Vulnerabilities (CVE)

Total 363018 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-2371 1 Microsoft 3 Windows 2000, Windows 2003 Server, Windows Xp 2026-06-16 7.5 HIGH N/A
Buffer overflow in the Remote Access Connection Manager service (RASMAN) service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," that lead to registry corruption and stack corruption, aka the "RASMAN Registry Corruption Vulnerability."
CVE-2006-2370 1 Microsoft 3 Windows 2000, Windows 2003 Server, Windows Xp 2026-06-16 7.5 HIGH N/A
Buffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," aka the "RRAS Memory Corruption Vulnerability."
CVE-2006-2369 1 Vnc 1 Realvnc 2026-06-16 7.5 HIGH N/A
RealVNC 4.1.1, and other products that use RealVNC such as AdderLink IP and Cisco CallManager, allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, as originally demonstrated using a long password.
CVE-2006-2368 1 Clansys 1 Clansys 2026-06-16 5.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.php in Clansys (aka Clanpage System) 1.1 allows remote attackers to inject arbitrary web script or HTML via the page parameter.
CVE-2006-2367 1 Clansys 1 Clansys 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.php in Clansys (aka Clanpage System) 1.0 and 1.1 allows remote attackers to inject arbitrary web script or HTML via the func parameter in a search function.
CVE-2006-2366 1 Openobex 1 Openobex 2026-06-16 2.6 LOW N/A
ircp_io.c in libopenobex for ircp 1.2, when ircp is run with the -r option, does not prompt the user when overwriting files, which allows user-assisted remote attackers to overwrite dangerous files via an arbitrary destination file name in an OBEX File Transfer session.
CVE-2006-2365 1 Vizra 1 Vizra 2026-06-16 5.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in a_login.php in Vizra allows remote attackers to inject arbitrary web script or HTML via the message parameter.
CVE-2006-2364 1 Macromedia 1 Coldfusion 2026-06-16 5.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the validation feature in Macromedia ColdFusion 5 and earlier allows remote attackers to inject arbitrary web script or HTML via a "_required" field when the associated normal field is missing or empty, which is not sanitized before being presented in an error message.
CVE-2006-2363 1 Limbo Cms 1 Limbo Cms 2026-06-16 5.1 MEDIUM N/A
SQL injection vulnerability in the weblinks option (weblinks.html.php) in Limbo CMS allows remote attackers to execute arbitrary SQL commands via the catid parameter.
CVE-2006-2362 1 Gnu 1 Binutils 2026-06-16 7.5 HIGH 7.3 HIGH
Buffer overflow in getsym in tekhex.c in libbfd in Free Software Foundation GNU Binutils before 20060423, as used by GNU strings, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a file with a crafted Tektronix Hex Format (TekHex) record in which the length character is not a valid hexadecimal character.
CVE-2006-2361 2 Mxbb, Php Arena 2 Mxbb Portal, Pafiledb 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in pafiledb_constants.php in Download Manager (mxBB pafiledb) integration, as used with phpBB, allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.
CVE-2006-2360 1 Phpbb Group 1 Phpbb 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in charts.php in the Chart mod for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2006-2359 1 Phpbb Group 1 Phpbb 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in charts.php in the Chart mod for phpBB allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this issue might be resultant from SQL injection.
CVE-2006-2358 1 Web-labs 1 Web-labs Cms 2026-06-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in various scripts in Web-Labs CMS allow remote attackers to inject arbitrary web script or HTML via (1) the search parameter and (2) unspecified fields related to e-mail alerts. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-2357 1 Ipswitch 1 Whatsup Professional 2026-06-16 5.0 MEDIUM N/A
Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to obtain source code for scripts via a trailing dot in a request to NmConsole/Login.asp.
CVE-2006-2356 1 Ipswitch 1 Whatsup Professional 2026-06-16 5.0 MEDIUM N/A
NmConsole/utility/RenderMap.asp in Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to obtain sensitive information about network nodes via a modified nDeviceGroupID parameter.
CVE-2006-2355 1 Ipswitch 1 Whatsup Professional 2026-06-16 5.0 MEDIUM N/A
Ipswitch WhatsUp Professional 2006 and Ipswitch WhatsUp Professional 2006 Premium allows remote attackers to obtain full path information via 404 error messages. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-2354 1 Ipswitch 1 Whatsup Professional 2026-06-16 5.0 MEDIUM N/A
NmConsole/Login.asp in Ipswitch WhatsUp Professional 2006 and Ipswitch WhatsUp Professional 2006 Premium generates different error messages in a way that allows remote attackers to enumerate valid usernames. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-2353 1 Ipswitch 1 Whatsup Professional 2026-06-16 5.0 MEDIUM N/A
NmConsole/DeviceSelection.asp in Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allows remote attackers to redirect users to other websites via the (1) sCancelURL and possibly (2) sRedirectUrl parameters.
CVE-2006-2352 1 Ipswitch 1 Whatsup Professional 2026-06-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in IPswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allow remote attackers to inject arbitrary web script or HTML via unknown vectors in (1) NmConsole/Tools.asp and (2) NmConsole/DeviceSelection.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.