Vulnerabilities (CVE)

Filtered by NVD-CWE-Other
Total 29922 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-1659 1 Softbizscripts 1 Image Gallery Script 2026-06-16 6.4 MEDIUM N/A
Multiple SQL injection vulnerabilities in Softbiz Image Gallery allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in image_desc.php, (2) provided parameter in template.php, (3) cid parameter in suggest_image.php, (4) img_id parameter in insert_rating.php, and (5) cid parameter in images.php.
CVE-2006-1658 1 Chucky A. Ivey 1 N.t. 2026-06-16 7.5 HIGH N/A
Direct static code injection vulnerability in ticker.db.php in Chucky A. Ivey N.T. 1.1.0 allows remote administrators to insert arbitrary PHP code into the config file, which is included other N.T. scripts.
CVE-2006-1657 1 Chucky A. Ivey 1 N.t. 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.php in Chucky A. Ivey N.T. 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the username parameter, which is not filtered when the administrator views the "Login Log" page.
CVE-2006-1656 1 Vserver 1 Util-vserver 2026-06-16 7.2 HIGH N/A
vserver in util-vserver 0.30.209 executes a command as root when the suexec userid parameter is invalid and non-numeric, which might cause local users to inadvertently execute dangerous commands as root.
CVE-2006-1655 1 Mpg123 1 Mpg123 2026-06-16 6.5 MEDIUM N/A
Multiple buffer overflows in mpg123 0.59r allow user-assisted attackers to trigger a segmentation fault and possibly have other impacts via a certain MP3 file, as demonstrated by mpg1DoS3. NOTE: this issue might be related to CVE-2004-0991, but it is not clear.
CVE-2006-1654 1 Hp 9 Color Laserjet, Color Laserjet 2500, Color Laserjet 2500 Toolbox and 6 more 2026-06-16 5.0 MEDIUM N/A
Directory traversal vulnerability in the HP Color LaserJet 2500 Toolbox and Color LaserJet 4600 Toolbox on Microsoft Windows before 20060402 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request to TCP port 5225.
CVE-2006-1653 1 Angelinecms 1 Angelinecms 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in loadkernel.php in AngelineCMS 0.8.1 allows remote attackers to execute arbitrary PHP code via a URL in the installPath parameter.
CVE-2006-1651 1 Microsoft 1 Isa Server 2026-06-16 7.5 HIGH N/A
Microsoft ISA Server 2004 allows remote attackers to bypass certain filtering rules, including ones for (1) ICMP and (2) TCP, via IPv6 packets. NOTE: An established researcher has disputed this issue, saying that "Neither ISA Server 2004 nor Windows 2003 Basic Firewall support IPv6 filtering ... This is different network protocol.
CVE-2006-1650 1 Mozilla 1 Firefox 2026-06-16 5.0 MEDIUM N/A
Firefox 1.5.0.1 allows remote attackers to spoof the address bar and possibly conduct phishing attacks by re-opening the window to a malicious Shockwave Flash application, then changing the window location back to a trusted URL while the Flash application is still loading. NOTE: a followup was unable to replicate this issue.
CVE-2006-1649 1 Eset Software 1 Nod32 Antivirus 2026-06-16 7.2 HIGH N/A
The "restore to" selection in the "quarantine a file" capability of ESET NOD32 before 2.51.26 allows a restore to any directory that permits read access by the invoking user, which allows local users to create new files despite write-access directory permissions.
CVE-2006-1648 1 Smart Technologies 1 Synchroneyes 2026-06-16 5.0 MEDIUM N/A
SMART SynchronEyes Student and Teacher 6.0, and possibly earlier versions, allows remote attackers to cause a denial of service (memory consumption) via a certain packet to the Teacher discovery port that causes SynchronEyes to connect to the attacker's machine and read a value that is used as a parameter to malloc.
CVE-2006-1647 1 Smart Technologies 1 Synchroneyes 2026-06-16 7.8 HIGH N/A
An unspecified "logical programming mistake" in SMART SynchronEyes Student and Teacher 6.0, and possibly earlier versions, allows remote attackers to cause a denial of service via a large packet to the Teacher discovery port (UDP port 5496), which causes a thread to terminate and prevents communications on that port.
CVE-2006-1646 1 Internet Key Exchange 1 Internet Key Exchange 2026-06-16 5.0 MEDIUM N/A
The Internet Key Exchange version 1 (IKEv1) implementation (isakmp_agg.c) in the Shoichi Sakane KAME Project racoon, as used by NetBSD 1.6, 2.x before 20060119, certain FreeBSD releases, and possibly other distributions of BSD or Linux operating systems, when running in aggressive mode, allows remote attackers to cause a denial of service (daemon crash) via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.
CVE-2006-1645 1 Reloadcms 1 Reloadcms 2026-06-16 6.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Anton Vlasov and Rostislav Gaitkuloff ReloadCMS 1.2.5 and earlier allows remote attackers to inject arbitrary web script or HTML and gain leverage to execute arbitrary PHP code via the User-Agent HTTP header, which is displayed by admin/modules/general/statistic.php in the administration panel.
CVE-2006-1644 1 Interact 1 Interact 2026-06-16 5.0 MEDIUM N/A
login.php in Interact 2.1.1 generates different responses depending on whether or not a username is valid, which allows remote attackers to determine valid usernames. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-1643 1 Interact 1 Interact 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in login.php in Interact 2.1.1 allows remote attackers to execute arbitrary SQL commands via the user_name parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party.
CVE-2006-1642 1 Interact 1 Interact 2026-06-16 2.6 LOW N/A
Cross-site scripting (XSS) vulnerability in Interact 2.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) the search_terms parameter to (a) search.php, and (2) the first_name, (3) last_name, (4) email, (5) password, and (6) confirm_password parameters to (b) userinput.php. NOTE: the provenance of this information is unknown; the details are obtained from third party. In addition, the lack of precision in the third party descriptions makes it unclear whether the named vectors are correct.
CVE-2006-1641 1 Czaries Network 1 Czarnews 2026-06-16 5.1 MEDIUM N/A
Multiple SQL injection vulnerabilities in CzarNews 1.14 allow remote attackers to execute arbitrary SQL commands via the (1) usern or (2) passw parameters to (a) cn_auth.php, (3) s parameter to (b) news.php, or (4) a parameter to (c) dpost.php.
CVE-2006-1640 1 Czaries Network 1 Czarnews 2026-06-16 2.6 LOW N/A
Cross-site scripting (XSS) vulnerability in news.php in CzarNews 1.14 allows remote attackers to inject arbitrary web script or HTML via the email parameter.
CVE-2006-1639 1 Wire Plastik Design 1 Wpblog 2026-06-16 5.1 MEDIUM N/A
SQL injection vulnerability in index.php in wpBlog 0.4 allows remote attackers to execute arbitrary SQL commands via the postid parameter.