Total
360670 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-0787 | 1 Plaino | 1 Wimpy Mp3 | 2026-06-16 | 4.0 MEDIUM | N/A |
| wimpy_trackplays.php in Plaino Wimpy MP3 Player, possibly 5.2 and earlier, allows remote attackers to insert arbitrary strings into trackme.txt via the (1) trackFile, (2) trackArtist, and (3) trackTitle parameters, which can result in providing false information about songs, occupying excessive disk space with very long parameter values, and storing executable code that might be invoked through a different vulnerability. NOTE: since this issue, as described by the original researcher, is entirely dependent on the presence of another vulnerability, it could be argued that Wimpy cannot be responsible for how its data file is processed by applications outside of its control. Since this issue might only be useful as a facilitator manipulation in another vulnerability, perhaps it should not be included in CVE. | |||||
| CVE-2006-0786 | 1 Phpkit | 1 Phpkit | 2026-06-16 | 5.1 MEDIUM | N/A |
| Incomplete blacklist vulnerability in include.php in PHPKIT 1.6.1 Release 2 and earlier, with allow_url_fopen enabled, allows remote attackers to conduct PHP remote file include attacks via a path parameter that specifies a (1) UNC share or (2) ftps URL, which bypasses the check for "http://", "ftp://", and "https://" URLs. | |||||
| CVE-2006-0785 | 1 Phpkit | 1 Phpkit | 2026-06-16 | 6.4 MEDIUM | N/A |
| Absolute path traversal vulnerability in include.php in PHPKIT 1.6.1 Release 2 and earlier allows remote attackers to include and execute arbitrary local files via a direct request with a path parameter with a null character and beginning with (1) '/' (slash) for an absolute pathname or (2) a drive letter (such as "C:"), which bypasses checks for ".." sequences and trailing ".php" extensions. | |||||
| CVE-2006-0784 | 1 D-link | 1 Dwl-g700ap | 2026-06-16 | 5.0 MEDIUM | N/A |
| D-Link DWL-G700AP with firmware 2.00 and 2.01 allows remote attackers to cause a denial of service (CAMEO HTTP service crash) via a request composed of "GET" followed by a space and two newlines, possibly triggering the crash due to missing arguments. | |||||
| CVE-2006-0783 | 1 Siteframe | 1 Siteframe Beaumont | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in page.php in in Siteframe Beaumont, possibly 5.0.2 or 5.0.1a, allows remote attackers to inject arbitrary web script or HTML via the comment_text parameter to the user comment page (/edit/Comment). | |||||
| CVE-2006-0782 | 1 Perlblog | 1 Perlblog | 2026-06-16 | 7.5 HIGH | N/A |
| Unspecified vulnerability in weblog.pl in PerlBlog 1.09b and earlier allows remote attackers to create arbitrary files and possibly execute arbitrary code via unspecified attack vectors related to improper handling of (1) the reply parameter, possibly involving injection of (2) the name parameter and (3) the body parameter. | |||||
| CVE-2006-0781 | 1 Perlblog | 1 Perlblog | 2026-06-16 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in weblog.pl in PerlBlog 1.09b and earlier allows remote attackers to read certain files via the month parameter. | |||||
| CVE-2006-0780 | 1 Perlblog | 1 Perlblog | 2026-06-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in weblog.pl in PerlBlog 1.09b and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) email parameters. | |||||
| CVE-2006-0779 | 1 Xmb Forum | 1 Xmb | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in u2u.php in XMB Forums 1.9.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter, as demonstrated using a URL-encoded iframe tag. | |||||
| CVE-2006-0778 | 1 Xmb Forum | 1 Xmb | 2026-06-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in XMB Forums 1.9.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) $u2u_select array parameter to u2u.inc.php and (2) $val variable (fidpw0 cookie value) in today.php. | |||||
| CVE-2006-0777 | 1 Teca Scripts | 1 Guestex | 2026-06-16 | 7.5 HIGH | N/A |
| Unspecified vulnerability in guestex.pl in Teca Scripts Guestex 1.0 allows remote attackers to execute arbitrary shell commands via the email parameter, possibly involving shell metacharacters. | |||||
| CVE-2006-0776 | 1 Teca Scripts | 1 Guestex | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in guestex.pl in Teca Scripts Guestex 1.0 allows remote attackers to inject arbitrary web script or HTML via the url parameter. | |||||
| CVE-2006-0775 | 1 Ridder Roeland | 1 Birthsys | 2026-06-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in show.php in BirthSys 3.1 allow remote attackers to execute arbitrary SQL commands via the $month variable. NOTE: a vector regarding the $date parameter and data.php (date.php) was originally reported, but this appears to be in error. | |||||
| CVE-2006-0774 | 1 Lawrence Osiris | 1 Db Esession | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in deleteSession() in DB_eSession library 1.0.2 and earlier, as used in multiple products, allows remote attackers to execute arbitrary SQL commands via the $_sess_id_set variable, which is usually derived from PHPSESSID. | |||||
| CVE-2006-0773 | 1 Hitachi | 1 Business Logic | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Hitachi Business Logic - Container 02-03 through 03-00-/B on Windows, and 03-00 through 03-00-/B on Linux, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the extended receiving box function. | |||||
| CVE-2006-0772 | 1 Hitachi | 1 Business Logic | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Hitachi Business Logic - Container 02-03 through 03-00-/B on Windows, and 03-00 through 03-00-/B on Linux, allows remote attackers to execute arbitrary SQL commands via unspecified vectors in the extended receiving box function. | |||||
| CVE-2006-0771 | 1 Even Balance | 1 Punkbuster | 2026-06-16 | 6.4 MEDIUM | N/A |
| Format string vulnerability in PunkBuster 1.180 and earlier, as used by Soldier of Fortune II and possibly other games, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via format string specifiers in invalid cvar values, which are not properly handled when the server kicks the player and records the reason. | |||||
| CVE-2006-0770 | 1 Mybulletinboard | 1 Mybulletinboard | 2026-06-16 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in calendar.php in MyBulletinBoard (MyBB) 1.0.4 allows remote attackers to inject arbitrary web script or HTML via a URL that is not sanitized before being returned as a link in "advanced details". NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-0769 | 1 Sun | 1 Solaris | 2026-06-16 | 7.2 HIGH | N/A |
| Unspecified vulnerability in in.rexecd in Solaris 10 allows local users to gain privileges on Kerberos systems via unknown attack vectors. | |||||
| CVE-2006-0768 | 1 Kadu | 1 Kadu | 2026-06-16 | 5.0 MEDIUM | N/A |
| Kadu 0.4.3 allows remote attackers to cause a denial of service (application crash) via a large number of image send requests. | |||||