Vulnerabilities (CVE)

Filtered by NVD-CWE-Other
Total 29928 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-0822 1 Emulinker Kaillera Server 1 Emulinker Kaillera Server 2026-06-16 5.0 MEDIUM N/A
Unspecified vulnerability in EmuLinker Kaillera Server before 0.99.17 allows remote attackers to cause a denial of service (probably resource consumption) via a crafted packet that causes a "ghost game" to be left on the server.
CVE-2006-0821 1 Bxcp 1 Bxcp 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in index.php in BXCP 0.299 allows remote attackers to execute arbitrary SQL commands via the tid parameter.
CVE-2006-0820 1 Gnome 1 Dwarf Http Server 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Dwarf HTTP Server 1.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified error messages.
CVE-2006-0819 1 Gnome 1 Dwarf Http Server 2026-06-16 7.8 HIGH N/A
Dwarf HTTP Server 1.3.2 allows remote attackers to obtain the source code of JSP files via (1) dot, (2) space, (3) slash, or (4) NULL characters in the filename extension of an HTTP request.
CVE-2006-0818 3 Deerfield, Icewarp, Merak 3 Visnetic Mail Server, Web Mail, Mail Server 2026-06-16 4.0 MEDIUM N/A
Absolute path directory traversal vulnerability in (1) MERAK Mail Server for Windows 8.3.8r with before IceWarp Web Mail 5.6.1 and (2) VisNetic MailServer before 8.5.0.5 allows remote authenticated users to include arbitrary files via a modified language parameter and a full Windows or UNC pathname in the lang_settings parameter to mail/index.html, which is not properly sanitized by the validatefolder PHP function, possibly due to an incomplete fix for CVE-2005-4558.
CVE-2006-0817 3 Deerfield, Icewarp, Merak 3 Visnetic Mail Server, Web Mail, Mail Server 2026-06-16 5.0 MEDIUM N/A
Absolute path directory traversal vulnerability in (a) MERAK Mail Server for Windows 8.3.8r with before IceWarp Web Mail 5.6.1 and (b) VisNetic MailServer before 8.5.0.5 allows remote attackers to include arbitrary files via a full Windows path and drive letter in the (1) language parameter in accounts/inc/include.php and (2) lang_settings parameter in admin/inc/include.php, which is not properly sanitized by the securepath function, a related issue to CVE-2005-4556.
CVE-2006-0816 1 Orionserver 1 Orion Application Server 2026-06-16 5.0 MEDIUM N/A
Orion Application Server before 2.0.7, when running on Windows, allows remote attackers to obtain the source code of JSP files via (1) . (dot) and (2) space characters in the extension of a URL.
CVE-2006-0815 1 Networkactiv 1 Networkactiv Web Server 2026-06-16 5.0 MEDIUM N/A
NetworkActiv Web Server 3.5.15 allows remote attackers to read script source code via a crafted URL with a "/" (forward slash) after the file extension.
CVE-2006-0814 1 Lighttpd 1 Lighttpd 2026-06-16 5.0 MEDIUM N/A
response.c in Lighttpd 1.4.10 and possibly previous versions, when run on Windows, allows remote attackers to read arbitrary source code via requests that contain trailing (1) "." (dot) and (2) space characters, which are ignored by Windows, as demonstrated by PHP files.
CVE-2006-0812 1 Visnetic 1 Visnetic Antivirus Plug-in For Mail Server 2026-06-16 7.2 HIGH N/A
The VisNetic AntiVirus Plug-in (DKAVUpSch.exe) for Mail Server 4.6.0.4, 4.6.1.1, and possibly other versions before 4.6.1.2, does not drop privileges before executing other programs, which allows local users to gain privileges.
CVE-2006-0811 1 Skate Board 1 Skate Board 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in reguser.php in Skate Board 0.9 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters involved with the registration form.
CVE-2006-0810 1 Skate Board 1 Skate Board 2026-06-16 3.5 LOW N/A
Unspecified vulnerability in config.php in Skate Board 0.9 allows remote authenticated administrators to execute arbitrary PHP code by causing certain variables in config.php to be modified, possibly due to XSS or direct static code injection.
CVE-2006-0809 1 Skate Board 1 Skate Board 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in Skate Board 0.9 allow remote attackers to execute arbitrary SQL commands via the (1) usern parameter in (a) sendpass.php, and the (2) usern and (3) passwd parameters and (4) sf_cookie cookie in (b) login.php and (c) logged.php.
CVE-2006-0808 1 Mute 1 Mute 2026-06-16 6.4 MEDIUM N/A
MUTE 0.4 allows remote attackers to cause a denial of service (messages not forwarded) and obtain sensitive information about a target by filling a client's mWebCache cache with malicious "zombie" nodes.
CVE-2006-0805 1 Francisco Burzi 1 Php-nuke 2026-06-16 7.5 HIGH N/A
The CAPTCHA functionality in php-Nuke 6.0 through 7.9 uses fixed challenge/response pairs that only vary once per day based on the User Agent (HTTP_USER_AGENT), which allows remote attackers to bypass CAPTCHA controls by fixing the User Agent, performing a valid challenge/response, then replaying that pair in the random_num and gfx_check parameters.
CVE-2006-0804 1 Tin 1 Tin 2026-06-16 7.5 HIGH N/A
Off-by-one error in TIN 1.8.0 and earlier might allow attackers to execute arbitrary code via unknown vectors that trigger a buffer overflow.
CVE-2006-0803 2 Novell, Suse 2 Suse Linux, Suse Linux 2026-06-16 5.0 MEDIUM N/A
The signature verification functionality in the YaST Online Update (YOU) script handling relies on a gpg feature that is not intended for signature verification, which prevents YOU from detecting malicious scripts or code that do not pass the signature check when gpg 1.4.x is being used.
CVE-2006-0802 1 Postnuke Software Foundation 1 Postnuke 2026-06-16 2.6 LOW N/A
Cross-site scripting (XSS) vulnerability in the NS-Languages module for PostNuke 0.761 and earlier, when magic_quotes_gpc is enabled, allows remote attackers to inject arbitrary web script or HTML via the language parameter in a missing or translation operation.
CVE-2006-0801 1 Postnuke Software Foundation 1 Postnuke 2026-06-16 5.1 MEDIUM N/A
SQL injection vulnerability in the NS-Languages module for PostNuke 0.761 and earlier, when magic_quotes_gpc is off, allows remote attackers to execute arbitrary SQL commands via the language parameter to admin.php.
CVE-2006-0799 1 Microsoft 1 Internet Explorer 2026-06-16 4.0 MEDIUM N/A
Microsoft Internet Explorer allows remote attackers to spoof a legitimate URL in the status bar and conduct a phishing attack via a web page with an anchor element with a legitimate "href" attribute, a form whose action points to a malicious URL, and an INPUT submit element that is modified to look like a legitimate URL. NOTE: this issue is very similar to CVE-2004-1104, although the manipulations are slightly different.