Vulnerabilities (CVE)

Filtered by NVD-CWE-Other
Total 29924 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-1226 1 Drupal 1 Drupal 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
CVE-2006-1225 1 Drupal 1 Drupal 2026-06-16 5.0 MEDIUM N/A
CRLF injection vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8 allows remote attackers to inject headers of outgoing e-mail messages and use Drupal as a spam proxy.
CVE-2006-1224 1 Guppy 1 Guppy 2026-06-16 2.6 LOW N/A
Directory traversal vulnerability in dwnld.php in GuppY 4.5.11 allows remote attackers to overwrite arbitrary files via a "%2E." (mixed encoding) in the pg parameter.
CVE-2006-1223 1 Jupiter Cms 1 Jupiter Cms 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Jupiter Content Manager 1.1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a Javascript URI in the image BBcode tag.
CVE-2006-1222 1 Zeroboard 1 Zeroboard 2026-06-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in zeroboard 4.1 pl7 allows allow remote attackers to inject arbitrary web script or HTML via the (1) memo box title, (2) user email, and (3) homepage fields.
CVE-2006-1221 1 Zonelabs 1 Zonealarm Security Suite 2026-06-16 6.2 MEDIUM N/A
Untrusted search path vulnerability in the TrueVector service (VSMON.exe) in Zone Labs ZoneAlarm 6.x and Integrity does not search ZoneAlarm's own folders before other folders that are specified in a user's PATH, which might allow local users to execute code as SYSTEM by placing malicious DLLs into a folder that has insecure permissions, but is searched before ZoneAlarm's folder. NOTE: since this issue is dependent on the existence of a vulnerability in a separate product (weak permissions of executables or libraries, or the execution of malicious code), perhaps it should not be included in CVE.
CVE-2006-1220 1 Apple 2 Mac Os X, Mac Os X Server 2026-06-16 4.6 MEDIUM N/A
Integer overflow in the mach_msg_send function in the kernel for Mac OS X might allow local users to execute arbitrary code via unknown attack vectors related to a large message header size, which leads to a heap-based buffer overflow.
CVE-2006-1219 1 Gallery Project 1 Gallery 2026-06-16 5.0 MEDIUM N/A
Directory traversal vulnerability in Gallery 2.0.3 and earlier, and 2.1 before RC-2a, allows remote attackers to include arbitrary PHP files via ".." (dot dot) sequences in the stepOrder parameter to (1) upgrade/index.php or (2) install/index.php.
CVE-2006-1218 1 Novell 1 Bordermanager 2026-06-16 5.0 MEDIUM N/A
Unspecified vulnerability in the HTTP proxy in Novell BorderManager 3.8 and earlier allows remote attackers to cause a denial of service (CPU consumption and ABEND) via unknown attack vectors related to "media streaming over HTTP 1.1".
CVE-2006-1217 1 Dsportal 1 Dspoll 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in DSPoll 1.1 allows remote attackers to execute arbitrary SQL commands via the pollid parameter to (1) results.php, (2) topolls.php, (3) pollit.php.
CVE-2006-1216 1 Runcms 1 Runcms 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in bigshow.php in Runcms 1.x allows remote attackers to inject arbitrary web script or HTML via the id parameter.
CVE-2006-1215 1 Woltlab 1 Burning Board 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in misc.php in Woltlab Burning Board (wBB) 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the percent parameter. NOTE: this issue has been disputed in a followup post, although the original disclosure might be related to reflected XSS.
CVE-2006-1214 1 Unreal 1 Unrealircd 2026-06-16 5.0 MEDIUM N/A
UnrealIRCd 3.2.3 allows remote attackers to cause an unspecified denial of service by causing a linked server to send malformed TKL Q:Line commands, as demonstrated by "TKL - q\x08Q *\x08PoC."
CVE-2006-1213 1 Jiro 1 Banner System 2026-06-16 7.5 HIGH N/A
JiRo's Banner System Experience and Professional 1.0 and earlier allows remote attackers to bypass access restrictions and gain privileges via a direct request to certain scripts in the files directory, as demonstrated by using addadmin.asp to create a new administrator account.
CVE-2006-1212 1 Corenews 1 Corenews 2026-06-16 7.5 HIGH N/A
Unspecified vulnerability in index.php in Core CoreNews 2.0.1 allows remote attackers to execute arbitrary commands via the page parameter, possibly due to a PHP remote file include vulnerability. NOTE: this vulnerability could not be confirmed by source code inspection of CoreNews 2.0.1, which does not appear to use a "page" parameter or variable.
CVE-2006-1211 1 Micromuse 1 Netcool Neusecure 2026-06-16 7.5 HIGH N/A
IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 configures a MySQL database to allow connections from any source IP address with the ns database account, which allows remote attackers to bypass the Netcool/NeuSecure application layer and perform unauthorized database actions. NOTE: IBM has privately confirmed to CVE that a fix is available for these issues.
CVE-2006-1210 1 Micromuse 1 Netcool Neusecure 2026-06-16 7.5 HIGH N/A
The web interface for IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 includes the MySQL database username and password in cleartext in body.phtml, which allows remote attackers to gain privileges by reading the source. NOTE: IBM has privately confirmed to CVE that a fix is available for these issues.
CVE-2006-1209 1 Bugada Andrea 1 Php Advanced Transfer Manager 2026-06-16 5.0 MEDIUM N/A
PHP Advanced Transfer Manager 1.00 through 1.30 stores sensitive information, including password hashes, under the web root with insufficient access control, which allows remote attackers to download each password hash via a direct request for a users/[USERNAME] file.
CVE-2006-1208 1 Sergey Korostel 1 Php Upload Center 2026-06-16 7.5 HIGH N/A
Sergey Korostel PHP Upload Center allows remote attackers to execute arbitrary PHP code by uploading a file whose name ends in a .php.li extension, which can be accessed from the upload directory.
CVE-2006-1207 1 Sergey Korostel 1 Php Upload Center 2026-06-16 5.0 MEDIUM N/A
PHP Upload Center stores password hashes under the web root with insufficient access control, which allows remote attackers to download each password hash via a direct request for the upload/users/[USERNAME] file.