Vulnerabilities (CVE)

Filtered by NVD-CWE-Other
Total 29924 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-1331 1 Phpoutsourcing 1 Noahs Classifieds 2026-06-16 6.8 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Noah's Classifieds 1.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) method or (2) list parameter.
CVE-2006-1329 1 Jabberstudio 1 Jabberd 2026-06-16 5.0 MEDIUM N/A
The SASL negotiation in Jabber Studio jabberd before 2.0s11 allows remote attackers to cause a denial of service ("c2s segfault") by sending a "response stanza before an auth stanza".
CVE-2006-1328 1 Skull-splitter 1 Download Counter Wallpaper 2026-06-16 5.0 MEDIUM N/A
SQL injection vulnerability in count.php in Skull-Splitter PHP Downloadcounter for Wallpapers 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) count_fieldname, (2) url_fieldname, or (3) url parameter.
CVE-2006-1327 1 Softbb 1 Softbb 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in reg.php in SoftBB 0.1 allows remote attackers to execute arbitrary SQL commands via the mail parameter.
CVE-2006-1326 1 Invision Power Services 1 Invision Power Board 2026-06-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Invision Power Board 2.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) result_type, (2) search_in, (3) nav, (4) forums, and (5) s parameters in the Search action to index.php; (6) st parameter to index.php with showtopics set to 1; (7) m, (8) y, and (9) d parameters in a calendar action; (10) t parameter in a Print action; (11) MID parameter in a Mail action; (12) HID parameter in a Help action; (13) active parameter in a search action; (14) sort_order, (15) max_results, or (16) sort_key parameter in a Members action.
CVE-2006-1325 1 Streber 1 Streber 2026-06-16 6.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Streber 0.055 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
CVE-2006-1324 1 Woltlab 1 Burning Board 2026-06-16 6.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in acp/lib/class_db_mysql.php in Woltlab Burning Board (wBB) 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the errormsg parameter when a SQL error is generated.
CVE-2006-1323 1 Webtoolmaster Software 1 Winhki 2026-06-16 5.1 MEDIUM N/A
Directory traversal vulnerability in WinHKI 1.6 and earlier allows user-assisted attackers to overwrite arbitrary files via a (1) RAR, (2) TAR, (3) ZIP, or (4) TAR.GZ archive with a file whose file name contains ".." sequences.
CVE-2006-1322 1 Novell 2 Netware, Netware Ftp Server 2026-06-16 5.0 MEDIUM N/A
Novell Netware NWFTPD 5.06.05 allows remote attackers to cause a denial of service (ABEND) via an MDTM command that uses a long path for the target file, possibly due to a buffer overflow.
CVE-2006-1321 1 Webcheck 1 Webcheck 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in webcheck before 1.9.6 allows remote attackers to inject arbitrary web script or HTML via the (1) url, (2) title, or (3) author name in a crawled page, which is not properly sanitized in the tooltips of a report.
CVE-2006-1320 1 Rssh 1 Rssh 2026-06-16 7.5 HIGH N/A
util.c in rssh 2.3.0 in Debian GNU/Linux does not use braces to make a block, which causes a check for CVS to always succeed and allows rsync and rdist to bypass intended access restrictions in rssh.conf.
CVE-2006-1319 1 Runit 1 Runit 2026-06-16 6.2 MEDIUM N/A
chpst in runit 1.3.3-1 for Debian GNU/Linux, when compiled on little endian i386 machines against dietlibc, does not properly handle when multiple groups are specified in the -u option, which causes chpst to assign permissions for the root group due to inconsistent bit sizes for the gid_t type.
CVE-2006-1315 1 Microsoft 1 Server Service 2026-06-16 5.0 MEDIUM N/A
The Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to obtain sensitive information via crafted requests that leak information in SMB buffers, which are not properly initialized, aka "SMB Information Disclosure Vulnerability."
CVE-2006-1314 1 Microsoft 3 Windows 2000, Windows 2003 Server, Windows Xp 2026-06-16 7.5 HIGH N/A
Heap-based buffer overflow in the Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to execute arbitrary code via crafted first-class Mailslot messages that triggers memory corruption and bypasses size restrictions on second-class Mailslot messages.
CVE-2006-1313 1 Microsoft 6 Windows 2000, Windows 2003 Server, Windows 98 and 3 more 2026-06-16 6.8 MEDIUM N/A
Microsoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will "release objects early" in certain cases, which results in memory corruption and allows remote attackers to execute arbitrary code.
CVE-2006-1311 1 Microsoft 5 Learning Essentials, Office, Windows 2000 and 2 more 2026-06-16 9.3 HIGH N/A
The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1; Office 2000 SP3, XP SP3, 2003 SP2, and Office 2004 for Mac; and Learning Essentials for Microsoft Office 1.0, 1.1, and 1.5 allows user-assisted remote attackers to execute arbitrary code via a malformed OLE object in an RTF file, which triggers memory corruption.
CVE-2006-1300 1 Microsoft 1 .net Framework 2026-06-16 5.0 MEDIUM N/A
Microsoft .NET framework 2.0 (ASP.NET) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to bypass access restrictions via unspecified "URL paths" that can access Application Folder objects "explicitly by name."
CVE-2006-1298 1 Symantec Veritas 1 Backup Exec 2026-06-16 4.6 MEDIUM N/A
Format string vulnerability in the Job Engine service (bengine.exe) in the Media Server in Veritas Backup Exec 10d (10.1) for Windows Servers rev. 5629, Backup Exec 10.0 for Windows Servers rev. 5520, Backup Exec 10.0 for Windows Servers rev. 5484, and Backup Exec 9.1 for Windows Servers rev. 4691, when the job log mode is Full Detailed (aka Full Details), allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via a crafted filename on a machine that is backed up by Backup Exec.
CVE-2006-1297 1 Symantec Veritas 2 Backup Exec, Backup Exec Remote Agent 2026-06-16 5.0 MEDIUM N/A
Unspecified vulnerability in Veritas Backup Exec for Windows Server Remote Agent 9.1 through 10.1, for Netware Servers and Remote Agent 9.1 and 9.2, and Remote Agent for Linux Servers 10.0 and 10.1 allow attackers to cause a denial of service (application crash or unavailability) due to "memory errors."
CVE-2006-1296 1 Beagle-project 1 Beagle 2026-06-16 7.5 HIGH N/A
Untrusted search path vulnerability in Beagle 0.2.2.1 might allow local users to gain privileges via a malicious beagle-info program in the current working directory, or possibly directories specified in the PATH.