Total
29922 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1722 | 1 Suche | 1 Shopxs | 2026-06-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in suche.htm in ShopXS 4.0 allows remote attackers to inject arbitrary web script or HTML via the Suchstring1 (aka search) parameter. | |||||
| CVE-2006-1720 | 1 Arabless | 1 Saphplesson | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in SaphpLesson 3.0 allows remote attackers to inject arbitrary web script or HTML via the Word parameter. NOTE: it is possible that this issue is resultant from SQL injection. | |||||
| CVE-2006-1719 | 1 Microsoft | 1 Ie | 2026-06-16 | 5.0 MEDIUM | N/A |
| Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) via any scrollbar Cascading Style Sheets (CSS) property. | |||||
| CVE-2006-1718 | 1 Clever Copy | 1 Clever Copy | 2026-06-16 | 5.0 MEDIUM | N/A |
| Magus Perde Clever Copy 3.0 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to view the database username and password via a direct request for connect.inc. | |||||
| CVE-2006-1717 | 1 Mybulletinboard | 1 Mybulletinboard | 2026-06-16 | 5.1 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in newthread.php in MyBB (aka MyBulletinBoard) 1.10, when configured to permit new threads by unregistered users, allows remote attackers to inject arbitrary web script or HTML via the username. | |||||
| CVE-2006-1716 | 1 Mybulletinboard | 1 Mybulletinboard | 2026-06-16 | 5.1 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode img tag. NOTE: the email vector is already covered by CVE-2006-1625, although it might stem from the same core issue. | |||||
| CVE-2006-1715 | 1 Tugzip | 1 Tugzip | 2026-06-16 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Christian Kindahl TUGZip 3.4.0.0, 3.3.0.0, and 3.1.0.2 allow user-assisted attackers to create files in arbitrary directories via a .. (dot dot) in an archive pack with a crafted (1) .gz, (2) .jar, (3) .rar, or (4) .zip file. | |||||
| CVE-2006-1714 | 1 Phpmyforum | 1 Phpmyforum | 2026-06-16 | 7.5 HIGH | N/A |
| CRLF injection vulnerability in index.php in Christoph Roeder phpMyForum 4.0 allows remote attackers to inject HTTP headers via hex-encoded CRLF sequences in the type parameter. | |||||
| CVE-2006-1713 | 1 Phpmyforum | 1 Phpmyforum | 2026-06-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Christoph Roeder phpMyForum 4.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter. | |||||
| CVE-2006-1712 | 1 Gnu | 1 Mailman | 2026-06-16 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the private archive script (private.py) in GNU Mailman 2.1.7 allows remote attackers to inject arbitrary web script or HTML via the action argument. | |||||
| CVE-2006-1711 | 1 Plone | 1 Plone | 2026-06-16 | 5.0 MEDIUM | N/A |
| Plone 2.0.5, 2.1.2, and 2.5-beta1 does not restrict access to the (1) changeMemberPortrait, (2) deletePersonalPortrait, and (3) testCurrentPassword methods, which allows remote attackers to modify portraits. | |||||
| CVE-2006-1710 | 1 Design Nation | 1 Dnguestbook | 2026-06-16 | 7.6 HIGH | N/A |
| SQL injection vulnerability in admin.php in Design Nation DNGuestbook 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) email and (2) id parameters. | |||||
| CVE-2006-1709 | 1 Interaktiv | 1 Interaktiv.shop | 2026-06-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in shop_main.cgi in interaktiv.shop 5 allows remote attackers to inject arbitrary web script or HTML via the (1) pn and (2) sbeg parameters. | |||||
| CVE-2006-1708 | 1 Clansys | 1 Clansys | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in member.php in Clansys 1.1 allows remote attackers to execute arbitrary SQL commands via the showid parameter in the member page to index.php. | |||||
| CVE-2006-1707 | 1 Kansok Communications | 1 Shopweezle | 2026-06-16 | 5.0 MEDIUM | N/A |
| index.php in Shopweezle 2.0 allows remote attackers to include arbitrary local files via the url parameter. | |||||
| CVE-2006-1706 | 1 Kansok Communications | 1 Shopweezle | 2026-06-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Shopweezle 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) itemID parameter to (a) login.php and (b) memo.php; and the (2) itemgr, (3) brandID, and (4) album parameters to (c) index.php. NOTE: this issue also produces resultant full path disclosure from invalid SQL queries. | |||||
| CVE-2006-1705 | 1 Oracle | 2 Oracle10g, Oracle9i | 2026-06-16 | 2.1 LOW | N/A |
| Oracle Database 9.2.0.0 to 10.2.0.3 allows local users with "SELECT" privileges for a base table to insert, update, or delete data by creating a crafted view then performing the operations on that view. | |||||
| CVE-2006-1704 | 1 Hubert Plisson | 1 Sire | 2026-06-16 | 5.0 MEDIUM | N/A |
| Sire 2.0 nws allows remote attackers to upload arbitrary image files without authentication via a direct request to upload.php. | |||||
| CVE-2006-1703 | 1 Hubert Plisson | 1 Sire | 2026-06-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in lire.php in Sire 2.0 nws allows remote attackers to execute arbitrary PHP code via a URL in the rub parameter. | |||||
| CVE-2006-1702 | 1 Spip | 1 Spip | 2026-06-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in spip_login.php3 in SPIP 1.8.3 allows remote attackers to execute arbitrary PHP code via a URL in the url parameter. | |||||
