Total
361769 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1242 | 1 Linux | 1 Linux Kernel | 2026-06-16 | 5.0 MEDIUM | N/A |
| The ip_push_pending_frames function in Linux 2.4.x and 2.6.x before 2.6.16 increments the IP ID field when sending a RST after receiving unsolicited TCP SYN-ACK packets, which allows remote attackers to conduct an Idle Scan (nmap -sI) attack, which bypasses intended protections against such attacks. | |||||
| CVE-2006-1241 | 1 Firebirdsql | 1 Firebird | 2026-06-16 | 4.6 MEDIUM | N/A |
| Firebird 1.5.2.4731 installs (1) fb_lock_mgr, (2) gds_drop, and (3) fb_inet_server with setuid firebird permissions, which might allow local users to gain privileges via a buffer overflow as identified by CVE-2006-1240, or possibly other vulnerabilities. | |||||
| CVE-2006-1240 | 1 Firebirdsql | 1 Firebird | 2026-06-16 | 4.6 MEDIUM | N/A |
| Buffer overflow in inet_server.cpp in (1) fb_inet_server and (2) fbserver in Firebird 1.5.2.4731 allows local users to gain privileges via a long value of the -p argument. | |||||
| CVE-2006-1239 | 1 Countersoft | 1 Gemini | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in issue/createissue.aspx in Gemini 2.0 allows remote attackers to inject arbitrary web script or HTML via the rtcDescription$RadEditor1 field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-1238 | 1 Dsportal | 1 Dslogin | 2026-06-16 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in DSLogin 1.0, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands and bypass authentication via the $log_userid variable in (1) index.php and (2) admin/index.php. | |||||
| CVE-2006-1237 | 1 Dsportal | 1 Dsnewsletter | 2026-06-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in DSNewsletter 1.0, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the email parameter to (1) include/sub.php, (2) include/confirm.php, or (3) include/unconfirm.php. | |||||
| CVE-2006-1236 | 1 Crossfire | 1 Crossfire | 2026-06-16 | 7.5 HIGH | N/A |
| Buffer overflow in the SetUp function in socket/request.c in CrossFire 1.9.0 allows remote attackers to execute arbitrary code via a long setup sound command, a different vulnerability than CVE-2006-1010. | |||||
| CVE-2006-1235 | 1 David Ravenscroft | 1 Hithost | 2026-06-16 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in admin/deleteuser.php in HitHost 1.0.0 might allow remote attackers to delete directories (possibly only empty directories) via the $deleteuser variable. NOTE: the initial disclosure for this issue indicated that the researcher was unable to prove this issue; however, this might have been due to certain behaviors of rmdir. | |||||
| CVE-2006-1234 | 1 Dsportal | 1 Dscounter | 2026-06-16 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in index.php in DSCounter 1.2, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For field (HTTP_X_FORWARDED_FOR environment variable) in an HTTP header. | |||||
| CVE-2006-1233 | 1 Mikael Software | 1 Wmnews | 2026-06-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in WMNews allow remote attackers to inject arbitrary web script or HTML via the (1) ArtCat parameter to wmview.php, (2) ctrrowcol parameter to footer.php, or (3) ArtID parameter to wmcomments.php. | |||||
| CVE-2006-1232 | 1 Dsportal | 1 Dsdownload | 2026-06-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in DSDownload 1.0, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the (1) key and (2) category parameters to (a) search.php and (b) downloads.php. | |||||
| CVE-2006-1231 | 1 Julian Pawlowski | 1 Capi4hylafax | 2026-06-16 | 1.2 LOW | N/A |
| CAPI4HylaFAX 1.3, when compiled with GENERATE_DEBUGSFFDATAFILE set, allows local users to modify arbitrary files via a symlink attack on the c2faxrecv_dbgdatafile.sff temporary file. | |||||
| CVE-2006-1230 | 1 Belchior Foundry | 1 Vcard | 2026-06-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in create.php in vCard 2.x allow remote attackers to inject arbitrary web script or HTML via the (1) card_id, (2) uploaded, (3) card_fontsize, or (4) card_color parameter. NOTE: the card_id vector was later reported to affect vCard 2.9, and the uploaded vector for 2.6. | |||||
| CVE-2006-1229 | 1 Hosting Controller | 1 Hosting Controller | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.asp in Hosting Controller 6.1 (Hotfix 2.9) allows remote attackers to execute arbitrary SQL commands via the search parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-1228 | 1 Drupal | 1 Drupal | 2026-06-16 | 5.1 MEDIUM | N/A |
| Session fixation vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8 allows remote attackers to gain privileges by tricking a user to click on a URL that fixes the session identifier. | |||||
| CVE-2006-1227 | 1 Drupal | 1 Drupal | 2026-06-16 | 4.6 MEDIUM | N/A |
| Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8, when menu.module is used to create a menu item, does not implement access control for the page that is referenced, which might allow remote attackers to access administrator pages. | |||||
| CVE-2006-1226 | 1 Drupal | 1 Drupal | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | |||||
| CVE-2006-1225 | 1 Drupal | 1 Drupal | 2026-06-16 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8 allows remote attackers to inject headers of outgoing e-mail messages and use Drupal as a spam proxy. | |||||
| CVE-2006-1224 | 1 Guppy | 1 Guppy | 2026-06-16 | 2.6 LOW | N/A |
| Directory traversal vulnerability in dwnld.php in GuppY 4.5.11 allows remote attackers to overwrite arbitrary files via a "%2E." (mixed encoding) in the pg parameter. | |||||
| CVE-2006-1223 | 1 Jupiter Cms | 1 Jupiter Cms | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Jupiter Content Manager 1.1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a Javascript URI in the image BBcode tag. | |||||