Vulnerabilities (CVE)

Filtered by NVD-CWE-Other
Total 29918 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-1963 1 Pcpin 1 Pcpin Chat 2026-06-16 5.5 MEDIUM N/A
Directory traversal vulnerability in main.php in PCPIN Chat 5.0.4 and earlier allows remote authenticated users to include and execute arbitrary PHP code via a ".." (dot dot) in a language cookie, as demonstrated by uploading then accessing a smiliefile image that actually contains PHP code.
CVE-2006-1961 1 Cisco 5 Ciscoworks 2000 Service Management Solution, Ethernet Subscriber Solution Engine, Hosting Solution Engine and 2 more 2026-06-16 7.5 HIGH N/A
Cisco CiscoWorks Wireless LAN Solution Engine (WLSE) and WLSE Express before 2.13, Hosting Solution Engine (HSE) and User Registration Tool (URT) before 20060419, and all versions of Ethernet Subscriber Solution Engine (ESSE) and CiscoWorks2000 Service Management Solution (SMS) allow local users to gain Linux shell access via shell metacharacters in arguments to the "show" command in the application's command line interface (CLI), aka bug ID CSCsd21502 (WLSE), CSCsd22861 (URT), and CSCsd22859 (HSE). NOTE: other issues might be addressed by the Cisco advisory.
CVE-2006-1960 1 Cisco 1 Wireless Lan Solution Engine 2026-06-16 5.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the appliance web user interface in Cisco CiscoWorks Wireless LAN Solution Engine (WLSE) and WLSE Express before 2.13 allows remote attackers to inject arbitrary web script or HTML, possibly via the displayMsg parameter to archiveApplyDisplay.jsp, aka bug ID CSCsc01095.
CVE-2006-1959 1 Actualscripts 1 Actualanalyzer 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in direct.php in ActualScripts ActualAnalyzer Lite 2.72 and earlier, Gold 7.63 and earlier, and Server 8.23 and earlier allows remote attackers to execute arbitrary code via a URL in the rf parameter.
CVE-2006-1958 1 Wired Community Software 1 Wwwthreads 2026-06-16 6.4 MEDIUM N/A
Multiple SQL injection vulnerabilities in WWWThreads RC 3 allow remote attackers to execute arbitrary SQL commands via (1) the forumreferrer cookie to register.php and (2) the messages parameter in message_list.php.
CVE-2006-1956 2 Joomla, Mambo 2 Joomla, Mambo 2026-06-16 5.0 MEDIUM N/A
The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows remote attackers to obtain sensitive information via an invalid feed parameter, which reveals the path in an error message.
CVE-2006-1955 1 Nfec.de 1 Rechnungszentrale 2026-06-16 5.0 MEDIUM N/A
PHP remote file inclusion vulnerability in authent.php4 in Nicolas Fischer (aka NFec) RechnungsZentrale V2 1.1.3, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter.
CVE-2006-1954 1 Nfec.de 1 Rechnungszentrale 2026-06-16 5.0 MEDIUM N/A
SQL injection vulnerability in authent.php4 in Nicolas Fischer (aka NFec) RechnungsZentrale V2 1.1.3, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the User field.
CVE-2006-1953 1 Caucho Technology 1 Resin 2026-06-16 7.8 HIGH N/A
Directory traversal vulnerability in Caucho Resin 3.0.17 and 3.0.18 for Windows allows remote attackers to read arbitrary files via a "C:%5C" (encoded drive letter) in a URL.
CVE-2006-1952 1 Winagents 1 Tftp Server 2026-06-16 5.0 MEDIUM N/A
Directory traversal vulnerability in WinAgents TFTP Server for Windows 3.1 and earlier allows remote attackers to read arbitrary files via "..." (triple dot) sequences in a GET request.
CVE-2006-1951 1 Solarwinds 1 Tftp Server 2026-06-16 5.0 MEDIUM N/A
Directory traversal vulnerability in SolarWinds TFTP Server 8.1 and earlier allows remote attackers to download arbitrary files via a crafted GET request including "....//" sequences, which are collapsed into "../" sequences by filtering.
CVE-2006-1950 1 Perlcoders Group 1 Bannerfarm 2026-06-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in banners.cgi in PerlCoders BannerFarm 2.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) aff and (2) cat parameters.
CVE-2006-1949 1 Nicplex 1 Plexcart 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in plexcart.pl in NicPlex PlexCart X3 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter.
CVE-2006-1948 1 Ibm 1 Lotus Notes 2026-06-16 4.0 MEDIUM N/A
The "Add Sender to Address Book" operation (AddSenderToAddressBook.lss) and NameHelper.lss in IBM Lotus Notes 6.0 and 6.5 before 20060331 do not properly store information in the Personal Address Book when multiple messages are checked and a message uses AltFrom, which might allow user-assisted remote attackers to trick a user into sending e-mail to an unauthorized recipient.
CVE-2006-1947 1 Nicplex 1 Plexum 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in plexum.php in NicPlex Plexum X5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) pagesize, (2) maxrec, and (3) startpos parameters.
CVE-2006-1946 1 Visale 1 Visale 2026-06-16 2.6 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in Visale 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the keyval parameter in pbpgst.cgi, (2) the catsubno parameter in pblscg.cgi, and (3) the listno parameter in pblsmb.cgi.
CVE-2006-1945 1 Awstats 1 Awstats 2026-06-16 2.6 LOW N/A
Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the config parameter. NOTE: this might be the same core issue as CVE-2005-2732.
CVE-2006-1944 1 Sibsoft 1 Communimail 2026-06-16 2.6 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in SibSoft CommuniMail 1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the list_id parameter in mailadmin.cgi and (2) the form_id parameter in templates.cgi.
CVE-2006-1943 1 Smarter Scripts 1 Intellilink Pro 2026-06-16 2.6 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in Smarter Scripts IntelliLink Pro 5.06 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter in addlink_lwp.cgi and the (2) id, (3) forgotid, and (4) forgotpass parameters in edit.cgi.
CVE-2006-1942 3 K-meleon Project, Mozilla, Netscape 3 K-meleon, Firefox, Navigator 2026-06-16 5.1 MEDIUM N/A
Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, Netscape 8.1, 8.0.4, and 7.2, and K-Meleon 0.9.13 allows user-assisted remote attackers to open local files via a web page with an IMG element containing a SRC attribute with a non-image file:// URL, then tricking the user into selecting View Image for the broken image, as demonstrated using a .wma file to launch Windows Media Player, or by referencing an "alternate web page."