Total
361595 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1140 | 1 Redblog | 1 Redblog | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in rss.php in RedBLoG 0.5 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. | |||||
| CVE-2006-1139 | 1 Xerox | 12 Copycentre C65, Copycentre C65 Firmware, Copycentre C75 and 9 more | 2026-06-16 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in the ESS/ Network Controller in Xerox CopyCentre and Xerox WorkCentre Pro, running software 1.001.02.073 or earlier, or 1.001.02.074 before 1.001.02.715, causes the Immediate Image Overwrite feature to fail after a power loss, which could leave data exposed to attack. | |||||
| CVE-2006-1138 | 1 Xerox | 12 Copycentre C65, Copycentre C65 Firmware, Copycentre C75 and 9 more | 2026-06-16 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the web server code in Xerox CopyCentre and Xerox WorkCentre Pro, running software 1.001.02.073 or earlier, or 1.001.02.074 before 1.001.02.715, allows remote attackers to cause a denial of service (memory corruption) via unknown vectors. | |||||
| CVE-2006-1137 | 1 Xerox | 12 Copycentre C65, Copycentre C65 Firmware, Copycentre C75 and 9 more | 2026-06-16 | 5.0 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Xerox CopyCentre and Xerox WorkCentre Pro, running software 1.001.02.073 or earlier, or 1.001.02.074 before 1.001.02.715, allow remote attackers to cause an unspecified denial of service via a crafted PostScript file that will (1) "navigate through the directory" or (2) a "file sent to expose TCP/IP ports". | |||||
| CVE-2006-1136 | 1 Xerox | 6 Copycentre C65, Copycentre C75, Copycentre C90 and 3 more | 2026-06-16 | 5.0 MEDIUM | N/A |
| Buffer overflow in the PostScript file interpreter code for Xerox CopyCentre and Xerox WorkCentre Pro, running software 1.001.02.073 or earlier, or 1.001.02.074 before 1.001.02.715, allows attackers to cause a denial of service via unknown vectors. | |||||
| CVE-2006-1135 | 1 Sblog | 1 Sblog | 2026-06-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in sBlog 0.7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) keyword parameter to search.php or (2) username parameter to comments_do.php. | |||||
| CVE-2006-1134 | 1 Jason Smith | 1 Cyboards Php Lite | 2026-06-16 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in CyBoards PHP Lite 1.25, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the parent parameter to (1) post.php and possibly (2) process_post.php. | |||||
| CVE-2006-1133 | 1 Vbzoom | 1 Vbzoom | 2026-06-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in vbzoom 1.11 allow remote attackers to inject arbitrary web script or HTML via the UserID parameter to (1) comment.php or (2) contact.php. NOTE: the profile.php/UserName vector is already covered by CVE-2005-2441. | |||||
| CVE-2006-1132 | 1 Vbzoom | 1 Vbzoom | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in show.php in vbzoom 1.11 allow remote attackers to execute arbitrary SQL commands via the MainID parameter. NOTE: the SubjectID vector is already covered by CVE-2005-4729. | |||||
| CVE-2006-1131 | 1 Bitweaver | 1 Bitweaver | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in read.php in bitweaver CMS 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the comment_title parameter. | |||||
| CVE-2006-1130 | 1 Ekinboard | 1 Ekinboard | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in EKINboard 1.0.3 allows remote attackers to inject arbitrary web script or HTML via a Javascript URI in a BBCode img tag. | |||||
| CVE-2006-1129 | 1 Ekinboard | 1 Ekinboard | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in config.php in EKINboard 1.0.3 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username cookie. | |||||
| CVE-2006-1128 | 1 Gallery Project | 1 Gallery | 2026-06-16 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in the session handling class (GallerySession.class) in Gallery 2 up to 2.0.2 allows remote attackers to access and delete files by specifying the session in a cookie, which is used in constructing file paths before the session value is sanitized. | |||||
| CVE-2006-1127 | 1 Gallery Project | 1 Gallery | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Gallery 2 up to 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For (X_FORWARDED_FOR) HTTP header, which is not properly handled when adding a comment to an album. | |||||
| CVE-2006-1126 | 1 Gallery Project | 1 Gallery | 2026-06-16 | 6.4 MEDIUM | N/A |
| Gallery 2 up to 2.0.2 allows remote attackers to spoof their IP address via a modified X-Forwarded-For (X_FORWARDED_FOR) HTTP header, which is checked by Gallery before other more reliable sources of IP address information, such as REMOTE_ADDR. | |||||
| CVE-2006-1125 | 1 Grisoft | 1 Avg Antivirus | 2026-06-16 | 4.6 MEDIUM | N/A |
| Grisoft AVG Free 7.1, and other versions including 7.0.308, sets Everyone/Full Control permissions for certain update files including (1) upd_vers.cfg, (2) incavi.avm, and (3) unspecified drivers, which might allow local users to gain privileges. | |||||
| CVE-2006-1124 | 1 Revilloc Solutions | 1 Revilloc Mailserver | 2026-06-16 | 7.5 HIGH | N/A |
| Buffer overflow in RevilloC MailServer and Proxy 1.21 allows remote attackers to execute arbitrary code via a long USER command. | |||||
| CVE-2006-1123 | 1 D2ksoft | 1 D2kblog | 2026-06-16 | 10.0 HIGH | N/A |
| SQL injection vulnerability in D2KBlog 1.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the memName parameter in a cookie. | |||||
| CVE-2006-1122 | 1 D2ksoft | 1 D2kblog | 2026-06-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Default.asp in D2KBlog 1.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | |||||
| CVE-2006-1121 | 1 Cutephp | 1 Cutenews | 2026-06-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in CuteNews 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the query string to index.php. | |||||