Vulnerabilities (CVE)

Filtered by NVD-CWE-Other
Total 29911 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-2168 1 Fileprotection Express 1 Fileprotection Express 2026-06-16 7.5 HIGH N/A
FileProtection Express 1.0.1 and earlier allows remote attackers to bypass authentication via a cookie with an Admin value of 1.
CVE-2006-2167 1 Sloughflash 1 Sf-users 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in SloughFlash SF-Users 1.0, possibly in register.php, allows remote attackers to inject arbitrary web script or HTML by setting the username field to contain JavaScript in the SRC attribute of an IMG element.
CVE-2006-2166 1 Cisco 2 Unity Express, Unity Express Software 2026-06-16 2.1 LOW N/A
Unspecified vulnerability in the HTTP management interface in Cisco Unity Express (CUE) 2.2(2) and earlier, when running on any CUE Advanced Integration Module (AIM) or Network Module (NM), allows remote authenticated attackers to reset the password for any user with an expired password.
CVE-2006-2165 1 Pentasoft Corp. 1 Avactis Shopping Cart 2026-06-16 2.6 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in Avactis Shopping Cart 0.1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) category_id parameter in (a) store_special_offers.php and (b) store.php and (2) prod_id parameter in (c) product_info.php. NOTE: this issue might be resultant from SQL injection.
CVE-2006-2164 1 Pentasoft Corp. 1 Avactis Shopping Cart 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in Avactis Shopping Cart 0.1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) category_id parameter in (a) store_special_offers.php and (b) store.php, and (2) prod_id parameter in (c) cart.php and (d) product_info.php. NOTE: this issue also produces resultant full path disclosure from invalid SQL queries.
CVE-2006-2163 1 Desert Dog Software 1 Pinnacle Cart 2026-06-16 2.6 LOW N/A
Cross-site scripting (XSS) vulnerability in index.php in Pinnacle Cart 3.33 and earlier allows remote attackers to inject arbitrary web script or HTML via the setbackurl parameter.
CVE-2006-2162 1 Nagios 1 Nagios 2026-06-16 5.0 MEDIUM N/A
Buffer overflow in CGI scripts in Nagios 1.x before 1.4 and 2.x before 2.3 allows remote attackers to execute arbitrary code via a negative content length (Content-Length) HTTP header.
CVE-2006-2161 3 Cam Development, Erik Dienske, Roger Aelbrecht 3 Cam Unzip, Abakt, Tzipbuilder 2026-06-16 5.1 MEDIUM N/A
Buffer overflow in (1) TZipBuilder 1.79.03.01, (2) Abakt 0.9.2 and 0.9.3-beta1, (3) CAM UnZip 4.0 and 4.3, and possibly other products, allows user-assisted attackers to execute arbitrary code via a ZIP archive that contains a file with a long file name.
CVE-2006-2160 1 Russcom Network 1 Loginphp 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Russcom Network Loginphp (Russcom.Loginphp) allows remote attackers to inject arbitrary web script or HTML via the username field when registering.
CVE-2006-2159 1 Russcom Network 1 Loginphp 2026-06-16 5.0 MEDIUM N/A
CRLF injection vulnerability in help.php in Russcom Network Loginphp allows remote attackers to spoof e-mails and inject MIME headers via CRLF sequences in the email address.
CVE-2006-2158 1 Stadtaus 1 Guestbook Script 2026-06-16 6.4 MEDIUM N/A
Dynamic variable evaluation vulnerability in index.php in Stadtaus Guestbook Script 1.7 and earlier, when register_globals is enabled, allows remote attackers to modify arbitrary program variables via parameters, which are evaluated as PHP variable variables, as demonstrated by performing PHP remote file inclusion using the include_files array parameter.
CVE-2006-2156 1 X7 Group 1 X7 Chat 2026-06-16 6.4 MEDIUM N/A
Directory traversal vulnerability in help/index.php in X7 Chat 2.0 and earlier allows remote attackers to include arbitrary files via .. (dot dot) sequences in the help_file parameter.
CVE-2006-2155 1 Emc 1 Retrospect 2026-06-16 4.6 MEDIUM N/A
EMC Retrospect for Windows 6.5 before 6.5.382, 7.0 before 7.0.344, and 7.5 before 7.5.1.105 allows local users to execute arbitrary code by replacing the Retrospect.exe file, possibly due to improper file permissions.
CVE-2006-2154 1 Emc 1 Retrospect 2026-06-16 7.2 HIGH N/A
EMC Retrospect for Windows 6.5 before 6.5.382, 7.0 before 7.0.344, and 7.5 before 7.5.1.105 does not drop privileges before opening files, which allows local users to execute arbitrary code via the File>Open dialog.
CVE-2006-2153 1 Jbmc Software 1 Directadmin 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in HTM_PASSWD in DirectAdmin Hosting Management allows remote attackers to inject arbitrary web script or HTML via the domain parameter.
CVE-2006-2152 1 Phpbb Group 1 Phpbb Advanced Guestbook 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in admin/addentry.php in phpBB Advanced Guestbook 2.4.0 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via the phpbb_root_path parameter.
CVE-2006-2151 1 Phpbb Group 1 Phpbb Toplist 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in toplist.php in phpBB TopList 1.3.8 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via the phpbb_root_path parameter.
CVE-2006-2150 1 Phpbb Group 1 Phpbb Toplist 2026-06-16 6.4 MEDIUM N/A
PHP remote file inclusion vulnerability in top/list.php in phpBB TopList 1.3.8 and earlier allows remote attackers to include arbitrary files via the returnpath parameter.
CVE-2006-2149 1 Avatic 1 Aardvark Topsites Php 2026-06-16 6.4 MEDIUM N/A
PHP remote file inclusion vulnerability in sources/lostpw.php in Aardvark Topsites PHP 4.2.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the CONFIG[path] parameter, as demonstrated by including a GIF that contains PHP code.
CVE-2006-2148 1 Cgiirc 1 Cgiirc 2026-06-16 7.5 HIGH N/A
Multiple buffer overflows in client.c in CGI:IRC (CGIIRC) before 0.5.8 might allow remote attackers to execute arbitrary code via (1) cookies or (2) the query string.