Total
360109 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-0335 | 1 Kerio | 1 Winroute Firewall | 2026-06-16 | 5.0 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Kerio WinRoute Firewall before 6.1.4 Patch 1 allow remote attackers to cause a denial of service via multiple unspecified vectors involving (1) long strings received from Active Directory and (2) the filtering of HTML. | |||||
| CVE-2006-0334 | 1 Freekrai.net | 1 My Amazon Store Manager | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in My Amazon Store Manager 1.0 allows remote attackers to inject arbitrary web script or HTML via the Keywords parameter. NOTE: some sources claim that the affected parameter is "q", but the only public archive of the original researcher notification shows an XSS manipulation in "Keywords". | |||||
| CVE-2006-0333 | 1 Ar-blog | 1 Ar-blog | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ar-blog 5.2 allows remote attackers to inject arbitrary web script or HTML via the (1) month or (2) year parameter to index.php. | |||||
| CVE-2006-0332 | 1 Ecartis | 1 Ecartis | 2026-06-16 | 6.4 MEDIUM | N/A |
| Pantomime in Ecartis 1.0.0 snapshot 20050909 stores e-mail attachments in a publicly accessible directory, which may allow remote attackers to upload arbitrary files. | |||||
| CVE-2006-0331 | 1 Thiago Melo De Paula | 1 Change Passwd | 2026-06-16 | 4.6 MEDIUM | N/A |
| Buffer overflow in Change passwd 3.1 (chpasswd) SquirrelMail plugin allows local users to execute arbitrary code via long command line arguments. | |||||
| CVE-2006-0330 | 1 Gallery Project | 1 Gallery | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Gallery before 1.5.2 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving the user name (fullname). | |||||
| CVE-2006-0329 | 1 Hitachi | 1 Hitsenser Data Mart Server | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in HITSENSER Data Mart Server BS, BS-S, BS-M, BS-L, and EX allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. | |||||
| CVE-2006-0328 | 1 Philippe Jounin | 1 Tftpd32 | 2026-06-16 | 5.0 MEDIUM | N/A |
| Format string vulnerability in Tftpd32 2.81 allows remote attackers to cause a denial of service via format string specifiers in a filename in a (1) GET or (2) SEND request. | |||||
| CVE-2006-0327 | 1 Typo3 | 1 Typo3 | 2026-06-16 | 5.0 MEDIUM | N/A |
| TYPO3 3.7.1 allows remote attackers to obtain sensitive information via a direct request to (1) thumbs.php, (2) showpic.php, or (3) tables.php, which causes them to incorrectly define a variable and reveal the path in an error message when a require function call fails. | |||||
| CVE-2006-0325 | 1 Etomite | 1 Etomite | 2026-06-16 | 7.5 HIGH | N/A |
| Etomite Content Management System 0.6, and possibly earlier versions, when downloaded from the web site in January 2006 after January 10, contains a back door in manager/includes/todo.inc.php, which allows remote attackers to execute arbitrary commands via the "cij" parameter. | |||||
| CVE-2006-0324 | 1 Webspot | 1 Webspotblogging | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in WebspotBlogging 3.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username parameter to login.php. | |||||
| CVE-2006-0323 | 1 Realnetworks | 4 Helix Player, Realone Player, Realplayer and 1 more | 2026-06-16 | 9.3 HIGH | N/A |
| Buffer overflow in swfformat.dll in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, Rhapsody 3, and Helix Player allows remote attackers to execute arbitrary code via a crafted SWF (Flash) file with (1) a size value that is less than the actual size, or (2) other unspecified manipulations. | |||||
| CVE-2006-0322 | 1 Mediawiki | 1 Mediawiki | 2026-06-16 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability the edit comment formatting functionality in MediaWiki 1.5.x before 1.5.6 and 1.4.x before 1.4.14 allows attackers to cause a denial of service (infinite loop) via "certain malformed links." | |||||
| CVE-2006-0321 | 1 Fetchmail | 1 Fetchmail | 2026-06-16 | 5.0 MEDIUM | N/A |
| fetchmail 6.3.0 and other versions before 6.3.2 allows remote attackers to cause a denial of service (crash) via crafted e-mail messages that cause a free of an invalid pointer when fetchmail bounces the message to the originator or local postmaster. | |||||
| CVE-2006-0320 | 1 Bit 5 Blog | 1 Bit 5 Blog | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/processlogin.php in Bit 5 Blog 8.01 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username and (2) password parameter. | |||||
| CVE-2006-0319 | 1 Farmers Wife | 1 Farmers Wife | 2026-06-16 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the FTP server (port 22003/tcp) in Farmers WIFE 4.4 SP1 allows remote attackers to create arbitrary files via ".." (dot dot) sequences in a (1) PUT, (2) SIZE, and possibly other commands. | |||||
| CVE-2006-0318 | 1 Insane Visions | 1 Blogphp | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in BlogPHP 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username parameter in a login action. | |||||
| CVE-2006-0317 | 1 Redkernel | 1 Referrer Tracker | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in rkrt_stats.php in RedKernel Referrer Tracker 1.1.0-3 allows remote attackers to inject arbitrary web script or HTML via a query string value as a GET, which is stored in the $QUERY_STRING variable. NOTE: the provenance of this information is unknown; portions of the details are obtained from third party information. | |||||
| CVE-2006-0316 | 1 Aol | 1 Aol Client Software | 2026-06-16 | 10.0 HIGH | N/A |
| Buffer overflow in YGPPicFinder.DLL in AOL You've Got Pictures (YGP) Picture Finder Tool ActiveX Control, as used in AOL 8.0, 8.0 Plus, and 9.0 Classic, allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2006-0315 | 1 Indexcor | 1 Ezdatabase | 2026-06-16 | 5.8 MEDIUM | N/A |
| index.php in EZDatabase before 2.1.2 does not properly cleanse the p parameter before constructing and including a .php filename, which allows remote attackers to conduct directory traversal attacks, and produces resultant cross-site scripting (XSS) and path disclosure. | |||||