Total
360521 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-0657 | 1 Softcomplex | 1 Php Event Calendar | 2026-06-16 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Softcomplex PHP Event Calendar 1.5 allows remote authenticated users to inject arbitrary web script or HTML, and corrupt data, via the (1) username and (2) password parameters, which are not sanitized before being written to users.php. NOTE: while this issue was originally reported as XSS, the primary issue might be direct static code injection with resultant XSS. | |||||
| CVE-2006-0656 | 1 Hp | 1 Systems Insight Manager | 2026-06-16 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in HP Systems Insight Manager 4.2 through 5.0 SP3 for Windows allows remote attackers to access arbitrary files via unspecified vectors, a different vulnerability than CVE-2005-2006. | |||||
| CVE-2006-0655 | 1 Hinton Design | 1 Phpht Topsites | 2026-06-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in (1) link_edited.php and (2) link_added.php in Hinton Design phpht Topsites 1.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2006-0654 | 1 Hinton Design | 1 Phpht Topsites | 2026-06-16 | 7.5 HIGH | N/A |
| check.php in Hinton Design phpht Topsites 1.3 does not validate passwords when using cookies, which allows remote attackers to bypass authentication via unspecified cookies. | |||||
| CVE-2006-0653 | 1 Hinton Design | 1 Phpht Topsites | 2026-06-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Hinton Design phpht Topsites 1.3 allow remote attackers to execute arbitrary SQL commands via multiple vectors including the username parameter. | |||||
| CVE-2006-0652 | 1 Whmcompletesolution | 1 Whmcompletesolution | 2026-06-16 | 6.5 MEDIUM | N/A |
| WHMCompleteSolution (WHMCS) before 2.3 assigns incorrect permissions to "resellers", which allows remote authenticated users to perform privileged actions or obtain sensitive information. NOTE: this report is based on a vendor bug report that identified "incorrect permissions." However, the vendor did not label it a security issue, and there was no statement regarding whether or not the permissions were actually more permissive than intended. If in fact the permissions were more restrictive than intended, then this would be a functional problem but not a vulnerability. | |||||
| CVE-2006-0651 | 1 Vwdev | 1 Vwdev | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in vwdev allows remote attackers to execute arbitrary SQL commands via the UID parameter in the definition Page. | |||||
| CVE-2006-0650 | 1 Cpaint | 1 Cpaint | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in cpaint2.inc.php in the CPAINT library before 2.0.3, as used in multiple scripts, allows remote attackers to inject arbitrary web script or HTML via the cpaint_response_type parameter, which is displayed in a resulting error message, as demonstrated using a hex-encoded IFRAME tag. | |||||
| CVE-2006-0649 | 1 Dataparksearch | 1 Dataparksearch | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in DataparkSearch before 4.37 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2006-0648 | 1 Php Icalendar | 1 Php Icalendar | 2026-06-16 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in PHP iCalendar 2.0.1, 2.1, and 2.2 allow remote attackers to include arbitrary files via the (1) getdate and possibly other parameters used in the replace_files function in search.php and (2) $file variable as used in the parse function in functions/template.php. | |||||
| CVE-2006-0647 | 1 Sun | 1 Java System Directory Server | 2026-06-16 | 5.0 MEDIUM | N/A |
| LDAP service in Sun Java System Directory Server 5.2, running on Linux and possibly other platforms, allows remote attackers to cause a denial of service (memory allocation error) via an LDAP packet with a crafted subtree search request, as demonstrated using the ProtoVer LDAP test suite. | |||||
| CVE-2006-0646 | 1 Suse | 1 Suse Linux | 2026-06-16 | 4.4 MEDIUM | N/A |
| ld in SUSE Linux 9.1 through 10.0, and SLES 9, in certain circumstances when linking binaries, can leave an empty RPATH or RUNPATH, which allows local attackers to execute arbitrary code as other users via by running an ld-linked application from the current directory, which could contain an attacker-controlled library file. | |||||
| CVE-2006-0645 | 1 Free Software Foundation Inc. | 1 Libtasn1 | 2026-06-16 | 7.5 HIGH | N/A |
| Tiny ASN.1 Library (libtasn1) before 0.2.18, as used by (1) GnuTLS 1.2.x before 1.2.10 and 1.3.x before 1.3.4, and (2) GNU Shishi, allows attackers to crash the DER decoder and possibly execute arbitrary code via "out-of-bounds access" caused by invalid input, as demonstrated by the ProtoVer SSL test suite. | |||||
| CVE-2006-0644 | 1 Cpg-nuke | 1 Dragonfly Cms | 2026-06-16 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in install.php in CPG-Nuke Dragonfly CMS (aka CPG Dragonfly CMS) 9.0.6.1 allow remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in (1) the newlang parameter and (2) the installlang parameter in a cookie, as demonstrated by using error.php to insert malicious code into a log file, or uploading a malicious .png file, which is then included using install.php. | |||||
| CVE-2006-0643 | 1 Wiredred | 1 E Pop Web Conferencing | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WiredRed e/pop Web Conferencing 4.1.0.755 allows remote authenticated users to inject arbitrary web script or HTML via the topic name of a conference. | |||||
| CVE-2006-0642 | 1 Trend Micro | 3 Interscan Messaging Security Suite, Interscan Web Security Suite, Serverprotect | 2026-06-16 | 5.1 MEDIUM | N/A |
| Trend Micro ServerProtect 5.58, and possibly InterScan Messaging Security Suite and InterScan Web Security Suite, have a default configuration setting of "Do not scan compressed files when Extracted file count exceeds 500 files," which may be too low in certain circumstances, which allows remote attackers to bypass anti-virus checks by sending compressed archives containing many small files. NOTE: since this is related to a configuration setting that has an operational impact that might vary depending on the environment, and the product is claimed to report a message when the compressed file exceeds specified limits, perhaps this should not be included in CVE. | |||||
| CVE-2006-0641 | 1 Orbicule | 1 Undercover | 2026-06-16 | 2.6 LOW | N/A |
| Orbicule Undercover uses a third-party web server to determine the IP address through which the computer is accessing the Internet, but does not document this third-party disclosure, which leads to a potential privacy leak that might allow transmission of sensitive information to an unintended remote destination. | |||||
| CVE-2006-0640 | 1 Orbicule | 1 Undercover | 2026-06-16 | 2.1 LOW | N/A |
| Orbicule Undercover allows attackers with physical or root access to disable the protection by using the chmod command to change the permissions of the /private/etc/uc.app/Contents/MacOS/uc file, which prevents the service from being started in LaunchDaemon. | |||||
| CVE-2006-0639 | 1 Mybulletinboard | 1 Mybulletinboard | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in MyBB (aka MyBulletinBoard) 1.0.2 allows remote attackers with knowledge of the table prefix to inject arbitrary web script or HTML via a URL encoded value of the keywords parameter, as demonstrated by %3Cscript%3E. | |||||
| CVE-2006-0638 | 1 Mybulletinboard | 1 Mybulletinboard | 2026-06-16 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in moderation.php in MyBB (aka MyBulletinBoard) 1.0.3 allows remote authenticated users, with certain privileges for moderating and merging posts, to execute arbitrary SQL commands via the posts parameter. | |||||