Vulnerabilities (CVE)

Filtered by NVD-CWE-Other
Total 29924 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-1353 1 Aspportal 1 Aspportal 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in ASPPortal 3.1.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the downloadid parameter in download_click.asp and (2) content_ID parameter in news/News_Item.asp; authenticated administrators can also conduct attacks via (3) user_id parameter to users/add_edit_user.asp, (4) bannerid parameter to banner_adds/banner_add_edit.asp, (5) cat_id parameter to categories/add_edit_cat.asp, (6) Content_ID parameter to News/add_edit_news.asp, (7) download_id parameter to downloads/add_edit_download.asp, (8) Poll_ID parameter to poll/add_edit_poll.asp, (9) contactid parameter to contactus/contactus_add_edit.asp, (10) sortby parameter to poll/poll_list.asp, and (11) unspecified inputs to downloads/add_edit_download.asp.
CVE-2006-1352 1 Bea 1 Weblogic Server 2026-06-16 5.0 MEDIUM N/A
BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and WebLogic Server 6.1 SP7 and earlier allow remote attackers to cause a denial of service (memory exhaustion) via crafted non-canonicalized XML documents.
CVE-2006-1351 1 Bea 1 Weblogic Server 2026-06-16 5.0 MEDIUM N/A
BEA WebLogic Server 6.1 SP7 and earlier allows remote attackers to read arbitrary files via unknown attack vectors related to a "default internal servlet" accessed through HTTP.
CVE-2006-1350 1 Articlesone 1 99articles Directory 2026-06-16 7.5 HIGH N/A
PHP remote file include vulnerability in index.php in 99Articles.com (aka ArticlesOne.com) Free articles directory allows remote attackers to include and execute arbitrary PHP code via a URL in the page parameter.
CVE-2006-1349 1 Musicbox 1 Musicbox 2026-06-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Musicbox 2.3 Beta 2 allow remote attackers to inject arbitrary web script or HTML via the (1) id and (2) type and (3) show parameters in a top action in (a) index.php; and the (4) message1 parameter in (b) cart.php.
CVE-2006-1348 1 Greg Neustaetter 1 Gcards 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to inject arbitrary web script or HTML via the lang[*][file] parameter, which is injected into an error message. NOTE: this issue might be resultant from CVE-2006-1346.
CVE-2006-1347 1 Greg Neustaetter 1 Gcards 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in loginfunction.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVE-2006-1346 1 Greg Neustaetter 1 Gcards 2026-06-16 6.4 MEDIUM N/A
Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
CVE-2006-1345 1 Mybulletinboard 1 Mybulletinboard 2026-06-16 5.0 MEDIUM N/A
polls.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to obtain sensitive information via a vote action with an "option[]=null" parameter value, which reveals the path in an error message.
CVE-2006-1344 1 Verisign 1 Mpki 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in VeriSign haydn.exe, as used in Managed PKI (MPKI) 6.0, allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the VHTML_FILE parameter.
CVE-2006-1343 1 Linux 1 Linux Kernel 2026-06-16 2.1 LOW N/A
net/ipv4/netfilter/ip_conntrack_core.c in Linux kernel 2.4 and 2.6, and possibly net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c in 2.6, does not clear sockaddr_in.sin_zero before returning IPv4 socket names from the getsockopt function with SO_ORIGINAL_DST, which allows local users to obtain portions of potentially sensitive memory.
CVE-2006-1342 1 Linux 1 Linux Kernel 2026-06-16 2.1 LOW N/A
net/ipv4/af_inet.c in Linux kernel 2.4 does not clear sockaddr_in.sin_zero before returning IPv4 socket names from the (1) getsockname, (2) getpeername, and (3) accept functions, which allows local users to obtain portions of potentially sensitive memory.
CVE-2006-1341 1 Maian Events 1 Maian Events 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in events.php in Maian Events 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) month and (2) year parameters.
CVE-2006-1340 1 Cutephp 1 Cutenews 2026-06-16 5.0 MEDIUM N/A
CuteNews 1.4.1 and possibly other versions allows remote attackers to obtain the installation path via unspecified vectors involving an invalid file path.
CVE-2006-1339 1 Cutephp 1 Cutenews 2026-06-16 5.0 MEDIUM N/A
Directory traversal vulnerability in inc/functions.inc.php in CuteNews 1.4.1 and possibly other versions, when register_globals is enabled, allows remote attackers to include arbitrary files via a .. (dot dot) sequence and trailing NULL (%00) byte in the archive parameter in an HTTP POST or COOKIE request, which bypasses a sanity check that is only applied to a GET request.
CVE-2006-1336 1 Extcalendar 1 Extcalendar 2026-06-16 5.0 MEDIUM N/A
Cross-site scripting vulnerability in calendar.php in ExtCalendar 1.0 and possibly other versions before 2.0 allows remote attackers to inject arbitrary web script or HTML via the (1) year, (2) month, (3) next, and (4) prev parameters.
CVE-2006-1335 1 Gnome 1 Screensaver 2026-06-16 3.7 LOW N/A
gnome screensaver before 2.14, when running on an X server with AllowDeactivateGrabs and AllowClosedownGrabs enabled, allows attackers with physical access to cause the screensaver to crash and access the session via the Ctl+Alt+Keypad-Multiply keyboard sequence, which removes the grab from gnome.
CVE-2006-1334 1 Maian Script World 1 Maian Weblog 2026-06-16 6.4 MEDIUM N/A
Multiple SQL injection vulnerabilities in Maian Weblog 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) entry and (2) email parameters to (a) print.php and (b) mail.php.
CVE-2006-1333 1 Betaparticle 1 Betaparticle Blog 2026-06-16 6.4 MEDIUM N/A
Multiple SQL injection vulnerabilities in BetaParticle Blog 6.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to template_permalink.asp or (2) fldGalleryID parameter to template_gallery_detail.asp.
CVE-2006-1332 1 Phpoutsourcing 1 Noahs Classifieds 2026-06-16 6.4 MEDIUM N/A
Noah's Classifieds 1.3 and earlier allows remote attackers to obtain sensitive information via an invalid list parameter in the showdetails method to index.php, which reveals the path in an error message.