Total
29912 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2127 | 1 Blog Mod | 1 Blog Mod | 2026-06-16 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in weblog_posting.php in Blog Mod 0.2.x allows remote attackers to execute arbitrary SQL commands via the r parameter. | |||||
| CVE-2006-2126 | 1 Avalon Ltd | 1 Maxtrade | 2026-06-16 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in pocategories.php in MaxTrade 1.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) categori and (2) stranica parameters. | |||||
| CVE-2006-2124 | 1 Turnkey Solutions | 1 Sunshop Shopping Cart | 2026-06-16 | 5.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SunShop 3.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) prevaction, (2) previd, (3) prevstart, (4) itemid, (5) id, and (6) action parameters in index.php. | |||||
| CVE-2006-2123 | 1 Network Administration Visualized | 1 Network Administration Visualized | 2026-06-16 | 6.4 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in the report interface in Network Administration Visualized (NAV) before 3.0.1 allow remote attackers to execute arbitrary SQL commands via unknown vectors. | |||||
| CVE-2006-2121 | 1 I-rater | 1 I-rater Platinum | 2026-06-16 | 5.0 MEDIUM | N/A |
| PHP remote file include vulnerability in admin/config_settings.tpl.php in I-RATER Platinum allows remote attackers to execute arbitrary code via a URL in the include_path parameter. NOTE: this is a different vector, and possibly a different vulnerability, than CVE-2006-1929. | |||||
| CVE-2006-2120 | 1 Libtiff | 1 Libtiff | 2026-06-16 | 2.1 LOW | N/A |
| The TIFFToRGB function in libtiff before 3.8.1 allows remote attackers to cause a denial of service (crash) via a crafted TIFF image with Yr/Yg/Yb values that exceed the YCR/YCG/YCB values, which triggers an out-of-bounds read. | |||||
| CVE-2006-2119 | 1 Artmedic Webdesign | 1 Artmedic Event | 2026-06-16 | 5.0 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in event/index.php in Artmedic Event allows remote attackers to execute arbitrary code via a URL in the page parameter. | |||||
| CVE-2006-2118 | 1 Jmk Web Scripts | 1 Jmk Picture Gallery | 2026-06-16 | 7.5 HIGH | N/A |
| JMK's Picture Gallery allows remote attackers to bypass authentication via a direct request to admin_gallery.php3, possibly related to the add action. | |||||
| CVE-2006-2117 | 1 Extrosoft | 1 Thyme | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Thyme 1.3 allows remote attackers to inject arbitrary web script or HTML via the search page. | |||||
| CVE-2006-2116 | 1 Planet Concept | 1 Planetgallery | 2026-06-16 | 7.5 HIGH | N/A |
| planetGallery allows remote attackers to gain administrator privileges via a direct request to admin/gallery_admin.php. | |||||
| CVE-2006-2115 | 1 Sws | 1 Sws Simple Web Server | 2026-06-16 | 7.5 HIGH | N/A |
| Format string vulnerability in SWS web Server 0.1.7 allows remote attackers to execute arbitrary code via unspecified vectors that are not properly handled in a syslog function call. | |||||
| CVE-2006-2114 | 1 Sws | 1 Sws Simple Web Server | 2026-06-16 | 7.5 HIGH | N/A |
| Buffer overflow in SWS web Server 0.1.7 allows remote attackers to execute arbitrary code via a long request. | |||||
| CVE-2006-2110 | 1 Virtual Private Server | 1 Vserver | 2026-06-16 | 2.1 LOW | N/A |
| Virtual Private Server (Vserver) 2.0.x before 2.0.2-rc18 and 2.1.x before 2.1.1-rc18 provides certain context capabilities (ccaps) that allow local guest users to perform operations that were only intended to be allowed by the guest-root. | |||||
| CVE-2006-2109 | 1 Jsboard | 1 Jsboard | 2026-06-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the parse_query_str function in include/print.php in JSBoard 2.0.10 and 2.0.11, and possibly other versions before 2.0.12, allows remote attackers to inject arbitrary web script or HTML via parameters that are set as global variables within the program, as demonstrated using the table parameter to login.php. | |||||
| CVE-2006-2107 | 1 Bl4 | 1 Smtp Server | 2026-06-16 | 7.5 HIGH | N/A |
| Buffer overflow in BL4 SMTP Server 0.1.4 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long argument to the (1) EHLO, (2) MAIL FROM, and (3) RCPT TO commands. | |||||
| CVE-2006-2106 | 1 Edgewall Software | 1 Trac | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Edgewall Software Trac 0.9.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors related to a "wiki macro." | |||||
| CVE-2006-2105 | 1 Jupiter Cms | 1 Jupiter Cms | 2026-06-16 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Jupiter CMS 1.1.4 and 1.1.5 allows remote attackers to read arbitrary files via ".." sequences terminated by a %00 (null) character in the n parameter. | |||||
| CVE-2006-2104 | 1 Kmail | 1 Kmail | 2026-06-16 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Kamgaing Email System (kmail) 2.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) d parameter to main.php, ordner parameter to (2) main.php, or (3) webdisk.php, (4) draft parameter to compose.php, or (5) m, or (6) y parameter to calendar.php. | |||||
| CVE-2006-2102 | 1 Poweriso | 1 Poweriso | 2026-06-16 | 7.8 HIGH | N/A |
| Directory traversal vulnerability in PowerISO 2.9 allows remote attackers to write arbitrary files via a .. (dot dot) in a filename in an ISO image. | |||||
| CVE-2006-2101 | 1 Winiso Computing | 1 Winiso | 2026-06-16 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in WinISO 5.3 allows remote attackers to write arbitrary files via a .. (dot dot) in a filename in an ISO image. | |||||
