Vulnerabilities (CVE)

Filtered by NVD-CWE-Other
Total 29928 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-0898 1 Lincoln D. Stein 1 Crypt Cbc 2026-06-16 2.6 LOW N/A
Crypt::CBC Perl module 2.16 and earlier, when running in RandomIV mode, uses an initialization vector (IV) of 8 bytes, which results in weaker encryption when used with a cipher that requires a larger block size than 8 bytes, such as Rijndael.
CVE-2006-0895 1 Nocc 1 Nocc 2026-06-16 5.0 MEDIUM N/A
NOCC Webmail 1.0 allows remote attackers to obtain the installation path via a direct request to html/header.php.
CVE-2006-0894 1 Nocc 1 Nocc 2026-06-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in NOCC Webmail 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the html_error_occurred parameter in error.php, (2) html_filter_select parameter in filter_prefs.php, (3) html_no_mail parameter in no_mail.php, the (4) page_line, (5) prev, and (6) next parameters in html_bottom_table.php, and the (7) _SESSION['nocc_theme'] parameter in footer.php.
CVE-2006-0893 1 Nocc 1 Nocc 2026-06-16 5.0 MEDIUM N/A
NOCC Webmail 1.0 allows remote attackers to obtain sensitive information via a direct request to (1) the profiles directory, which leaks e-mail addresses contained in filenames of profiles, and (2) the tmp directory, which lists names of uploaded attachments.
CVE-2006-0892 1 Nocc 1 Nocc 2026-06-16 7.5 HIGH N/A
NOCC Webmail 1.0 stores e-mail attachments in temporary files with predictable filenames, which makes it easier for remote attackers to execute arbitrary code by accessing the e-mail attachment via directory traversal vulnerabilities.
CVE-2006-0891 1 Nocc 1 Nocc 2026-06-16 5.0 MEDIUM N/A
Multiple directory traversal vulnerabilities in NOCC Webmail 1.0 allow remote attackers to include arbitrary files via .. (dot dot) sequences and a trailing NULL (%00) byte in (1) the _SESSION['nocc_theme'] parameter in (a) html/footer.php; and (2) the lang and (3) theme parameters and the (4) Accept-Language HTTP header field, when force_default_lang is disabled, in (b) index.php, as demonstrated by injecting PHP code into a profile and accessing it using the lang parameter in index.php.
CVE-2006-0890 1 Speedproject 3 Speedcommander, Squeez, Zipstar 2026-06-16 5.0 MEDIUM N/A
Directory traversal vulnerability in SpeedProject Squeez 5.1, as used in (1) ZipStar 5.1 and (2) SpeedCommander 11.01.4450, allows remote attackers to overwrite arbitrary files via unspecified manipulations in a (1) JAR or (2) ZIP archive.
CVE-2006-0889 1 Brown Bear Software 1 Calcium 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Calcium 3.10.1 allows remote attackers to inject arbitrary web script or HTML via the EventText parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-0888 1 Invision Power Services 1 Invision Power Board 2026-06-16 2.6 LOW N/A
index.php in Invision Power Board (IPB) 2.0.1, with Code Confirmation disabled, allows remote attackers to cause an unspecified denial of service by registering a large number of users.
CVE-2006-0886 1 Dev 1 Dev Web Management System 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in register.php in DEV web management system 1.5 allows remote attackers to inject arbitrary web script or HTML via the "City/Region" field (mesto variable). NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-0885 1 Cutephp 1 Cutenews 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in show_news.php in CuteNews 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the show parameter.
CVE-2006-0882 1 Phpoutsourcing 1 Noahs Classifieds 2026-06-16 5.0 MEDIUM N/A
Directory traversal vulnerability in include.php in Noah's Classifieds 1.3 allows remote attackers to include arbitrary local files via the otherTemplate parameter to index.php.
CVE-2006-0881 1 Phpoutsourcing 1 Noahs Classifieds 2026-06-16 7.5 HIGH N/A
Multiple PHP remote file include vulnerabilities in gorum/gorumlib.php in Noah's Classifieds 1.3, when register_globals is enabled, allow remote attackers to include arbitrary PHP files via the (1) upperTemplate and (2) lowerTemplate parameters, as demonstrated using the lowerTemplate parameter to index.php.
CVE-2006-0880 1 Phpoutsourcing 1 Noahs Classifieds 2026-06-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Noah's Classifieds 1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) inf parameter; or, when register_globals is enabled, the (2) upperTemplate and (3) lowerTemplate parameters.
CVE-2006-0879 1 Phpoutsourcing 1 Noahs Classifieds 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the search tool in Noah's Classifieds 1.3 allows remote attackers to execute arbitrary SQL commands via unspecified attack vectors.
CVE-2006-0878 1 Phpoutsourcing 1 Noahs Classifieds 2026-06-16 5.0 MEDIUM N/A
Noah's Classifieds 1.3 allows remote attackers to obtain the installation path via a direct request to include files, as demonstrated by classifieds/gorum/category.php.
CVE-2006-0877 1 Easy Forum 1 Easy Forum 2026-06-16 5.0 MEDIUM N/A
Cross-site scripting vulnerability in Easy Forum 2.5 allows remote attackers to inject arbitrary web script or HTML via the image variable.
CVE-2006-0876 1 Popfile 1 Popfile 2026-06-16 5.0 MEDIUM N/A
POPFile before 0.22.4 allows remote attackers to cause a denial of service (application crash) via unspecified vectors involving character sets within e-mail messages.
CVE-2006-0875 1 Runcms 1 Runcms 2026-06-16 5.0 MEDIUM N/A
Cross-site scripting vulnerability in ratefile.php in RunCMS 1.3a5 allows remote attackers to inject arbitrary web script or HTML via the lid parameter.
CVE-2006-0873 1 Coppermine 1 Coppermine Photo Gallery 2026-06-16 5.0 MEDIUM N/A
Absolute path traversal vulnerability in docs/showdocs.php in Coppermine Photo Gallery 1.4.3 and earlier allows remote attackers to include arbitrary files via the f parameter, and possibly remote files using UNC share pathnames.