Total
29921 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1843 | 1 Cynical Games | 1 Shoutbook | 2026-06-16 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in global.php in ShoutBOOK 1.1 allows remote attackers to inject arbitrary web script or HTML via the (1) LOCATION and (2) URL parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-1842 | 1 Cynical Games | 1 Shoutbook | 2026-06-16 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in global.php in ShoutBOOK 1.1 allows remote attackers to inject arbitrary web script or HTML via the (1) NAME and (2) COMMENTS parameters. | |||||
| CVE-2006-1841 | 1 Kailash Nadh | 1 Boastmachine | 2026-06-16 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in boastMachine (bMachine) 2.7, and possibly other versions before 2.9b, allows remote attackers to inject arbitrary web script or HTML via the key parameter, as used by the search field. | |||||
| CVE-2006-1839 | 1 Php Album | 1 Php Album | 2026-06-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in language.php in PHP Album 0.3.2.3, when register_globals is enabled, allows remote attackers to execute arbitrary code via an FTP URL in the data_dir parameter, which satisfies the file_exists function call. | |||||
| CVE-2006-1838 | 1 Clanscripte.net | 1 Fuju News | 2026-06-16 | 7.5 HIGH | N/A |
| edit_kategorie.php in Fuju News 1.0 allows remote attackers to bypass authentication by setting the authorized cookie. | |||||
| CVE-2006-1837 | 1 Clanscripte.net | 1 Fuju News | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in archiv2.php in Fuju News 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter. | |||||
| CVE-2006-1836 | 1 Symantec | 6 Liveupdate, Norton Antivirus, Norton Internet Security and 3 more | 2026-06-16 | 6.8 MEDIUM | N/A |
| Untrusted search path vulnerability in unspecified components in Symantec LiveUpdate for Macintosh 3.0.0 through 3.5.0 do not set the execution path, which allows local users to gain privileges via a Trojan horse program. | |||||
| CVE-2006-1835 | 1 Vincent Hor | 2 Calendarix, Calendarix Advanced | 2026-06-16 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in yearcal.php in Calendarix allows remote attackers to inject arbitrary web script or HTML via the ycyear parameter. | |||||
| CVE-2006-1833 | 1 Netbsd | 1 Netbsd | 2026-06-16 | 2.6 LOW | N/A |
| Intel RNG Driver in NetBSD 1.6 through 3.0 may incorrectly detect the presence of the pchb interface, which will cause it to always generate the same random number, which allows remote attackers to more easily crack encryption keys generated from the interface. | |||||
| CVE-2006-1832 | 1 Coder-world | 1 Sysinfo | 2026-06-16 | 5.0 MEDIUM | N/A |
| sysinfo.cgi in sysinfo 1.21 allows remote attackers to obtain the installation path via the debugger action. | |||||
| CVE-2006-1831 | 1 Coder-world | 1 Sysinfo | 2026-06-16 | 7.5 HIGH | N/A |
| Direct static code injection vulnerability in sysinfo.cgi in sysinfo 1.21 and possibly other versions before 2.25 allows remote attackers to execute arbitrary commands via a leading ; (semicolon) in the name parameter in a systemdoc action, which is injected into phpinfo.php. | |||||
| CVE-2006-1830 | 1 Sun | 1 Java Studio Enterprise | 2026-06-16 | 3.7 LOW | N/A |
| Sun Java Studio Enterprise 8, when installed as root, creates certain files with world-writable permissions, which allows local users to execute arbitrary commands via unspecified vectors. | |||||
| CVE-2006-1829 | 1 Sybase | 1 Easerver | 2026-06-16 | 4.0 MEDIUM | N/A |
| EAServer Manager in Sybase EAServer 5.2 and 5.3 allows remote authenticated users, possibly guests, to obtain password credentials of arbitrary users via unspecified vectors involving (1) connection caches, (2) open password prompts, and (3) stored custom connection profiles. | |||||
| CVE-2006-1828 | 1 Php121 | 1 Php121 Instant Messenger | 2026-06-16 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in php121language.php in PHP121 1.4 allows remote attackers to execute arbitrary SQL commands and execute arbitrary code via the sess_username variable, as set by the php121un HTTP COOKIE parameter, which is used in multiple files including php121login.php. NOTE: the code execution occurs because the SQL query results are used in an include statement. | |||||
| CVE-2006-1827 | 1 Digium | 1 Asterisk | 2026-06-16 | 6.4 MEDIUM | N/A |
| Integer signedness error in format_jpeg.c in Asterisk 1.2.6 and earlier allows remote attackers to execute arbitrary code via a length value that passes a length check as a negative number, but triggers a buffer overflow when it is used as an unsigned length. | |||||
| CVE-2006-1825 | 1 Phplinks | 1 Phplinks | 2026-06-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in phpLinks 2.1.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the term parameter. | |||||
| CVE-2006-1824 | 1 Phpguestbook | 1 Phpguestbook | 2026-06-16 | 1.2 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PhpGuestbook.php in PhpGuestbook 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) Website, and (3) Comment parameter. | |||||
| CVE-2006-1823 | 1 Farsinews | 1 Farsinews | 2026-06-16 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in FarsiNews 2.5.3 Pro and earlier allows remote attackers to obtain the installation path via ".." sequences in the archive parameter to index.php, which leaks the full pathname in an error message. | |||||
| CVE-2006-1822 | 1 Farsinews | 1 Farsinews | 2026-06-16 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in FarsiNews 2.5.3 Pro and earlier allows remote attackers to inject arbitrary web script or HTML via the selected_search_arch parameter. | |||||
| CVE-2006-1821 | 1 Modxcms | 1 Modxcms | 2026-06-16 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in ModX 0.9.1 allows remote attackers to read arbitrary files via a .. (dot dot) sequence and trailing NULL (%00) byte in the id parameter. | |||||
