Total
29924 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1206 | 1 Dropbear Ssh Project | 1 Dropbear Ssh | 2026-06-16 | 5.0 MEDIUM | N/A |
| Matt Johnston Dropbear SSH server 0.47 and earlier, as used in embedded Linux devices and on general-purpose operating systems, allows remote attackers to cause a denial of service (connection slot exhaustion) via a large number of connection attempts that exceeds the MAX_UNAUTH_CLIENTS defined value of 30. | |||||
| CVE-2006-1205 | 1 Mywebland | 1 Mybloggie | 2026-06-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in myWebland myBloggie 2.1.3 beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) confirmredirect and (2) post_id parameters in (a) delcomment.php, as reachable when mode=delcom from index.php; and the (3) del and (4) message parameters in (b) upload.php, the (5) errormsg parameter in (c) addcat.php, (d) edituser.php, (e) adduser.php, and (f) editcat.php, the (6) trackback_url parameter in (g) add.php, (7) id parameter in (h) deluser.php, (8) cat_id parameter in (i) delcat.php, and (9) post_id parameter in (j) del.php, as reachable from admin.php. | |||||
| CVE-2006-1204 | 1 Txtforum | 1 Txtforum | 2026-06-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in txtForum 1.0.4-dev and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) prev, (2) next, and (3) rand5 parameters in (a) index.php; the (4) r_username and (5) r_loc parameters in (b) new_topic.php; the (6) r_num, (7) r_family_name, (8) r_icq, (9) r_yahoo, (10) r_aim, (11) r_homepage, (12) r_interests, (13) r_about, (14) selected1, (15) selected0, (16) signature_selected1, (17) signature_selected0, (18) smile_selected1, (19) smile_selected0, (20) ubb_selected1, and (21) ubb_selected0 parameters in (c) profile.php; the (22) quote and (23) tid parameters in (d) reply.php; and the (24) tid, (25) sticked, and (26) mid parameters in (e) view_topic.php. | |||||
| CVE-2006-1203 | 1 Txtforum | 1 Txtforum | 2026-06-16 | 7.5 HIGH | N/A |
| PHP remote file include vulnerability in common.php in txtForum 1.0.4-dev and earlier allows remote attackers to include and execute arbitrary PHP code via a URL in the skin parameter to login.php, and possibly other parameters to other PHP scripts, related to include statements in common.php. | |||||
| CVE-2006-1202 | 1 Jcink.com | 1 Textfilebb | 2026-06-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in textfileBB 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) mess and (2) user parameters in messanger.php, possibly requiring a URL encoded value. | |||||
| CVE-2006-1201 | 1 Eschew.net | 1 Phpbannerexchange | 2026-06-16 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in resetpw.php in eschew.net phpBannerExchange 2.0 and earlier, and other versions before 2.0 Update 5, allows remote attackers to read arbitrary files via a .. (dot dot) in the email parameter during a "Recover password" operation (recoverpw.php). | |||||
| CVE-2006-1200 | 1 Daverave | 1 Link Bank | 2026-06-16 | 7.5 HIGH | N/A |
| Direct static code injection vulnerability in add_link.txt in daverave Link Bank allows remote attackers to execute arbitrary PHP code via the url_name parameter, which is not sanitized before being stored in links.txt, which is later used in an include statement. | |||||
| CVE-2006-1199 | 1 Daverave | 1 Link Bank | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in iframe.php in daverave Link Bank allows remote attackers to inject arbitrary web script or HTML via the site parameter. | |||||
| CVE-2006-1198 | 1 Comvigo | 1 Im Lock | 2026-06-16 | 3.7 LOW | N/A |
| Comvigo IM Lock 2006 uses a simple substitution cipher to encrypt a password stored in the msnvs\prc registry value, for which all users have Read permission, which allows local users to bypass the product's blocking functionality by decrypting the password. | |||||
| CVE-2006-1197 | 1 Macrovision | 1 Safedisc | 2026-06-16 | 7.2 HIGH | N/A |
| SafeDisc installs the driver service for the secdrv.sys driver with insecure permissions, which allows local users to gain privileges by changing the configuration to reference a malicious program. | |||||
| CVE-2006-1196 | 1 David Barrett | 1 Qwikiwiki | 2026-06-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in QwikiWiki 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) from and (2) help parameters to (a) index.php; (3) action, (4) page, (5) debug, (6) help, (7) username, or (8) password parameters to (b) login.php; the (7) help parameter to (c) pageindex.php; or (8) help parameter to (d) recentchanges.php. | |||||
| CVE-2006-1195 | 1 Enet | 1 Enet Library | 2026-06-16 | 5.0 MEDIUM | N/A |
| The enet_protocol_handle_send_fragment function in protocol.c for ENet library CVS version Jul 2005 and earlier, as used in products including (1) Cube, (2) Sauerbraten, and (3) Duke3d_w32, allows remote attackers to cause a denial of service (application crash) via a packet fragment with a large total data size, which triggers an application abort when memory allocation fails. | |||||
| CVE-2006-1194 | 1 Enet | 1 Enet Library | 2026-06-16 | 5.0 MEDIUM | N/A |
| Integer signedness error in the enet_protocol_handle_incoming_commands function in protocol.c for ENet library CVS version Jul 2005 and earlier, as used in products including (1) Cube, (2) Sauerbraten, and (3) Duke3d_w32, allows remote attackers to cause a denial of service (application crash) via a packet with a large command length value, which leads to an invalid memory access. | |||||
| CVE-2006-1191 | 1 Microsoft | 1 Internet Explorer | 2026-06-16 | 4.0 MEDIUM | N/A |
| Microsoft Internet Explorer 5.01 through 6 does not always correctly identify the domain that is associated with a browser window, which allows remote attackers to obtain sensitive cross-domain information and spoof sites by running script after the user has navigated to another site. | |||||
| CVE-2006-1190 | 1 Microsoft | 1 Internet Explorer | 2026-06-16 | 10.0 HIGH | N/A |
| Microsoft Internet Explorer 5.01 through 6 does not always return the correct IOleClientSite information when dynamically creating an embedded object, which could cause Internet Explorer to run the object in the wrong security context or zone, and allow remote attackers to execute arbitrary code. | |||||
| CVE-2006-1188 | 2 Canon, Microsoft | 3 Network Camera Server Vb101, Ie, Internet Explorer | 2026-06-16 | 7.5 HIGH | N/A |
| Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via HTML elements with a certain crafted tag, which leads to memory corruption. | |||||
| CVE-2006-1186 | 1 Microsoft | 2 Ie, Internet Explorer | 2026-06-16 | 10.0 HIGH | N/A |
| Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via by instantiating the (1) Mdt2gddr.dll, (2) Mdt2dd.dll, and (3) Mdt2gddo.dll COM objects as ActiveX controls, which leads to memory corruption. | |||||
| CVE-2006-1185 | 2 Canon, Microsoft | 3 Network Camera Server Vb101, Ie, Internet Explorer | 2026-06-16 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via certain invalid HTML that causes memory corruption. | |||||
| CVE-2006-1184 | 1 Microsoft | 5 Distributed Transaction Coordinator, Windows 2000, Windows 2003 Server and 2 more | 2026-06-16 | 5.0 MEDIUM | N/A |
| Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0, 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to cause a denial of service (crash) via a BuildContextW request with a large (1) UuidString or (2) GuidIn of a certain length, which causes an out-of-range memory access, aka the MSDTC Denial of Service Vulnerability. NOTE: this is a variant of CVE-2005-2119. | |||||
| CVE-2006-1183 | 1 Ubuntu | 1 Ubuntu Linux | 2026-06-16 | 7.2 HIGH | N/A |
| The Ubuntu 5.10 installer does not properly clear passwords from the installer log file (questions.dat), and leaves the log file with world-readable permissions, which allows local users to gain privileges. | |||||
