Vulnerabilities (CVE)

Filtered by NVD-CWE-Other
Total 29925 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-1132 1 Vbzoom 1 Vbzoom 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in show.php in vbzoom 1.11 allow remote attackers to execute arbitrary SQL commands via the MainID parameter. NOTE: the SubjectID vector is already covered by CVE-2005-4729.
CVE-2006-1131 1 Bitweaver 1 Bitweaver 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in read.php in bitweaver CMS 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the comment_title parameter.
CVE-2006-1130 1 Ekinboard 1 Ekinboard 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in EKINboard 1.0.3 allows remote attackers to inject arbitrary web script or HTML via a Javascript URI in a BBCode img tag.
CVE-2006-1129 1 Ekinboard 1 Ekinboard 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in config.php in EKINboard 1.0.3 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username cookie.
CVE-2006-1128 1 Gallery Project 1 Gallery 2026-06-16 6.4 MEDIUM N/A
Directory traversal vulnerability in the session handling class (GallerySession.class) in Gallery 2 up to 2.0.2 allows remote attackers to access and delete files by specifying the session in a cookie, which is used in constructing file paths before the session value is sanitized.
CVE-2006-1127 1 Gallery Project 1 Gallery 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Gallery 2 up to 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For (X_FORWARDED_FOR) HTTP header, which is not properly handled when adding a comment to an album.
CVE-2006-1126 1 Gallery Project 1 Gallery 2026-06-16 6.4 MEDIUM N/A
Gallery 2 up to 2.0.2 allows remote attackers to spoof their IP address via a modified X-Forwarded-For (X_FORWARDED_FOR) HTTP header, which is checked by Gallery before other more reliable sources of IP address information, such as REMOTE_ADDR.
CVE-2006-1125 1 Grisoft 1 Avg Antivirus 2026-06-16 4.6 MEDIUM N/A
Grisoft AVG Free 7.1, and other versions including 7.0.308, sets Everyone/Full Control permissions for certain update files including (1) upd_vers.cfg, (2) incavi.avm, and (3) unspecified drivers, which might allow local users to gain privileges.
CVE-2006-1124 1 Revilloc Solutions 1 Revilloc Mailserver 2026-06-16 7.5 HIGH N/A
Buffer overflow in RevilloC MailServer and Proxy 1.21 allows remote attackers to execute arbitrary code via a long USER command.
CVE-2006-1123 1 D2ksoft 1 D2kblog 2026-06-16 10.0 HIGH N/A
SQL injection vulnerability in D2KBlog 1.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the memName parameter in a cookie.
CVE-2006-1122 1 D2ksoft 1 D2kblog 2026-06-16 6.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Default.asp in D2KBlog 1.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
CVE-2006-1121 1 Cutephp 1 Cutenews 2026-06-16 6.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in CuteNews 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the query string to index.php.
CVE-2006-1120 1 Codeworx Technologies 1 Dcp-portal 2026-06-16 2.6 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 6.1.1 and earlier, with register_globals enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) its_url parameter in the documents page and (2) url parameter in the send_write page of (a) index.php; (3) subject, and (4) images parameters to (b) calendar.php; (5) bid, (6) replying_msg, (7) subject, (8) body, and (9) mid parameters to (c) forums.php; (10) subject and (11) message parameters to (d) inbox.php; (12) subject_color and (13) email parameters to (e) lostpassword.php; and the (14) c_name, (15) content_inicial, and (16) cid parameters to (f) mycontents.php. NOTE: the calendar.php/day vector is already subsumed by CVE-2006-0220, and the calendar.php/month, calendar.php/year, and search.php/q parameters for calendar.php are already subsumed by CVE-2004-2511.
CVE-2006-1118 1 Bmail 1 Bmail 2026-06-16 5.0 MEDIUM N/A
SQL injection vulnerability in bmail before Aardvark PR9.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving GBK character sets.
CVE-2006-1117 1 Ncipher 8 Dse200 Document Sealing Engine, Ncore, Nethsm and 5 more 2026-06-16 2.6 LOW N/A
nCipher firmware before V10, as used by (1) nShield, (2) nForce, (3) netHSM, (4) payShield, (5) SecureDB, (6) DSE200 Document Sealing Engine, (7) Time Source Master Clock (TSMC), and possibly other products, contains certain options that were only intended for testing and not production, which might allow remote attackers to obtain information about encryption keys and crack those keys with less effort than brute force.
CVE-2006-1116 1 Ncipher 1 Ncore 2026-06-16 5.0 MEDIUM N/A
The CBC-MAC integrity functions in the nCipher nCore API before 2.18 transmit the initialization vector IV as part of a message when the implementation uses a non-zero IV, which allows remote attackers to bypass integrity checks and modify messages without being detected.
CVE-2006-1115 1 Ncipher 3 Chil, Mscapi Csp, Ncipher Software Cd 2026-06-16 2.6 LOW N/A
nCipher HSM before 2.22.6, when generating a Diffie-Hellman public/private key pair without any specified DiscreteLogGroup parameters, chooses random parameters that could allow an attacker to crack the private key in significantly less time than a brute force attack.
CVE-2006-1114 1 Gerrit Van Aaken 1 Loudblog 2026-06-16 6.4 MEDIUM N/A
Multiple directory traversal vulnerabilities in Loudblog before 0.42 allow remote attackers to read or include arbitrary files via a .. (dot dot) and trailing %00 (NULL) byte in the (1) template and (2) page parameters in (a) index.php, and the (3) language parameter in (b) inc/backend_settings.php.
CVE-2006-1113 1 Gerrit Van Aaken 1 Loudblog 2026-06-16 5.0 MEDIUM N/A
SQL injection vulnerability in podcast.php in Loudblog before 0.42 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2006-1112 1 Aztek Forum 1 Aztek Forum 2026-06-16 5.0 MEDIUM N/A
Aztek Forum 4.0 allows remote attackers to obtain sensitive information via a long login value in a register form, which displays the installation path in a MySQL error message.