Total
29928 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-0798 | 1 Macallan | 1 Mail Solution | 2026-06-16 | 5.5 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in the IMAP service in Macallan Mail Solution before 4.8.05.004 allow remote authenticated users to read e-mails of other users or create, modify, or delete directories via a .. (dot dot) in the argument to the (1) CREATE, (2) SELECT, (3) DELETE, or (4) RENAME commands. | |||||
| CVE-2006-0797 | 1 Nokia | 1 N70 | 2026-06-16 | 7.8 HIGH | N/A |
| Nokia N70 cell phone allows remote attackers to cause a denial of service (reboot or shutdown) through a wireless Bluetooth connection via a malformed Logical Link Control and Adaptation Protocol (L2CAP) packet whose length field is less than the actual length of the packet, possibly triggering a buffer overflow, as demonstrated using the Bluetooth Stack Smasher (BSS). | |||||
| CVE-2006-0796 | 1 Clever Copy | 1 Clever Copy | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in default.php in Clever Copy 3.0 allows remote attackers to inject arbitrary web script or HTML via the Subject field when sending private messages (privatemessages.php). NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-0794 | 1 V-webmail | 1 V-webmail | 2026-06-16 | 5.0 MEDIUM | N/A |
| help.php in V-webmail 1.6.2 allows remote attackers to obtain the installation path via unspecified invalid parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-0793 | 1 V-webmail | 1 V-webmail | 2026-06-16 | 5.0 MEDIUM | N/A |
| frameset.php in V-webmail 1.6.2 allows remote attackers to conduct phishing attacks by referencing arbitrary websites in the rframe parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-0792 | 1 V-webmail | 1 V-webmail | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in preferences.personal.php in V-webmail 1.6.2 allows remote attackers to inject arbitrary web script or HTML via the newid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-0791 | 1 Dreamcost | 1 Hostadmin | 2026-06-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in DreamCost HostAdmin allows remote attackers to include arbitrary files via the $path variable, which is not initialized before use. | |||||
| CVE-2006-0790 | 1 Rockliffe | 1 Mailsite | 2026-06-16 | 5.0 MEDIUM | N/A |
| Rockliffe MailSite 7.0 and earlier allows remote attackers to cause a denial of service by sending crafted LDAP packets to port 389/TCP, as demonstrated by the ProtoVer LDAP testsuite. | |||||
| CVE-2006-0789 | 1 Kyocera | 1 Fs-3830n | 2026-06-16 | 10.0 HIGH | N/A |
| Certain unspecified Kyocera printers have a default "admin" account with a blank password, which allows remote attackers to access an administrative menu via a telnet session. | |||||
| CVE-2006-0788 | 1 Kyocera | 1 Fs-3830n | 2026-06-16 | 5.0 MEDIUM | N/A |
| Kyocera 3830 (aka FS-3830N) printers have a back door that allows remote attackers to read and alter configuration settings via strings that begin with "!R!SIOP0", as demonstrated using (1) a connection to to TCP port 9100 or (2) the UNIX lp command. | |||||
| CVE-2006-0787 | 1 Plaino | 1 Wimpy Mp3 | 2026-06-16 | 4.0 MEDIUM | N/A |
| wimpy_trackplays.php in Plaino Wimpy MP3 Player, possibly 5.2 and earlier, allows remote attackers to insert arbitrary strings into trackme.txt via the (1) trackFile, (2) trackArtist, and (3) trackTitle parameters, which can result in providing false information about songs, occupying excessive disk space with very long parameter values, and storing executable code that might be invoked through a different vulnerability. NOTE: since this issue, as described by the original researcher, is entirely dependent on the presence of another vulnerability, it could be argued that Wimpy cannot be responsible for how its data file is processed by applications outside of its control. Since this issue might only be useful as a facilitator manipulation in another vulnerability, perhaps it should not be included in CVE. | |||||
| CVE-2006-0786 | 1 Phpkit | 1 Phpkit | 2026-06-16 | 5.1 MEDIUM | N/A |
| Incomplete blacklist vulnerability in include.php in PHPKIT 1.6.1 Release 2 and earlier, with allow_url_fopen enabled, allows remote attackers to conduct PHP remote file include attacks via a path parameter that specifies a (1) UNC share or (2) ftps URL, which bypasses the check for "http://", "ftp://", and "https://" URLs. | |||||
| CVE-2006-0785 | 1 Phpkit | 1 Phpkit | 2026-06-16 | 6.4 MEDIUM | N/A |
| Absolute path traversal vulnerability in include.php in PHPKIT 1.6.1 Release 2 and earlier allows remote attackers to include and execute arbitrary local files via a direct request with a path parameter with a null character and beginning with (1) '/' (slash) for an absolute pathname or (2) a drive letter (such as "C:"), which bypasses checks for ".." sequences and trailing ".php" extensions. | |||||
| CVE-2006-0784 | 1 D-link | 1 Dwl-g700ap | 2026-06-16 | 5.0 MEDIUM | N/A |
| D-Link DWL-G700AP with firmware 2.00 and 2.01 allows remote attackers to cause a denial of service (CAMEO HTTP service crash) via a request composed of "GET" followed by a space and two newlines, possibly triggering the crash due to missing arguments. | |||||
| CVE-2006-0783 | 1 Siteframe | 1 Siteframe Beaumont | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in page.php in in Siteframe Beaumont, possibly 5.0.2 or 5.0.1a, allows remote attackers to inject arbitrary web script or HTML via the comment_text parameter to the user comment page (/edit/Comment). | |||||
| CVE-2006-0782 | 1 Perlblog | 1 Perlblog | 2026-06-16 | 7.5 HIGH | N/A |
| Unspecified vulnerability in weblog.pl in PerlBlog 1.09b and earlier allows remote attackers to create arbitrary files and possibly execute arbitrary code via unspecified attack vectors related to improper handling of (1) the reply parameter, possibly involving injection of (2) the name parameter and (3) the body parameter. | |||||
| CVE-2006-0781 | 1 Perlblog | 1 Perlblog | 2026-06-16 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in weblog.pl in PerlBlog 1.09b and earlier allows remote attackers to read certain files via the month parameter. | |||||
| CVE-2006-0780 | 1 Perlblog | 1 Perlblog | 2026-06-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in weblog.pl in PerlBlog 1.09b and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) email parameters. | |||||
| CVE-2006-0778 | 1 Xmb Forum | 1 Xmb | 2026-06-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in XMB Forums 1.9.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) $u2u_select array parameter to u2u.inc.php and (2) $val variable (fidpw0 cookie value) in today.php. | |||||
| CVE-2006-0777 | 1 Teca Scripts | 1 Guestex | 2026-06-16 | 7.5 HIGH | N/A |
| Unspecified vulnerability in guestex.pl in Teca Scripts Guestex 1.0 allows remote attackers to execute arbitrary shell commands via the email parameter, possibly involving shell metacharacters. | |||||
