offers.php and (b) store.php and (2) prod_id parameter in (c) product_info.php. NOTE: this issue might be resultant from SQL injection. | |||||
| CVE-2006-2164 | 1 Pentasoft Corp. | 1 Avactis Shopping Cart | 2026-06-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Avactis Shopping Cart 0.1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) category_id parameter in (a) store_special_offers.php and (b) store.php, and (2) prod_id parameter in (c) cart.php and (d) product_info.php. NOTE: this issue also produces resultant full path disclosure from invalid SQL queries. | |||||
| CVE-2006-2163 | 1 Desert Dog Software | 1 Pinnacle Cart | 2026-06-16 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Pinnacle Cart 3.33 and earlier allows remote attackers to inject arbitrary web script or HTML via the setbackurl parameter. | |||||
| CVE-2006-2162 | 1 Nagios | 1 Nagios | 2026-06-16 | 5.0 MEDIUM | N/A |
| Buffer overflow in CGI scripts in Nagios 1.x before 1.4 and 2.x before 2.3 allows remote attackers to execute arbitrary code via a negative content length (Content-Length) HTTP header. | |||||
| CVE-2006-2161 | 3 Cam Development, Erik Dienske, Roger Aelbrecht | 3 Cam Unzip, Abakt, Tzipbuilder | 2026-06-16 | 5.1 MEDIUM | N/A |
| Buffer overflow in (1) TZipBuilder 1.79.03.01, (2) Abakt 0.9.2 and 0.9.3-beta1, (3) CAM UnZip 4.0 and 4.3, and possibly other products, allows user-assisted attackers to execute arbitrary code via a ZIP archive that contains a file with a long file name. | |||||
| CVE-2006-2160 | 1 Russcom Network | 1 Loginphp | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Russcom Network Loginphp (Russcom.Loginphp) allows remote attackers to inject arbitrary web script or HTML via the username field when registering. | |||||
| CVE-2006-2159 | 1 Russcom Network | 1 Loginphp | 2026-06-16 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in help.php in Russcom Network Loginphp allows remote attackers to spoof e-mails and inject MIME headers via CRLF sequences in the email address. | |||||
| CVE-2006-2158 | 1 Stadtaus | 1 Guestbook Script | 2026-06-16 | 6.4 MEDIUM | N/A |
| Dynamic variable evaluation vulnerability in index.php in Stadtaus Guestbook Script 1.7 and earlier, when register_globals is enabled, allows remote attackers to modify arbitrary program variables via parameters, which are evaluated as PHP variable variables, as demonstrated by performing PHP remote file inclusion using the include_files array parameter. | |||||
| CVE-2006-2156 | 1 X7 Group | 1 X7 Chat | 2026-06-16 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in help/index.php in X7 Chat 2.0 and earlier allows remote attackers to include arbitrary files via .. (dot dot) sequences in the help_file parameter. | |||||
| CVE-2006-2155 | 1 Emc | 1 Retrospect | 2026-06-16 | 4.6 MEDIUM | N/A |
| EMC Retrospect for Windows 6.5 before 6.5.382, 7.0 before 7.0.344, and 7.5 before 7.5.1.105 allows local users to execute arbitrary code by replacing the Retrospect.exe file, possibly due to improper file permissions. | |||||
| CVE-2006-2154 | 1 Emc | 1 Retrospect | 2026-06-16 | 7.2 HIGH | N/A |
| EMC Retrospect for Windows 6.5 before 6.5.382, 7.0 before 7.0.344, and 7.5 before 7.5.1.105 does not drop privileges before opening files, which allows local users to execute arbitrary code via the File>Open dialog. | |||||
| CVE-2006-2153 | 1 Jbmc Software | 1 Directadmin | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in HTM_PASSWD in DirectAdmin Hosting Management allows remote attackers to inject arbitrary web script or HTML via the domain parameter. | |||||
| CVE-2006-2152 | 1 Phpbb Group | 1 Phpbb Advanced Guestbook | 2026-06-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in admin/addentry.php in phpBB Advanced Guestbook 2.4.0 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via the phpbb_root_path parameter. | |||||
| CVE-2006-2151 | 1 Phpbb Group | 1 Phpbb Toplist | 2026-06-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in toplist.php in phpBB TopList 1.3.8 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via the phpbb_root_path parameter. | |||||
| CVE-2006-2150 | 1 Phpbb Group | 1 Phpbb Toplist | 2026-06-16 | 6.4 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in top/list.php in phpBB TopList 1.3.8 and earlier allows remote attackers to include arbitrary files via the returnpath parameter. | |||||
| CVE-2006-2149 | 1 Avatic | 1 Aardvark Topsites Php | 2026-06-16 | 6.4 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in sources/lostpw.php in Aardvark Topsites PHP 4.2.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the CONFIG[path] parameter, as demonstrated by including a GIF that contains PHP code. | |||||
| CVE-2006-2148 | 1 Cgiirc | 1 Cgiirc | 2026-06-16 | 7.5 HIGH | N/A |
| Multiple buffer overflows in client.c in CGI:IRC (CGIIRC) before 0.5.8 might allow remote attackers to execute arbitrary code via (1) cookies or (2) the query string. | |||||
