Total
361530 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1115 | 1 Ncipher | 3 Chil, Mscapi Csp, Ncipher Software Cd | 2026-06-16 | 2.6 LOW | N/A |
| nCipher HSM before 2.22.6, when generating a Diffie-Hellman public/private key pair without any specified DiscreteLogGroup parameters, chooses random parameters that could allow an attacker to crack the private key in significantly less time than a brute force attack. | |||||
| CVE-2006-1114 | 1 Gerrit Van Aaken | 1 Loudblog | 2026-06-16 | 6.4 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Loudblog before 0.42 allow remote attackers to read or include arbitrary files via a .. (dot dot) and trailing %00 (NULL) byte in the (1) template and (2) page parameters in (a) index.php, and the (3) language parameter in (b) inc/backend_settings.php. | |||||
| CVE-2006-1113 | 1 Gerrit Van Aaken | 1 Loudblog | 2026-06-16 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in podcast.php in Loudblog before 0.42 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-1112 | 1 Aztek Forum | 1 Aztek Forum | 2026-06-16 | 5.0 MEDIUM | N/A |
| Aztek Forum 4.0 allows remote attackers to obtain sensitive information via a long login value in a register form, which displays the installation path in a MySQL error message. | |||||
| CVE-2006-1111 | 1 Aztek Forum | 1 Aztek Forum | 2026-06-16 | 7.5 HIGH | N/A |
| Aztek Forum 4.0 allows remote attackers to obtain sensitive information via a "*/*" in the msg parameter to index.php, which reveals usernames and passwords in a MySQL error message, possibly due to a forced SQL error or SQL injection. | |||||
| CVE-2006-1110 | 1 Aztek Forum | 1 Aztek Forum | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Aztek Forum 4.0 allows remote attackers to inject arbitrary web script or HTML via the message body in a new message. | |||||
| CVE-2006-1109 | 1 Totalecommerce | 1 Totalecommerce | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.asp in Total Ecommerce 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: it is not clear whether this report is associated with a specific product. If not, then it should not be included in CVE. | |||||
| CVE-2006-1108 | 1 Nmdeluxe | 1 Nmdeluxe | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in news.php in NMDeluxe before 1.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-1107 | 1 Nmdeluxe | 1 Nmdeluxe | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in news.php in NMDeluxe before 1.0.1 allows remote attackers to inject arbitrary web script or HTML via the nick parameter. | |||||
| CVE-2006-1106 | 1 Pixelpost | 1 Pixelpost | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Pixelpost 1.5 beta 1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) message, (2) name, (3) url, and (4) email parameters when commenting on a post. NOTE: the vendor has disputed some issues from the original disclosure, but due to the vagueness of the dispute, it is not clear whether the vendor is disputing this particular issue. | |||||
| CVE-2006-1105 | 1 Pixelpost | 1 Pixelpost | 2026-06-16 | 5.0 MEDIUM | N/A |
| Pixelpost 1.5 beta 1 and earlier allows remote attackers to obtain configuration information via a direct request to includes/phpinfo.php, which calls the phpinfo function. NOTE: the vendor has disputed some issues from the original disclosure, but due to the vagueness of the dispute, it is not clear whether the vendor is disputing this particular issue. | |||||
| CVE-2006-1104 | 1 Pixelpost | 1 Pixelpost | 2026-06-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Pixelpost 1.5 beta 1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the showimage parameter in index.php; and the (2) USER_AGENT, (3) HTTP_REFERER, and (4) HTTP_HOST HTTP header fields as used in the book_vistor function in includes/functions.php. NOTE: the vendor has disputed some issues from the original disclosure, but due to the vagueness of the dispute, it is not clear whether the vendor is disputing this particular issue. | |||||
| CVE-2006-1103 | 1 Sauerbraten | 2 Cube, Sauerbraten | 2026-06-16 | 5.0 MEDIUM | N/A |
| engine/server.cpp in Sauerbraten 2006_02_28, as derived from the Cube engine, allows remote attackers to cause a denial of service (segmentation fault) via a client that does not completely join the game and times out, which results in a null pointer dereference. | |||||
| CVE-2006-1102 | 1 Sauerbraten | 2 Cube, Sauerbraten | 2026-06-16 | 5.0 MEDIUM | N/A |
| Sauerbraten 2006_02_28, as derived from the Cube engine, allows remote attackers to cause a denial of service (client exit) by forcing the server to change to a map (ogz) file whose name contains ".." sequences and has a certain length that prevents the addition of the ".ogz" extension. | |||||
| CVE-2006-1101 | 1 Sauerbraten | 2 Cube, Sauerbraten | 2026-06-16 | 5.0 MEDIUM | N/A |
| The (1) sgetstr and (2) getint functions in Sauerbraten 2006_02_28, as derived from the Cube engine, allow remote attackers to cause a denial of service (segmentation fault) via long streams of input data that trigger an out-of-bounds read, as demonstrated using SV_EXT tag data in the Cube engine, which is not properly handled by getint. | |||||
| CVE-2006-1100 | 1 Sauerbraten | 2 Cube, Sauerbraten | 2026-06-16 | 7.5 HIGH | N/A |
| Buffer overflow in the sgetstr function in shared/cube.h in Sauerbraten 2006_02_28 and earlier, as derived from the Cube engine, allows remote attackers to execute arbitrary code via long streams of input data. | |||||
| CVE-2006-1099 | 1 Logit | 1 Logit | 2026-06-16 | 7.5 HIGH | N/A |
| PHP remote file include vulnerability in logIT 1.3 and 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the pg parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-1098 | 1 Digital Builder | 1 Nz Ecommerce | 2026-06-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in NZ Ecommerce allow remote attackers to execute arbitrary SQL commands via the (1) informationID or (2) ParentCategory parameter to index.php. NOTE: the vendor has disputed this issue in a comment on the researcher's blog, but research by CVE suggests that this might be a legitimate problem | |||||
| CVE-2006-1097 | 1 Datenbank Module | 1 Datenbank Module | 2026-06-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Datenbank MOD 2.7 and earlier for Woltlab Burning Board allow remote attackers to inject arbitrary web script or HTML via the fileid parameter to (1) info_db.php or (2) database.php. | |||||
| CVE-2006-1096 | 1 Digital Builder | 1 Nz Ecommerce | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in NZ Ecommerce allows remote attackers to inject arbitrary web script or HTML via the action parameter. NOTE: the vendor has disputed this issue in a comment on the researcher's blog, but research by CVE suggests that this might be a legitimate problem | |||||