Vulnerabilities (CVE)

Total 363383 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-2524 1 Usebb 1 Usebb 2026-06-16 6.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in UseBB 1.0 RC1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors when processing the user date format.
CVE-2006-2523 1 Smartisoft 1 Phplistpro 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in config.php in phpListPro 2.0.1 and earlier, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary PHP code via a URL in the Language cookie.
CVE-2006-2522 1 Dayfox Designs 1 Dayfox Blog 2026-06-16 7.5 HIGH N/A
Dayfox Blog 2.0 and earlier stores user credentials in edit/slog_users.txt under the web document root with insufficient access control, which allows remote attackers to gain privileges.
CVE-2006-2521 1 Accomplishtechnology 1 Phpmydirectory 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in cron.php in phpMyDirectory 10.4.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the ROOT_PATH parameter.
CVE-2006-2520 1 Bitberry Software 1 Bitzipper 2026-06-16 5.0 MEDIUM N/A
Directory traversal vulnerability in BitZipper 4.1.2 SR-1 and earlier allows remote attackers to create files in arbitrary directories via a .. (dot dot) in the filename of a file that is stored in a (1) RAR (.rar), (2) TAR (.tar), (3) ZIP (.zip), (4) GZ (.gz), or (5) JAR (.jar) archive.
CVE-2006-2519 1 Phpwcms 1 Phpwcms 2026-06-16 2.6 LOW N/A
Directory traversal vulnerability in include/inc_ext/spaw/spaw_control.class.php in phpwcms 1.2.5-DEV allows remote attackers to include arbitrary local files via .. (dot dot) sequences in the spaw_root parameter. NOTE: CVE analysis suggests that this issue is actually in SPAW Editor PHP Edition.
CVE-2006-2518 1 Phpwcms 1 Phpwcms 2026-06-16 2.6 LOW N/A
Cross-site scripting (XSS) vulnerability in phpwcms 1.2.5-DEV allows remote attackers to inject arbitrary web script or HTML via the BL[be_cnt_plainhtml] parameter to include/inc_tmpl/content/cnt6.inc.php.
CVE-2006-2517 1 Fujitsu 1 Myweb Portal Office 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in MyWeb Portal Office, Standard Edition, Public Edition, Medical Edition, Citizen Edition, School Edition, and Light Edition allows remote attackers to execute arbitrary SQL commands via unknown attack vectors.
CVE-2006-2516 1 Xoops 1 Xoops 2026-06-16 5.1 MEDIUM N/A
mainfile.php in XOOPS 2.0.13.2 and earlier, when register_globals is enabled, allows remote attackers to overwrite variables such as $xoopsOption['nocommon'] and conduct directory traversal attacks or include PHP files via (1) xoopsConfig[language] to misc.php or (2) xoopsConfig[theme_set] to index.php, as demonstrated by injecting PHP sequences into a log file.
CVE-2006-2515 1 Hiox India 1 Guest Book 2026-06-16 6.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.php in Hiox Guestbook 3.1 allows remote attackers to inject arbitrary web script or HTML via the input forms for signing the guestbook.
CVE-2006-2514 1 Coppermine 1 Coppermine Photo Gallery 2026-06-16 7.5 HIGH N/A
Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.
CVE-2006-2513 1 Sun 1 Java System Directory Server 2026-06-16 7.5 HIGH N/A
Unspecified vulnerability in the installation process in Sun Java System Directory Server 5.2 causes wrong user data to be written to a file created by the installation, which allows remote attackers or local users to gain privileges.
CVE-2006-2512 1 Hitachi 4 Eur Print Service, Eur Print Service For Ilf, Eur Professional and 1 more 2026-06-16 6.5 MEDIUM N/A
SQL injection vulnerability in Hitachi EUR Professional Edition, EUR Viewer, EUR Print Service, and EUR Print Service for ILF allows remote authenticated users to execute arbitrary SQL commands via unknown attack vectors.
CVE-2006-2511 1 Frontrange 1 Iheat 2026-06-16 6.5 MEDIUM N/A
The ActiveX version of FrontRange iHEAT allows remote authenticated users to run arbitrary programs or access arbitrary files on the host machine by uploading a file with an extension that is not associated with an application, and selecting a file from the "Open With..." dialog.
CVE-2006-2510 1 Yourfreeworld 1 Short Url And Url Tracker Script 2026-06-16 6.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the URL submission form in YourFreeWorld.com Short Url & Url Tracker Script allows remote attackers to inject arbitrary web script or HTML via an unspecified form for submitting URLs.
CVE-2006-2509 1 Yourfreeworld 1 Short Url And Url Tracker Script 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in login.php in YourFreeWorld.com Short Url & Url Tracker Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2006-2508 1 Yourfreeworld 1 Stylish Text Ads Script 2026-06-16 6.4 MEDIUM N/A
SQL injection vulnerability in tr1.php in YourFreeWorld.com Stylish Text Ads Script allows remote attackers to execute arbitrary SQL commands via the id parameter, possibly involving an attack vector using advertise.php.
CVE-2006-2507 1 Teake Nutma 1 Foing 2026-06-16 7.5 HIGH N/A
Multiple PHP remote file inclusion vulnerabilities in Teake Nutma Foing 0.2.0 through 0.7.0, as used with phpBB, allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter in (1) index.php, (2) song.php, (3) faq.php, (4) list.php, (5) gen_m3u.php, and (6) playlist.php.
CVE-2006-2506 1 Sphider 1 Sphider 2026-06-16 6.8 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in search.php in Sphider allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO and (2) the category parameter.
CVE-2006-2505 1 Oracle 1 Database Server 2026-06-16 3.6 LOW N/A
Oracle Database Server 10g Release 2 allows local users to execute arbitrary SQL queries via a reference to a malicious package in the TYPE_NAME argument in the (1) GET_DOMAIN_INDEX_TABLES or (2) GET_V2_DOMAIN_INDEX_TABLES function in the DBMS_EXPORT_EXTENSION package.