Vulnerabilities (CVE)

Total 363018 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-2351 1 Ipswitch 1 Whatsup Professional 2026-06-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in IPswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allow remote attackers to inject arbitrary web script or HTML via the (1) sDeviceView or (2) nDeviceID parameter to (a) NmConsole/Navigation.asp or (3) sHostname parameter to (b) NmConsole/ToolResults.asp.
CVE-2006-2349 1 Oasyssoft 1 E-business Designer 2026-06-16 6.8 MEDIUM N/A
E-Business Designer (eBD) 3.1.4 and earlier allows remote attackers to upload or modify arbitrary files, and execute arbitrary code, via a direct request to (1) common/html_editor/image_browser.upload.html, (2) common/html_editor/image_browser.html, or (3) common/html_editor/html_editor.html. NOTE: this can also be used for cross-site scripting (XSS) attacks by uploading cascading style sheet (.CSS) files.
CVE-2006-2348 1 Oasyssoft 1 E-business Designer 2026-06-16 2.6 LOW N/A
Cross-site scripting (XSS) vulnerability in form_grupo.html in E-Business Designer (eBD) 3.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this issue might be resultant from SQL injection.
CVE-2006-2347 1 Oasyssoft 1 E-business Designer 2026-06-16 5.0 MEDIUM N/A
E-Business Designer (eBD) 3.1.4 and earlier allows remote attackers to obtain the full path of the web server via "'" characters, and possibly other invalid values, in (1) the id parameter to form_grupo.html, or requests to the (2) archivos/ and (3) files/ directories. NOTE: this issue might be resultant from SQL injection.
CVE-2006-2346 1 Inter7 1 Vpopmail \(vchkpw\) 2026-06-16 7.5 HIGH N/A
vpopmail 5.4.14 and 5.4.15, with cleartext passwords enabled, allows remote attackers to authenticate to an account that does not have a cleartext password set by using a blank password to (1) SMTP AUTH or (2) APOP.
CVE-2006-2345 1 Roostercode Ajax Softwares 1 Alipager 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in inc/elementz.php in AliPAGER 1.5 allows remote attackers to inject arbitrary web script or HTML via the ubild parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. NOTE: this issue might be resultant from SQL injection.
CVE-2006-2344 1 Ajax Softwares 1 Alipager 2026-06-16 6.4 MEDIUM N/A
SQL injection vulnerability in inc/elementz.php in AliPAGER 1.5, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the ubild parameter.
CVE-2006-2343 1 Adventnet 1 Manageengine Opmanager 2026-06-16 5.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Search.do in ManageEngine OpManager 6.0 allows remote attackers to inject arbitrary web script or HTML via the searchTerm parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-2342 1 Ibm 1 Websphere Application Server 2026-06-16 7.5 HIGH N/A
IBM WebSphere Application Server 6.0.2 before FixPack 3 allows remote attackers to bypass authentication for the Welcome Page via a request to the default context root.
CVE-2006-2341 1 Symantec 2 Enterprise Firewall, Gateway Security 2026-06-16 5.0 MEDIUM N/A
The HTTP proxy in Symantec Gateway Security 5000 Series 2.0.1 and 3.0, and Enterprise Firewall 8.0, when NAT is being used, allows remote attackers to determine internal IP addresses by using malformed HTTP requests, as demonstrated using a get request without a space separating the URI.
CVE-2006-2340 1 Lethal Penguin 2 Passmasterflex, Passmasterflexplus 2026-06-16 5.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in PassMasterFlex and PassMasterFlexPlus (PassMasterFlex+) 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) username, (2) password, or (3) User-Agent HTTP header in the Hack Log.
CVE-2006-2339 1 Evo-dev 2 Evotopsites, Evotopsites Pro 2026-06-16 6.4 MEDIUM N/A
SQL injection vulnerability in index.php in evoTopsites 2.x and evoTopsites Pro 2.x allows remote attackers to execute arbitrary SQL commands via the (1) cat_id and (2) id parameters.
CVE-2006-2338 1 Planet Concept 1 Planetstat 2026-06-16 7.5 HIGH N/A
PlaNet Concept plaNetStat 20050127 allows remote attackers to gain administrative privileges, and view and configure log files, via a direct request to the (1) admin.php or (2) settings.php page.
CVE-2006-2337 1 D-link 1 Dsl-g604t 2026-06-16 5.0 MEDIUM N/A
Directory traversal vulnerability in webcm in the D-Link DSL-G604T Wireless ADSL Router Modem allows remote attackers to read arbitrary files via an absolute path in the getpage parameter.
CVE-2006-2336 1 Mybulletinboard 1 Mybulletinboard 2026-06-16 6.4 MEDIUM N/A
SQL injection vulnerability in showthread.php in MyBB (aka MyBulletinBoard) 1.1.1 allows remote attackers to execute arbitrary SQL commands via the comma parameter.
CVE-2006-2335 1 Jelsoft 1 Vbulletin 2026-06-16 6.5 MEDIUM N/A
Jelsoft vBulletin accepts uploads of Cascading Style Sheets (CSS) and processes them in a way that allows remote authenticated administrators to gain shell access by uploading a CSS file that contains PHP code, then selecting the file via the style chooser, which causes the PHP code to be executed. NOTE: the vendor was unable to reproduce this issue in 3.5.x. NOTE: this issue might be due to direct static code injection.
CVE-2006-2334 1 Microsoft 2 Windows 2000, Windows Xp 2026-06-16 2.1 LOW N/A
The RtlDosPathNameToNtPathName_U API function in NTDLL.DLL in Microsoft Windows 2000 SP4 and XP SP2 does not properly convert DOS style paths with trailing spaces into NT style paths, which allows context-dependent attackers to create files that cannot be accessed through the expected DOS path or prevent access to other similarly named files in the same directory, which prevents those files from being detected or disinfected by certain anti-virus and anti-spyware software.
CVE-2006-2333 1 Mybulletinboard 1 Mybulletinboard 2026-06-16 6.4 MEDIUM N/A
Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) 1.1.1 allow remote attackers to execute arbitrary SQL commands via the e-mail address when registering for a forum that requires e-mail verification, which is not properly handled in (1) usercp.php and (2) member.php.
CVE-2006-2332 1 Mozilla 1 Firefox 2026-06-16 2.6 LOW N/A
Mozilla Firefox 1.5.0.3 allows remote attackers to cause a denial of service via a web page with a large number of IMG elements in which the SRC attribute is a mailto URI. NOTE: another researcher found that the web page caused a temporary browser slowdown instead of a crash.
CVE-2006-2331 1 Php Fusion 1 Php Fusion 2026-06-16 6.4 MEDIUM N/A
Multiple directory traversal vulnerabilities in PHP-Fusion 6.00.306 allow remote attackers to include and execute arbitrary local files via (1) a .. (dot dot) in the settings[locale] parameter in infusions/last_seen_users_panel/last_seen_users_panel.php, and (2) a .. (dot dot) in the localeset parameter in setup.php. NOTE: the vendor states that this issue might exist due to problems in third party local files.