Total
359900 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1666 | 1 Arab Portal | 1 Arab Portal | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in forum.php in Arab Portal 2.0.1 stable allows remote attackers to execute arbitrary SQL commands via the mineID parameter. | |||||
| CVE-2006-1665 | 1 Arab Portal | 1 Arab Portal | 2026-06-16 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Arab Portal 2.0.1 stable allow remote attackers to inject arbitrary web script or HTML via the (1) adminJump and (2) forum_middle parameters in (a) forum.php, and the (3) form parameter in (b) members.php, (c) pm.php, and (d) mail.php. | |||||
| CVE-2006-1664 | 1 Xine | 1 Xine-lib | 2026-06-16 | 7.5 HIGH | N/A |
| Buffer overflow in xine_list_delete_current in libxine 1.14 and earlier, as distributed in xine-lib 1.1.1 and earlier, allows remote attackers to execute arbitrary code via a crafted MPEG stream. | |||||
| CVE-2006-1662 | 1 Limbo Cms | 1 Limbo Cms | 2026-06-16 | 7.5 HIGH | N/A |
| The frontpage option in Limbo CMS 1.0.4.2 and 1.0.4.1 allows remote attackers to execute arbitrary PHP commands via the Itemid parameter in index.php. | |||||
| CVE-2006-1661 | 1 Sk Soft | 1 Skforum | 2026-06-16 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SKForum 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) areaID parameter in area.View.action, (2) time parameter in planning.View.action, and (3) userID parameter in user.View.action. | |||||
| CVE-2006-1660 | 1 Softbizscripts | 1 Image Gallery Script | 2026-06-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in image_desc.php in Softbiz Image Gallery allows remote attackers to inject arbitrary web script or HTML via msg parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-1659 | 1 Softbizscripts | 1 Image Gallery Script | 2026-06-16 | 6.4 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Softbiz Image Gallery allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in image_desc.php, (2) provided parameter in template.php, (3) cid parameter in suggest_image.php, (4) img_id parameter in insert_rating.php, and (5) cid parameter in images.php. | |||||
| CVE-2006-1658 | 1 Chucky A. Ivey | 1 N.t. | 2026-06-16 | 7.5 HIGH | N/A |
| Direct static code injection vulnerability in ticker.db.php in Chucky A. Ivey N.T. 1.1.0 allows remote administrators to insert arbitrary PHP code into the config file, which is included other N.T. scripts. | |||||
| CVE-2006-1657 | 1 Chucky A. Ivey | 1 N.t. | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Chucky A. Ivey N.T. 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the username parameter, which is not filtered when the administrator views the "Login Log" page. | |||||
| CVE-2006-1656 | 1 Vserver | 1 Util-vserver | 2026-06-16 | 7.2 HIGH | N/A |
| vserver in util-vserver 0.30.209 executes a command as root when the suexec userid parameter is invalid and non-numeric, which might cause local users to inadvertently execute dangerous commands as root. | |||||
| CVE-2006-1655 | 1 Mpg123 | 1 Mpg123 | 2026-06-16 | 6.5 MEDIUM | N/A |
| Multiple buffer overflows in mpg123 0.59r allow user-assisted attackers to trigger a segmentation fault and possibly have other impacts via a certain MP3 file, as demonstrated by mpg1DoS3. NOTE: this issue might be related to CVE-2004-0991, but it is not clear. | |||||
| CVE-2006-1654 | 1 Hp | 9 Color Laserjet, Color Laserjet 2500, Color Laserjet 2500 Toolbox and 6 more | 2026-06-16 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the HP Color LaserJet 2500 Toolbox and Color LaserJet 4600 Toolbox on Microsoft Windows before 20060402 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request to TCP port 5225. | |||||
| CVE-2006-1653 | 1 Angelinecms | 1 Angelinecms | 2026-06-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in loadkernel.php in AngelineCMS 0.8.1 allows remote attackers to execute arbitrary PHP code via a URL in the installPath parameter. | |||||
| CVE-2006-1652 | 1 Ultravnc | 2 Tabbed Viewer, Vnc Viewer | 2026-06-16 | 9.0 HIGH | N/A |
| Multiple buffer overflows in (a) UltraVNC (aka Ultr@VNC) 1.0.1 and earlier and (b) tabbed_viewer 1.29 (1) allow user-assisted remote attackers to execute arbitrary code via a malicious server that sends a long string to a client that connects on TCP port 5900, which triggers an overflow in Log::ReallyPrint; and (2) allow remote attackers to cause a denial of service (server crash) via a long HTTP GET request to TCP port 5800, which triggers an overflow in VNCLog::ReallyPrint. | |||||
| CVE-2006-1651 | 1 Microsoft | 1 Isa Server | 2026-06-16 | 7.5 HIGH | N/A |
| Microsoft ISA Server 2004 allows remote attackers to bypass certain filtering rules, including ones for (1) ICMP and (2) TCP, via IPv6 packets. NOTE: An established researcher has disputed this issue, saying that "Neither ISA Server 2004 nor Windows 2003 Basic Firewall support IPv6 filtering ... This is different network protocol. | |||||
| CVE-2006-1650 | 1 Mozilla | 1 Firefox | 2026-06-16 | 5.0 MEDIUM | N/A |
| Firefox 1.5.0.1 allows remote attackers to spoof the address bar and possibly conduct phishing attacks by re-opening the window to a malicious Shockwave Flash application, then changing the window location back to a trusted URL while the Flash application is still loading. NOTE: a followup was unable to replicate this issue. | |||||
| CVE-2006-1649 | 1 Eset Software | 1 Nod32 Antivirus | 2026-06-16 | 7.2 HIGH | N/A |
| The "restore to" selection in the "quarantine a file" capability of ESET NOD32 before 2.51.26 allows a restore to any directory that permits read access by the invoking user, which allows local users to create new files despite write-access directory permissions. | |||||
| CVE-2006-1648 | 1 Smart Technologies | 1 Synchroneyes | 2026-06-16 | 5.0 MEDIUM | N/A |
| SMART SynchronEyes Student and Teacher 6.0, and possibly earlier versions, allows remote attackers to cause a denial of service (memory consumption) via a certain packet to the Teacher discovery port that causes SynchronEyes to connect to the attacker's machine and read a value that is used as a parameter to malloc. | |||||
| CVE-2006-1647 | 1 Smart Technologies | 1 Synchroneyes | 2026-06-16 | 7.8 HIGH | N/A |
| An unspecified "logical programming mistake" in SMART SynchronEyes Student and Teacher 6.0, and possibly earlier versions, allows remote attackers to cause a denial of service via a large packet to the Teacher discovery port (UDP port 5496), which causes a thread to terminate and prevents communications on that port. | |||||
| CVE-2006-1646 | 1 Internet Key Exchange | 1 Internet Key Exchange | 2026-06-16 | 5.0 MEDIUM | N/A |
| The Internet Key Exchange version 1 (IKEv1) implementation (isakmp_agg.c) in the Shoichi Sakane KAME Project racoon, as used by NetBSD 1.6, 2.x before 20060119, certain FreeBSD releases, and possibly other distributions of BSD or Linux operating systems, when running in aggressive mode, allows remote attackers to cause a denial of service (daemon crash) via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. | |||||