Total
359863 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1565 | 1 Debian | 1 Debian Linux | 2026-06-16 | 4.6 MEDIUM | N/A |
| Untrusted search path vulnerability in libgpib-perl 3.2.06-2 in Debian GNU/Linux includes an RPATH value under the /tmp/buildd directory for the LinuxGpib.so module, which might allow local users to gain privileges by installing malicious libraries in that directory. | |||||
| CVE-2006-1564 | 1 Debian | 1 Debian Linux | 2026-06-16 | 4.6 MEDIUM | N/A |
| Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory. | |||||
| CVE-2006-1563 | 1 Vscripts | 1 Vbook | 2026-06-16 | 7.6 HIGH | N/A |
| Direct static code injection vulnerability in config.php in vscripts (aka Kuba Kunkiewicz) [V]Book (aka VBook) 2.0 allows remote administrators to execute arbitrary PHP code into the config file, which is included other [V]Book scripts. | |||||
| CVE-2006-1562 | 1 Vscripts | 1 Vbook | 2026-06-16 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in vscripts (aka Kuba Kunkiewicz) [V]Book (aka VBook) 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) autor, (2) www, (3) temat, and (4) tresc parameters. | |||||
| CVE-2006-1561 | 1 Vscripts | 1 Vbook | 2026-06-16 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in index.php in vscripts (aka Kuba Kunkiewicz) [V]Book (aka VBook) 2.0 allows remote attackers to execute arbitrary SQL commands via the x parameter. | |||||
| CVE-2006-1560 | 1 Skintech | 1 Phpnewsmanager | 2026-06-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in SkinTech phpNewsManager 1.48 allow remote attackers to execute arbitrary SQL commands via unspecified parameters, possibly (1) id and (2) topicid, in (a) browse.php, (b) category.php, (c) gallery.php, (d) poll.php, and (e) possibly other unspecified scripts. NOTE: portions of the description details are obtained from third party information. | |||||
| CVE-2006-1559 | 1 Php | 1 Php Script Index | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in PHP Script Index allows remote attackers to execute arbitrary SQL commands via the search parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-1558 | 1 Php | 1 Php Script Index | 2026-06-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in PHP Script Index allows remote attackers to inject arbitrary web script or HTML via the search parameter. | |||||
| CVE-2006-1557 | 1 Skintech | 1 X-changer | 2026-06-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in X-Changer 0.2 allow remote attackers to execute arbitrary SQL commands via the (1) from and (2) into parameters in a calculate action, and the (3) id parameter in an edit action to index.php. | |||||
| CVE-2006-1556 | 1 Al-caricatier | 1 Al-caricatier | 2026-06-16 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in view_caricatier.php in AL-Caricatier 2.5 allow remote attackers to inject arbitrary web script or HTML via the (1) CatName, (2) CaricatierID, or (3) CatID parameter. | |||||
| CVE-2006-1555 | 1 Tachyon | 1 Vsns Lemon | 2026-06-16 | 7.5 HIGH | N/A |
| VSNS Lemon 3.2.0 allows remote attackers to bypass authentication and access password-protected articles by setting the vsns[topic_id] cookie to the targeted topic. | |||||
| CVE-2006-1554 | 1 Tachyon | 1 Vsns Lemon | 2026-06-16 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in VSNS Lemon 3.2.0 allows remote attackers to inject arbitrary web script or HTML via the name parameter while adding a comment. | |||||
| CVE-2006-1553 | 1 Tachyon | 1 Vsns Lemon | 2026-06-16 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in functions/final_functions.php in VSNS Lemon 3.2.0, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-1552 | 1 Apple | 4 Imageio, Mac Os X, Mac Os X Server and 1 more | 2026-06-16 | 5.0 MEDIUM | N/A |
| Integer overflow in ImageIO in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to cause a denial of service (crash) via a crafted JPEG image with malformed JPEG metadata, as demonstrated using Safari, aka "Deja-Doom". | |||||
| CVE-2006-1551 | 1 Georges Auberger | 1 Pajax | 2026-06-16 | 7.5 HIGH | N/A |
| Eval injection vulnerability in pajax_call_dispatcher.php in PAJAX 0.5.1 and earlier allows remote attackers to execute arbitrary code via the (1) $method and (2) $args parameters. | |||||
| CVE-2006-1550 | 1 Dia | 1 Dia | 2026-06-16 | 7.6 HIGH | N/A |
| Multiple buffer overflows in the xfig import code (xfig-import.c) in Dia 0.87 and later before 0.95-pre6 allow user-assisted attackers to have an unknown impact via a crafted xfig file, possibly involving an invalid (1) color index, (2) number of points, or (3) depth. | |||||
| CVE-2006-1549 | 1 Php | 1 Php | 2026-06-16 | 2.1 LOW | N/A |
| PHP 4.4.2 and 5.1.2 allows local users to cause a crash (segmentation fault) by defining and executing a recursive function. NOTE: it has been reported by a reliable third party that some later versions are also affected. | |||||
| CVE-2006-1548 | 1 Apache | 1 Struts | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message. | |||||
| CVE-2006-1547 | 1 Apache | 2 Commons Beanutils, Struts | 2026-06-16 | 7.8 HIGH | 7.5 HIGH |
| ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils. | |||||
| CVE-2006-1546 | 1 Apache | 1 Struts | 2026-06-16 | 7.5 HIGH | N/A |
| Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check. | |||||