Total
29922 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1638 | 1 Aweb Labs | 1 Awebbb | 2026-06-16 | 5.1 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in aWebBB 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) Username parameter to (a) accounts.php, (b) changep.php, (c) editac.php, (d) feedback.php, (e) fpass.php, (f) login.php, (g) post.php, (h) reply.php, or (i) reply_log.php; (2) p parameter to (j) dpost.php; (3) c parameter to (k) list.php or (l) ndis.php; or (12) q parameter to (m) search.php. | |||||
| CVE-2006-1637 | 1 Aweb Labs | 1 Awebbb | 2026-06-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in aWebBB 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) tname or (2) fpost parameters to (a) post.php; (3) fullname, (4) emailadd, (5) country, (6) sig, or (7) otherav parameters to (b) editac.php; or (8) fullname, (9) emailadd, or (10) country parameters to (c) register.php. | |||||
| CVE-2006-1635 | 1 Lucidcms | 1 Lucidcms | 2026-06-16 | 5.0 MEDIUM | N/A |
| LucidCMS 2.0.0 RC4 allows remote attackers to obtain sensitive information via a direct request to /lucid_phplib/translator.php, which reveals the path in an error message. | |||||
| CVE-2006-1634 | 1 Lucidcms | 1 Lucidcms | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in LucidCMS 2.0.0 RC4 allows remote attackers to inject arbitrary web script or HTML via the command parameter. | |||||
| CVE-2006-1631 | 1 Cisco | 1 Content Services Switch 11500 | 2026-06-16 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the HTTP compression functionality in Cisco CSS 11500 Series Content Services switches allows remote attackers to cause a denial of service (device reload) via (1) "valid, but obsolete" or (2) "specially crafted" HTTP requests. | |||||
| CVE-2006-1630 | 1 Clam Anti-virus | 1 Clamav | 2026-06-16 | 5.0 MEDIUM | N/A |
| The cli_bitset_set function in libclamav/others.c in Clam AntiVirus (ClamAV) before 0.88.1 allows remote attackers to cause a denial of service via unspecified vectors that trigger an "invalid memory access." | |||||
| CVE-2006-1629 | 1 Openvpn | 2 Openvpn, Openvpn Access Server | 2026-06-16 | 9.0 HIGH | N/A |
| OpenVPN 2.0 through 2.0.5 allows remote malicious servers to execute arbitrary code on the client by using setenv with the LD_PRELOAD environment variable. | |||||
| CVE-2006-1628 | 1 Adobe | 1 Livecycle Form Manager | 2026-06-16 | 4.6 MEDIUM | N/A |
| Adobe LiveCycle Workflow 7.01 and LiveCycle Forum Manager 7.01 allows users to authenticate and perform privileged actions when their account is marked "OBSOLETE" but the account is also active, within the authentication system. | |||||
| CVE-2006-1627 | 1 Adobe | 1 Acrobat Reader | 2026-06-16 | 7.5 HIGH | N/A |
| Adobe Document Server for Reader Extensions 6.0 does not provide proper access control, which allows remote authenticated users to perform privileged actions by modifying the (1) actionID and (2) pageID parameters. NOTE: due to an error during reservation, this identifier was inadvertently associated with multiple issues. Other CVE identifiers have been assigned to handle other problems that are covered by the same disclosure. | |||||
| CVE-2006-1625 | 1 Mybulletinboard | 1 Mybulletinboard | 2026-06-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode email tag, as demonstrated using the onmousemove event. | |||||
| CVE-2006-1624 | 1 Linux | 1 Linux Kernel | 2026-06-16 | 7.8 HIGH | N/A |
| The default configuration of syslogd in the Linux sysklogd package does not enable the -x (disable name lookups) option, which allows remote attackers to cause a denial of service (traffic amplification) via messages with spoofed source IP addresses. | |||||
| CVE-2006-1623 | 1 Andries Bruinsma | 1 Flexible Development | 2026-06-16 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in main.php in an unspecified "file created by Andries Bruinsma," possibly a FleXiBle Development (FXB) application, allows remote attackers to include and execute arbitrary PHP code. NOTE: this disclosure is extremely vague and has very little information about the specific vulnerability type. In addition, there is little public information on the named product. Finally, an XSS vector is implied in the subject line, but because there is no other information and evidence of a cut-and-paste error, it will not be assigned a separate CVE identifier unless additional information is provided. | |||||
| CVE-2006-1622 | 1 Phpselect | 1 Phpselect | 2026-06-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PHPSelect linksubmit allows remote attackers to inject arbitrary web script or HTML via (1) the description parameter to linklist.php and possibly other vectors involving (2) index.php and (3) linksubmit.php. | |||||
| CVE-2006-1621 | 1 Hosting Controller | 1 Hosting Controller | 2026-06-16 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in admin/folders/saveuploadfiles.asp in Hosting Controller 2002 RC 1 allows remote authenticated users to overwrite arbitrary files via an absolute path in the OpenPath parameter. | |||||
| CVE-2006-1620 | 1 Hosting Controller | 1 Hosting Controller | 2026-06-16 | 5.0 MEDIUM | N/A |
| admin/accounts/AccountActions.asp in Hosting Controller 2002 RC 1 allows remote attackers to modify passwords of other users, probably via an "Update User" ActionType with a modified UserName parameter and the PassCheck parameter set to TRUE. It was later reported that the vulnerability is present in 6.1 Hotfix 3.3 and earlier. | |||||
| CVE-2006-1619 | 1 Ibm | 1 Websphere Application Server | 2026-06-16 | 5.0 MEDIUM | N/A |
| IBM WebSphere Application Server 4.0.1 through 4.0.3 allows remote attackers to cause a denial of service (application crash) via an HTTP request with a large header. | |||||
| CVE-2006-1618 | 1 Doomsday | 1 Doomsday | 2026-06-16 | 7.5 HIGH | N/A |
| Format string vulnerability in the (1) Con_message and (2) conPrintf functions in con_main.c in Doomsday engine 1.8.6 allows remote attackers to execute arbitrary code via format string specifiers in an argument to the JOIN command, and possibly other command arguments. | |||||
| CVE-2006-1617 | 1 Advanced Poll | 1 Advanced Poll | 2026-06-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Advanced Poll 2.02 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to comments.php or (2) poll_id parameter to page.php. NOTE: it is possible that this issue is resultant from CVE-2006-1616. | |||||
| CVE-2006-1616 | 1 Advanced Poll | 1 Advanced Poll | 2026-06-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Advanced Poll 2.02 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to comments.php or (2) poll_id parameter to page.php. | |||||
| CVE-2006-1614 | 1 Clam Anti-virus | 1 Clamav | 2026-06-16 | 5.1 MEDIUM | N/A |
| Integer overflow in the cli_scanpe function in the PE header parser (libclamav/pe.c) in Clam AntiVirus (ClamAV) before 0.88.1, when ArchiveMaxFileSize is disabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code. | |||||
