Vulnerabilities (CVE)

Filtered by NVD-CWE-Other
Total 29928 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-0872 1 Coppermine 1 Coppermine Photo Gallery 2026-06-16 5.0 MEDIUM N/A
Directory traversal vulnerability in init.inc.php in Coppermine Photo Gallery 1.4.3 and earlier allows remote attackers to include arbitrary files via a .. (dot dot) sequence and trailing NULL (%00) byte in the lang parameter.
CVE-2006-0870 1 Mini-nuke 1 Mini-nuke Cms 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in pages.asp in Mini-Nuke CMS System 1.8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: version 2.3 was later reported to be vulnerable as well.
CVE-2006-0869 1 Pear 1 Pear Liveuser 2026-06-16 6.4 MEDIUM N/A
Directory traversal vulnerability in the "remember me" feature in liveuser.php in PHP Extension and Application Repository (PEAR) LiveUser 0.16.8 and earlier allows remote attackers to determine file existence, and possibly delete arbitrary files with short pathnames or possibly read arbitrary files, via a .. (dot dot) in the store_id value of a cookie.
CVE-2006-0868 1 Pear 1 Xml Rpc 2026-06-16 7.5 HIGH N/A
Multiple unspecified injection vulnerabilities in unspecified Auth Container back ends for PEAR::Auth before 1.2.4, and 1.3.x before 1.3.0r4, allow remote attackers to "falsify authentication credentials," related to the "underlying storage containers."
CVE-2006-0867 1 South River 1 Webdrive 2026-06-16 5.0 MEDIUM N/A
Buffer overflow in certain versions of South River (aka SRT) WebDrive, possibly version 6.08 build 1131 and version 8, allows remote attackers to cause a denial of service (application crash and persistent erratic behavior) via a long string in the name entry field.
CVE-2006-0866 1 Punbb 1 Punbb 2026-06-16 5.0 MEDIUM N/A
PunBB 1.2.10 and earlier allows remote attackers to conduct brute force guessing attacks for an account's password, which may be as short as 4 characters.
CVE-2006-0865 1 Punbb 1 Punbb 2026-06-16 5.0 MEDIUM N/A
PunBB 1.2.10 and earlier allows remote attackers to cause a denial of service (resource consumption) by registering many user accounts quickly.
CVE-2006-0864 1 Hauri 1 Virobot 2026-06-16 10.0 HIGH N/A
filescan in Global Hauri ViRobot 2.0 20050817 does not verify the Cookie HTTP header, which allows remote attackers to gain administrative privileges via an arbitrary cookie value.
CVE-2006-0863 1 Infovista 1 Portalse 2026-06-16 5.0 MEDIUM N/A
InfoVista PortalSE 2.0 Build 20087 on Solaris 8 allows remote attackers to obtain sensitive information by specifying a nonexistent server in the server field, which reveals the path in an error message.
CVE-2006-0862 1 Infovista 1 Portalse 2026-06-16 5.0 MEDIUM N/A
Unspecified vulnerability in InfoVista PortalSE 2.0 Build 20087 on Solaris 8 without the IV00038969 hotfix allows remote attackers to read arbitrary files via a crafted URL.
CVE-2006-0858 1 Starforce 1 Safe N Sec Personal \+ Anti-spyware 2026-06-16 7.2 HIGH N/A
Unquoted Windows search path vulnerability in (1) snsmcon.exe, (2) the autostartup mechanism, and (3) an unspecified installation component in StarForce Safe'n'Sec Personal + Anti-Spyware 2.0 and earlier, and possibly other StarForce Safe'n'Sec products, might allow local users to gain privileges via a malicious "program" file in the C: folder.
CVE-2006-0856 1 Scriptme 1 Sme Gb Host 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in login.php in Scriptme SmE GB Host 1.21 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the Username parameter.
CVE-2006-0853 1 Truenorth Software 1 Ia Emailserver 2026-06-16 6.5 MEDIUM N/A
Buffer overflow in the IMAP service of TrueNorth Internet Anywhere (IA) eMailserver 5.3.4 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long SEARCH argument.
CVE-2006-0852 1 Devscripts 1 Admbook 2026-06-16 7.5 HIGH N/A
Direct static code injection vulnerability in write.php in Admbook 1.2.2 and earlier allows remote attackers to execute arbitrary PHP code via the X-Forwarded-For HTTP header field, which is inserted into content-data.php.
CVE-2006-0851 1 Ilch.de 1 Ilchclan 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in the forum module of ilchClan 1.05g and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter, when creating a newpost.
CVE-2006-0850 1 Ilch.de 1 Ilchclan 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in include/includes/user/login.php in ilchClan before 1.05g allows remote attackers to execute arbitrary SQL commands via the login_name parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-0847 1 Cherrypy 1 Cherrypy 2026-06-16 5.0 MEDIUM N/A
Directory traversal vulnerability in the staticfilter component in CherryPy before 2.1.1 allows remote attackers to read arbitrary files via ".." sequences in unspecified vectors.
CVE-2006-0846 1 Leif M. Wright 1 Web Blog 2026-06-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Leif M. Wright's Blog 3.5 allow remote attackers to inject arbitrary web script or HTML via the (1) Referer and (2) User-Agent HTTP headers, which are stored in a log file and not sanitized when the administrator views the "Log" page, possibly using the ViewCommentsLog function.
CVE-2006-0845 1 Leif M. Wright 1 Web Blog 2026-06-16 6.5 MEDIUM N/A
Leif M. Wright's Blog 3.5 allows remote authenticated users with administrative privileges to execute arbitrary programs, including shell commands, by configuring the sendmail path to a malicious pathname.
CVE-2006-0844 1 Leif M. Wright 1 Web Blog 2026-06-16 7.5 HIGH N/A
Leif M. Wright's Blog 3.5 does not make a password comparison when authenticating an administrator via a cookie, which allows remote attackers to bypass login authentication, probably by setting the blogAdmin cookie.