Vulnerabilities (CVE)

Filtered by NVD-CWE-Other
Total 29922 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-1703 1 Hubert Plisson 1 Sire 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in lire.php in Sire 2.0 nws allows remote attackers to execute arbitrary PHP code via a URL in the rub parameter.
CVE-2006-1702 1 Spip 1 Spip 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in spip_login.php3 in SPIP 1.8.3 allows remote attackers to execute arbitrary PHP code via a URL in the url parameter.
CVE-2006-1701 1 Shadowed Portal 1 Shadowed Portal 2026-06-16 2.6 LOW N/A
Cross-site scripting (XSS) vulnerability in the Pages module in Shadowed Portal allows remote attackers to inject arbitrary web script or HTML via the page parameter to load.php.
CVE-2006-1700 1 Aweb 1 Scripts Seller 2026-06-16 7.5 HIGH N/A
Buy.php in Aweb Scripts Seller uses predictable cookies for authentication based on the time and the script number, which allows remote attackers to bypass authentication.
CVE-2006-1699 1 Aweb 1 Banner Generator 2026-06-16 2.6 LOW N/A
Cross-site scripting (XSS) vulnerability in index.php in Aweb Banner Generator 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the banner parameter in view mode.
CVE-2006-1698 1 Matt Wright 1 Matt Wright Guestbook 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Matt Wright Guestbook 2.3.1 allows remote attackers to execute arbitrary web script or HTML via the (1) url, (2) city, (3) state, or (4) country parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information, although it is likely that they are the result of post-disclosure analysis.
CVE-2006-1697 1 Matt Wright 1 Matt Wright Guestbook 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Matt Wright Guestbook 2.3.1 allows remote attackers to execute arbitrary web script or HTML via the (1) Your Name, (2) E-Mail, or (3) Comments fields when posting a message.
CVE-2006-1696 1 Gallery Project 1 Gallery 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Gallery before 1.5.3 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
CVE-2006-1695 1 Fbida 1 Fbida 2026-06-16 1.2 LOW N/A
The fbgs script in the fbi package 2.01-1.4, when the TMPDIR environment variable is not defined, allows local users to overwrite arbitrary files via a symlink attack on temporary files in /var/tmp/fbps-[PID].
CVE-2006-1694 1 Xbrite 1 Xbrite Members 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in members.php in XBrite Members 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2006-1693 1 Globalscape 1 Secure Ftp Server 2026-06-16 5.0 MEDIUM N/A
Unspecified vulnerability in GlobalSCAPE Secure FTP Server before 3.1.4 Build 01.10.2006 allows attackers to cause a denial of service (application crash) via a "custom command" with a long argument.
CVE-2006-1692 1 Manic Web 1 Mwnewsletter 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in MWNewsletter 1.0.0b allow remote attackers to execute arbitrary SQL commands via the (1) user_email parameter to (a) unsubscribe.php or (b) subscribe.php; or the (2) user_name parameter to subscribe.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information, although it is likely that this was discovered during post-disclosure analysis.
CVE-2006-1691 1 Manic Web 1 Mwnewsletter 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in MWNewsletter 1.0.0b allows remote attackers to execute arbitrary SQL commands via the user_name parameter to unsubscribe.php.
CVE-2006-1690 1 Manic Web 1 Mwnewsletter 2026-06-16 6.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in subscribe.php in MWNewsletter 1.0.0b allows remote attackers to inject arbitrary web script or HTML via the user_name parameter.
CVE-2006-1689 1 Hp 1 Hp-ux 2026-06-16 7.2 HIGH N/A
Unspecified vulnerability in su in HP HP-UX B.11.11, when using the LDAP netgroup feature, allows local users to gain unspecified access.
CVE-2006-1687 1 Apt 1 Apt-webshop-system 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in APT-webshop-system 4.0 PRO, 3.0 BASIC, and 3.0 LIGHT allows remote attackers to inject arbitrary web script or HTML via the message parameter, probably involving the basket functionality.
CVE-2006-1686 1 Apt 1 Apt-webshop-system 2026-06-16 5.0 MEDIUM N/A
Unspecified vulnerability in modules.php in APT-webshop-system 4.0 PRO, 3.0 BASIC, and 3.0 LIGHT allows remote attackers to access unspecified files via a modified warp parameter.
CVE-2006-1685 1 Apt 1 Apt-webshop-system 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in modules.php in APT-webshop-system 4.0 PRO, 3.0 BASIC, and 3.0 LIGHT allow remote attackers to execute arbitrary SQL commands via the (1) group, (2) seite, and (3) id parameter, possibly involving the artikel functionality. NOTE: this vulnerability also allows resultant path disclosure when the SQL queries are invalid.
CVE-2006-1684 1 Ecotwo 1 Shopsystem 2026-06-16 5.0 MEDIUM N/A
Unspecified vulnerability in ecotwo Shopsystem 1.0-192 and earlier allows remote attackers to include arbitrary local files via (1) the lang parameter in news.php and (2) other unspecified vectors.
CVE-2006-1683 1 Chipmunk Scripts 1 Chipmunk Guestbook 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in admin/login.php in Chipmunk Guestbook allows remote attackers to execute arbitrary SQL commands and bypass login authentication via the User name.