Total
29928 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-0872 | 1 Coppermine | 1 Coppermine Photo Gallery | 2026-06-16 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in init.inc.php in Coppermine Photo Gallery 1.4.3 and earlier allows remote attackers to include arbitrary files via a .. (dot dot) sequence and trailing NULL (%00) byte in the lang parameter. | |||||
| CVE-2006-0870 | 1 Mini-nuke | 1 Mini-nuke Cms | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in pages.asp in Mini-Nuke CMS System 1.8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: version 2.3 was later reported to be vulnerable as well. | |||||
| CVE-2006-0869 | 1 Pear | 1 Pear Liveuser | 2026-06-16 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in the "remember me" feature in liveuser.php in PHP Extension and Application Repository (PEAR) LiveUser 0.16.8 and earlier allows remote attackers to determine file existence, and possibly delete arbitrary files with short pathnames or possibly read arbitrary files, via a .. (dot dot) in the store_id value of a cookie. | |||||
| CVE-2006-0868 | 1 Pear | 1 Xml Rpc | 2026-06-16 | 7.5 HIGH | N/A |
| Multiple unspecified injection vulnerabilities in unspecified Auth Container back ends for PEAR::Auth before 1.2.4, and 1.3.x before 1.3.0r4, allow remote attackers to "falsify authentication credentials," related to the "underlying storage containers." | |||||
| CVE-2006-0867 | 1 South River | 1 Webdrive | 2026-06-16 | 5.0 MEDIUM | N/A |
| Buffer overflow in certain versions of South River (aka SRT) WebDrive, possibly version 6.08 build 1131 and version 8, allows remote attackers to cause a denial of service (application crash and persistent erratic behavior) via a long string in the name entry field. | |||||
| CVE-2006-0866 | 1 Punbb | 1 Punbb | 2026-06-16 | 5.0 MEDIUM | N/A |
| PunBB 1.2.10 and earlier allows remote attackers to conduct brute force guessing attacks for an account's password, which may be as short as 4 characters. | |||||
| CVE-2006-0865 | 1 Punbb | 1 Punbb | 2026-06-16 | 5.0 MEDIUM | N/A |
| PunBB 1.2.10 and earlier allows remote attackers to cause a denial of service (resource consumption) by registering many user accounts quickly. | |||||
| CVE-2006-0864 | 1 Hauri | 1 Virobot | 2026-06-16 | 10.0 HIGH | N/A |
| filescan in Global Hauri ViRobot 2.0 20050817 does not verify the Cookie HTTP header, which allows remote attackers to gain administrative privileges via an arbitrary cookie value. | |||||
| CVE-2006-0863 | 1 Infovista | 1 Portalse | 2026-06-16 | 5.0 MEDIUM | N/A |
| InfoVista PortalSE 2.0 Build 20087 on Solaris 8 allows remote attackers to obtain sensitive information by specifying a nonexistent server in the server field, which reveals the path in an error message. | |||||
| CVE-2006-0862 | 1 Infovista | 1 Portalse | 2026-06-16 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in InfoVista PortalSE 2.0 Build 20087 on Solaris 8 without the IV00038969 hotfix allows remote attackers to read arbitrary files via a crafted URL. | |||||
| CVE-2006-0858 | 1 Starforce | 1 Safe N Sec Personal \+ Anti-spyware | 2026-06-16 | 7.2 HIGH | N/A |
| Unquoted Windows search path vulnerability in (1) snsmcon.exe, (2) the autostartup mechanism, and (3) an unspecified installation component in StarForce Safe'n'Sec Personal + Anti-Spyware 2.0 and earlier, and possibly other StarForce Safe'n'Sec products, might allow local users to gain privileges via a malicious "program" file in the C: folder. | |||||
| CVE-2006-0856 | 1 Scriptme | 1 Sme Gb Host | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.php in Scriptme SmE GB Host 1.21 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the Username parameter. | |||||
| CVE-2006-0853 | 1 Truenorth Software | 1 Ia Emailserver | 2026-06-16 | 6.5 MEDIUM | N/A |
| Buffer overflow in the IMAP service of TrueNorth Internet Anywhere (IA) eMailserver 5.3.4 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long SEARCH argument. | |||||
| CVE-2006-0852 | 1 Devscripts | 1 Admbook | 2026-06-16 | 7.5 HIGH | N/A |
| Direct static code injection vulnerability in write.php in Admbook 1.2.2 and earlier allows remote attackers to execute arbitrary PHP code via the X-Forwarded-For HTTP header field, which is inserted into content-data.php. | |||||
| CVE-2006-0851 | 1 Ilch.de | 1 Ilchclan | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the forum module of ilchClan 1.05g and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter, when creating a newpost. | |||||
| CVE-2006-0850 | 1 Ilch.de | 1 Ilchclan | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in include/includes/user/login.php in ilchClan before 1.05g allows remote attackers to execute arbitrary SQL commands via the login_name parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-0847 | 1 Cherrypy | 1 Cherrypy | 2026-06-16 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the staticfilter component in CherryPy before 2.1.1 allows remote attackers to read arbitrary files via ".." sequences in unspecified vectors. | |||||
| CVE-2006-0846 | 1 Leif M. Wright | 1 Web Blog | 2026-06-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Leif M. Wright's Blog 3.5 allow remote attackers to inject arbitrary web script or HTML via the (1) Referer and (2) User-Agent HTTP headers, which are stored in a log file and not sanitized when the administrator views the "Log" page, possibly using the ViewCommentsLog function. | |||||
| CVE-2006-0845 | 1 Leif M. Wright | 1 Web Blog | 2026-06-16 | 6.5 MEDIUM | N/A |
| Leif M. Wright's Blog 3.5 allows remote authenticated users with administrative privileges to execute arbitrary programs, including shell commands, by configuring the sendmail path to a malicious pathname. | |||||
| CVE-2006-0844 | 1 Leif M. Wright | 1 Web Blog | 2026-06-16 | 7.5 HIGH | N/A |
| Leif M. Wright's Blog 3.5 does not make a password comparison when authenticating an administrator via a cookie, which allows remote attackers to bypass login authentication, probably by setting the blogAdmin cookie. | |||||
