Total
29928 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-0977 | 1 Craig Morrison | 1 Mts Pro | 2026-06-16 | 5.0 MEDIUM | N/A |
| Craig Morrison Mail Transport System Professional (aka MTS Pro) acts as an open relay when configured to relay all mail through an external SMTP server, which allows remote attackers to relay mail by connecting to the MTS Pro server, then sending a MAIL FROM that specifies a domain that is local to the server. | |||||
| CVE-2006-0974 | 1 Battleaxe Software | 1 Bttlxeforum | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in failure.asp in Battleaxe bttlxeForum 2.0 allows remote attackers to inject arbitrary web script or HTML via the err_txt parameter. | |||||
| CVE-2006-0973 | 1 Phpwebsite | 1 Phpwebsite | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in topics.php in Appalachian State University phpWebSite 0.10.2 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter. | |||||
| CVE-2006-0972 | 1 Fscripts | 1 Fantastic News | 2026-06-16 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in news.php in Tony Baird Fantastic News 2.1.1 allows remote attackers to execute arbitrary SQL commands via the page parameter. NOTE: the category vector is already covered by CVE-2005-3846. | |||||
| CVE-2006-0971 | 1 Lionel Reyero | 1 Directcontact | 2026-06-16 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Lionel Reyero DirectContact 0.3b allows remote attackers to read arbitrary files via a .. (dot dot) in the URL. | |||||
| CVE-2006-0970 | 1 Activecampaign | 6 1-2-all, General, Isalient and 3 more | 2026-06-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in one or more ActiveCampaign products, possibly SupportTrio, allows remote attackers to include and execute arbitrary files via the page parameter. | |||||
| CVE-2006-0969 | 1 Pixelartkingdom | 1 Top Sites | 2026-06-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in Top sites de PixelArtKingdom allows remote attackers to include and execute arbitrary files via the page parameter. | |||||
| CVE-2006-0968 | 1 Ncp Network Communications | 1 Secure Client | 2026-06-16 | 7.2 HIGH | N/A |
| The ncprwsnt service in NCP Network Communication Secure Client 8.11 Build 146, and possibly other versions, allows local users to execute arbitrary code by modifying the connect.bat script, which is automatically executed by the service after a connection is established. | |||||
| CVE-2006-0965 | 1 Ncp Network Communications | 1 Secure Client | 2026-06-16 | 4.6 MEDIUM | N/A |
| NCP Network Communication Secure Client 8.11 Build 146, and possibly other versions, allows local users to bypass security protections and configure privileged options via a long argument to ncpmon.exe, which provides access to alternate privileged menus, possibly due to a buffer overflow. | |||||
| CVE-2006-0964 | 1 Ncp Network Communications | 1 Secure Client | 2026-06-16 | 4.6 MEDIUM | N/A |
| Client Firewall in NCP Network Communication Secure Client 8.11 Build 146, and possibly other versions, allows local users to bypass firewall program execution rules by replacing an allowed program with an arbitrary program. | |||||
| CVE-2006-0962 | 1 Vubb | 1 Vubb | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in vuBB 0.2 allows remote attackers to execute arbitrary SQL commands via the pass parameter in a cookie. | |||||
| CVE-2006-0960 | 1 Compex | 1 Netpassage Wpe54g | 2026-06-16 | 5.0 MEDIUM | N/A |
| uConfig agent in Compex NetPassage WPE54G router allows remote attackers to cause a denial of service (unresposiveness) via crafted datagrams to UDP port 7778. | |||||
| CVE-2006-0958 | 1 Zoneo-soft | 1 Freeforum | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in func.inc.php in ZoneO-Soft freeForum before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the (1) name and (2) subject parameters. | |||||
| CVE-2006-0957 | 1 Zoneo-soft | 1 Freeforum | 2026-06-16 | 7.5 HIGH | N/A |
| Direct static code injection vulnerability in func.inc.php in ZoneO-Soft freeForum before 1.2.1 allows remote attackers to execute arbitrary PHP code via the (1) X-Forwarded-For and (2) Client-Ip HTTP headers, which are stored in Data/flood.db.php. | |||||
| CVE-2006-0956 | 1 Nufw | 1 Nufw Firewall | 2026-06-16 | 1.7 LOW | N/A |
| nuauth in NuFW before 1.0.21 does not properly handle blocking TLS sockets, which allows remote authenticated users to cause a denial of service (service hang) by flooding packets at the authentication server. | |||||
| CVE-2006-0951 | 1 Eset Software | 1 Nod32 Antivirus | 2026-06-16 | 7.2 HIGH | N/A |
| The GUI (nod32.exe) in NOD32 2.5 runs with SYSTEM privileges when the scheduler runs a scheduled on-demand scan, which allows local users to execute arbitrary code during a scheduled scan via unspecified attack vectors. | |||||
| CVE-2006-0949 | 1 Raidenhttpd | 1 Raidenhttpd | 2026-06-16 | 5.0 MEDIUM | N/A |
| RaidenHTTPD 1.1.47 allows remote attackers to obtain source code of script files, including PHP, via crafted requests involving (1) "." (dot), (2) space, and (3) "/" (slash) characters. | |||||
| CVE-2006-0948 | 1 Aol | 1 Aol | 2026-06-16 | 7.2 HIGH | N/A |
| AOL 9.0 Security Edition revision 4184.2340, and probably other versions, uses insecure permissions (Everyone/Full Control) for the "America Online 9.0" directory, which allows local users to gain privileges by replacing critical files. | |||||
| CVE-2006-0947 | 1 Thomson | 1 Speedtouch | 2026-06-16 | 7.5 HIGH | N/A |
| Thomson SpeedTouch modem running firmware 5.3.2.6.0 allows remote attackers to create users that cannot be deleted via scripting code in the "31" parameter in a NewUser function, which is not filtered by the modem when creating the account, but cannot be deleted by the administrator, possibly due to cleansing that occurs in the administrator interface. | |||||
| CVE-2006-0946 | 1 Thomson | 1 Speedtouch | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Thomson SpeedTouch modems running firmware 5.3.2.6.0 allows remote attackers to inject arbitrary web script or HTML via the name parameter to the LocalNetwork page. | |||||
