Vulnerabilities (CVE)

Filtered by NVD-CWE-Other
Total 29922 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-1722 1 Suche 1 Shopxs 2026-06-16 6.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in suche.htm in ShopXS 4.0 allows remote attackers to inject arbitrary web script or HTML via the Suchstring1 (aka search) parameter.
CVE-2006-1720 1 Arabless 1 Saphplesson 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in search.php in SaphpLesson 3.0 allows remote attackers to inject arbitrary web script or HTML via the Word parameter. NOTE: it is possible that this issue is resultant from SQL injection.
CVE-2006-1719 1 Microsoft 1 Ie 2026-06-16 5.0 MEDIUM N/A
Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) via any scrollbar Cascading Style Sheets (CSS) property.
CVE-2006-1718 1 Clever Copy 1 Clever Copy 2026-06-16 5.0 MEDIUM N/A
Magus Perde Clever Copy 3.0 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to view the database username and password via a direct request for connect.inc.
CVE-2006-1717 1 Mybulletinboard 1 Mybulletinboard 2026-06-16 5.1 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in newthread.php in MyBB (aka MyBulletinBoard) 1.10, when configured to permit new threads by unregistered users, allows remote attackers to inject arbitrary web script or HTML via the username.
CVE-2006-1716 1 Mybulletinboard 1 Mybulletinboard 2026-06-16 5.1 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode img tag. NOTE: the email vector is already covered by CVE-2006-1625, although it might stem from the same core issue.
CVE-2006-1715 1 Tugzip 1 Tugzip 2026-06-16 5.0 MEDIUM N/A
Multiple directory traversal vulnerabilities in Christian Kindahl TUGZip 3.4.0.0, 3.3.0.0, and 3.1.0.2 allow user-assisted attackers to create files in arbitrary directories via a .. (dot dot) in an archive pack with a crafted (1) .gz, (2) .jar, (3) .rar, or (4) .zip file.
CVE-2006-1714 1 Phpmyforum 1 Phpmyforum 2026-06-16 7.5 HIGH N/A
CRLF injection vulnerability in index.php in Christoph Roeder phpMyForum 4.0 allows remote attackers to inject HTTP headers via hex-encoded CRLF sequences in the type parameter.
CVE-2006-1713 1 Phpmyforum 1 Phpmyforum 2026-06-16 6.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.php in Christoph Roeder phpMyForum 4.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter.
CVE-2006-1712 1 Gnu 1 Mailman 2026-06-16 2.6 LOW N/A
Cross-site scripting (XSS) vulnerability in the private archive script (private.py) in GNU Mailman 2.1.7 allows remote attackers to inject arbitrary web script or HTML via the action argument.
CVE-2006-1711 1 Plone 1 Plone 2026-06-16 5.0 MEDIUM N/A
Plone 2.0.5, 2.1.2, and 2.5-beta1 does not restrict access to the (1) changeMemberPortrait, (2) deletePersonalPortrait, and (3) testCurrentPassword methods, which allows remote attackers to modify portraits.
CVE-2006-1710 1 Design Nation 1 Dnguestbook 2026-06-16 7.6 HIGH N/A
SQL injection vulnerability in admin.php in Design Nation DNGuestbook 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) email and (2) id parameters.
CVE-2006-1709 1 Interaktiv 1 Interaktiv.shop 2026-06-16 6.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in shop_main.cgi in interaktiv.shop 5 allows remote attackers to inject arbitrary web script or HTML via the (1) pn and (2) sbeg parameters.
CVE-2006-1708 1 Clansys 1 Clansys 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in member.php in Clansys 1.1 allows remote attackers to execute arbitrary SQL commands via the showid parameter in the member page to index.php.
CVE-2006-1707 1 Kansok Communications 1 Shopweezle 2026-06-16 5.0 MEDIUM N/A
index.php in Shopweezle 2.0 allows remote attackers to include arbitrary local files via the url parameter.
CVE-2006-1706 1 Kansok Communications 1 Shopweezle 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in Shopweezle 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) itemID parameter to (a) login.php and (b) memo.php; and the (2) itemgr, (3) brandID, and (4) album parameters to (c) index.php. NOTE: this issue also produces resultant full path disclosure from invalid SQL queries.
CVE-2006-1705 1 Oracle 2 Oracle10g, Oracle9i 2026-06-16 2.1 LOW N/A
Oracle Database 9.2.0.0 to 10.2.0.3 allows local users with "SELECT" privileges for a base table to insert, update, or delete data by creating a crafted view then performing the operations on that view.
CVE-2006-1704 1 Hubert Plisson 1 Sire 2026-06-16 5.0 MEDIUM N/A
Sire 2.0 nws allows remote attackers to upload arbitrary image files without authentication via a direct request to upload.php.
CVE-2006-1703 1 Hubert Plisson 1 Sire 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in lire.php in Sire 2.0 nws allows remote attackers to execute arbitrary PHP code via a URL in the rub parameter.
CVE-2006-1702 1 Spip 1 Spip 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in spip_login.php3 in SPIP 1.8.3 allows remote attackers to execute arbitrary PHP code via a URL in the url parameter.