Vulnerabilities (CVE)

Total 363278 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-2499 1 Xfairguy 1 Codeavalanche News 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in default.asp in CodeAvalanche News (CANews) 1.2 allows remote attackers to execute arbitrary SQL commands via the password field.
CVE-2006-2498 1 Invision Power Services 1 Invision Power Board 2026-06-16 6.4 MEDIUM N/A
Invision Power Board (IPB) before 2.1.6 allows remote attackers to execute arbitrary PHP script via attack vectors involving (1) the post_icon variable in classes/post/class_post.php and (2) the df value in action_public/moderate.php.
CVE-2006-2497 1 Aspbb 1 Aspbb 2026-06-16 5.8 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in AspBB 0.5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter to default.asp or (2) get parameter to profile.asp.
CVE-2006-2496 1 Novell 2 Edirectory, Imonitor 2026-06-16 10.0 HIGH N/A
Buffer overflow in iMonitor 2.4 in Novell eDirectory 8.8 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown attack vectors.
CVE-2006-2495 1 S9y 1 Serendipity 2026-06-16 7.5 HIGH N/A
Cross-site request forgery (CSRF) vulnerability in the Entry Manager in Serendipity before 1.0-beta3 allows remote attackers to perform unauthorized actions as a logged-in user via a link or IMG tag.
CVE-2006-2494 1 Lacaveprods 1 Intellitamper 2026-06-16 5.1 MEDIUM N/A
Stack-based buffer overflow in IntelliTamper 2.07 allows remote attackers to execute arbitrary code via a crafted .map file.
CVE-2006-2492 1 Microsoft 2 Office, Works Suite 2026-06-16 7.6 HIGH 8.8 HIGH
Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object pointer, as originally reported by ISC on 20060519 for a zero-day attack.
CVE-2006-2491 2 Boastmachine, Kailash Nadh 2 Boastmachine, Boastmachine 2026-06-16 6.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in (1) index.php and (2) bmc/admin.php in BoastMachine (bMachine) 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly filtered when it is accessed using the $_SERVER["PHP_SELF"] variable.
CVE-2006-2490 1 Mobotix 1 Mobotix Ip Network Camera 2026-06-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Mobotix IP Network Cameras M1 1.9.4.7 and M10 2.0.5.2, and other versions before 2.2.3.18 for M10/D10 and 3.0.3.31 for M22, allow remote attackers to inject arbitrary web script or HTML via URL-encoded values in (1) the query string to help/help, (2) the get_image_info_abspath parameter to control/eventplayer, and (3) the source_ip parameter to events.tar.
CVE-2006-2489 1 Nagios 1 Nagios 2026-06-16 7.5 HIGH N/A
Integer overflow in CGI scripts in Nagios 1.x before 1.4.1 and 2.x before 2.3.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a content length (Content-Length) HTTP header. NOTE: this is a different vulnerability than CVE-2006-2162.
CVE-2006-2488 1 Spymac 1 Spymac Web Os 2026-06-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Spymac WebOS (WOS) 5.0 allow remote attackers to inject arbitrary web script or HTML via the (1) del_folder, (2) nick, or (3) action parameters to (a) notes/index.php, (4) curr parameter to (b) ipod/get_ipod.php, and in (c) login.php.
CVE-2006-2487 1 Scoznet 1 Scoznews 2026-06-16 7.5 HIGH N/A
Multiple PHP remote file inclusion vulnerabilities in ScozNews 1.2.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the CONFIG[main_path] parameter in (1) functions.php, (2) template.php, (3) news.php, (4) help.php, (5) mail.php, (6) Admin/admin_cats.php, (8) Admin/admin_edit.php, (9) Admin/admin_import.php, and (10) Admin/admin_templates.php. NOTE: this might be resultant from a variable overwrite issue.
CVE-2006-2486 1 Yapbb 1 Yapbb 2026-06-16 6.4 MEDIUM N/A
SQL injection vulnerability in find.php in YapBB 1.2 Beta2 and earlier allows remote attackers to execute arbitrary SQL commands via the userID parameter.
CVE-2006-2485 1 Quezza 1 Quezza Bb 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in includes/class_template.php in Quezza 1.0 and earlier, and possibly 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the quezza_root_path parameter.
CVE-2006-2484 1 Icewarp 1 Web Mail 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.html in IceWarp WebMail 5.5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the PHPSESSID parameter.
CVE-2006-2483 1 Lighthouse Development 1 Squirrelcart 2026-06-16 6.4 MEDIUM N/A
PHP remote file inclusion vulnerability in cart_content.php in Squirrelcart 2.2.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cart_isp_root parameter.
CVE-2006-2482 2 Microchip Data Systems, Pentaware 4 Ziptv For C\+\+ Builder, Ziptv For Delphi 7, Pentasuite-pro and 1 more 2026-06-16 6.8 MEDIUM N/A
Heap-based buffer overflow in the TZipTV component in (1) ZipTV for Delphi 7 2006.1.26 and for C++ Builder 2006-1.16, (2) PentaZip 8.5.1.190 and PentaSuite-PRO 8.5.1.221, and possibly other products, allows user-assisted attackers to execute arbitrary code via an ARJ archive with a long header. NOTE: the ACE archive vector is covered by CVE-2005-2856.
CVE-2006-2481 1 Vmware 1 Esx 2026-06-16 5.0 MEDIUM N/A
VMware ESX Server 2.0.x before 2.0.2 and 2.x before 2.5.2 patch 4 stores authentication credentials in base 64 encoded format in the vmware.mui.kid and vmware.mui.sid cookies, which allows attackers to gain privileges by obtaining the cookies using attacks such as cross-site scripting (CVE-2005-3619).
CVE-2006-2480 1 Dia 1 Dia 2026-06-16 5.1 MEDIUM N/A
Format string vulnerability in Dia 0.94 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering errors or warnings, as demonstrated via format string specifiers in a .bmp filename. NOTE: the original exploit was demonstrated through a command line argument, but there are other mechanisms for input that are automatically processed by Dia, such as a crafted .dia file.
CVE-2006-2479 1 Bitrix 1 Bitrix Site Manager 2026-06-16 5.0 MEDIUM N/A
The Update functionality in Bitrix Site Manager 4.1.x does not verify the authenticity of downloaded updates, which allows remote attackers to obtain sensitive information and ultimately execute arbitrary PHP code via DNS cache poisoning that redirects the user to a malicious site.