Vulnerabilities (CVE)

Total 363452 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-2605 1 Dschat 1 Dschat 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in DSChat 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the chatbox, probably involving the ctext parameter to send.php.
CVE-2006-2592 1 Dschat 1 Dschat 2026-06-16 7.5 HIGH N/A
Unspecified vulnerability in DSChat 1.0 allows remote attackers to execute arbitrary PHP code via the Nickname field, which is not sanitized before creating a file in a user directory. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-2591 1 E107 1 E107 2026-06-16 5.0 MEDIUM N/A
Unspecified vulnerability in e107 before 0.7.5 has unknown impact and remote attack vectors related to an "emailing exploit".
CVE-2006-2590 1 E107 1 E107 2026-06-16 6.4 MEDIUM N/A
SQL injection vulnerability in e107 before 0.7.5 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors.
CVE-2006-2589 1 Mybulletinboard 1 Mybulletinboard 2026-06-16 6.4 MEDIUM N/A
SQL injection vulnerability in rss.php in MyBB (aka MyBulletinBoard) 1.1.1 allows remote attackers to execute arbitrary SQL commands via the comma parameter. NOTE: it is not clear from the original report how this attack can succeed, since the demonstration URL uses a variable that is overwritten with static data in the extracted source code.
CVE-2006-2588 1 Russcom Network 1 Phpimages 2026-06-16 5.0 MEDIUM N/A
Russcom PHPImages allows remote attackers to upload files of arbitrary types by uploading a file with a .gif extension. NOTE: due to lack of specific information about attack vectors do not depend on the existence of another vulnerability, it is not clear whether this is a vulnerability.
CVE-2006-2587 1 Even Balance 1 Punkbuster 2026-06-16 5.0 MEDIUM N/A
Buffer overflow in the WebTool HTTP server component in (1) PunkBuster before 1.229, as used by multiple products including (2) America's Army 1.228 and earlier, (3) Battlefield 1942 1.158 and earlier, (4) Battlefield 2 1.184 and earlier, (5) Battlefield Vietnam 1.150 and earlier, (6) Call of Duty 1.173 and earlier, (7) Call of Duty 2 1.108 and earlier, (8) DOOM 3 1.159 and earlier, (9) Enemy Territory 1.167 and earlier, (10) Far Cry 1.150 and earlier, (11) F.E.A.R. 1.093 and earlier, (12) Joint Operations 1.187 and earlier, (13) Quake III Arena 1.150 and earlier, (14) Quake 4 1.181 and earlier, (15) Rainbow Six 3: Raven Shield 1.169 and earlier, (16) Rainbow Six 4: Lockdown 1.093 and earlier, (17) Return to Castle Wolfenstein 1.175 and earlier, and (18) Soldier of Fortune II 1.183 and earlier allows remote attackers to cause a denial of service (application crash) via a long webkey parameter.
CVE-2006-2586 1 Iplogger 1 Iplogger 2026-06-16 5.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in IpLogger 1.7 and earlier allows remote attackers to inject arbitrary HTML or web script via the HTTP_REFERER header in an HTTP request.
CVE-2006-2585 1 Greg Donald 1 Destiney Links Script 2026-06-16 6.4 MEDIUM N/A
SQL injection vulnerability in Destiney Links Script 2.1.2 allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-2584 1 Skyebox 1 Skyebox 2026-06-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in post.php in SkyeBox 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) message parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information, although it was likely prompted by a vague announcement from a researcher who incorrectly referred to the product as "SkyeShoutbox."
CVE-2006-2583 1 Nucleus Group 1 Nucleus Cms 2026-06-16 5.1 MEDIUM N/A
PHP remote file inclusion vulnerability in nucleus/libs/PLUGINADMIN.php in Nucleus 3.22 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[DIR_LIBS] parameter.
CVE-2006-2582 1 Rwiki 1 Rwiki 2026-06-16 7.5 HIGH N/A
The editing form in RWiki 2.1.0pre1 through 2.1.0 allows remote attackers to execute arbitrary Ruby code via unknown attack vectors.
CVE-2006-2581 1 Rwiki 1 Rwiki 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Wiki content in RWiki 2.1.0pre1 through 2.1.0 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
CVE-2006-2580 1 Hp 1 Openview Network Node Manager 2026-06-16 7.5 HIGH N/A
Multiple unspecified vulnerabilities in HP OpenView Network Node Manager (OV NNM) 6.20, 6.4x, 7.01, and 7.50 allow remote attackers to gain privileged access, execute arbitrary commands, or create arbitrary files via unknown vectors.
CVE-2006-2579 1 Hp 1 Openview Storage Data Protector 2026-06-16 7.5 HIGH N/A
Unspecified vulnerability in HP OpenView Storage Data Protector 5.1 and 5.5 allows remote attackers to execute arbitrary code via unknown vectors.
CVE-2006-2578 1 Esyndicat 1 Esyndicat Directory 2026-06-16 5.1 MEDIUM N/A
admin/cron.php in eSyndicat Directory 1.2, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include arbitrary files and possibly execute arbitrary PHP code via a null-terminated value in the path_to_config parameter.
CVE-2006-2577 1 Docebo 1 Docebo 2026-06-16 5.1 MEDIUM N/A
Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in (1) where_cms, (2) where_lms, (3) where_upgrade, (4) BBC_LIB_PATH, and (5) BBC_LANGUAGE_PATH parameters in various unspecified scripts. NOTE: the provenance of some of this information is unknown; the details are obtained solely from third party information.
CVE-2006-2576 1 Docebo 1 Docebo 2026-06-16 5.1 MEDIUM N/A
Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in (1) GLOBALS[where_framework] to (a) lib.simplesel.php, (b) lib.filelist.php, (c) tree.documents.php, (d) lib.repo.php, and (e) lib.php, and (2) GLOBALS[where_scs] to (f) lib.teleskill.php. NOTE: this issue might be resultant from a global overwrite vulnerability.
CVE-2006-2575 1 Pyrosoft Inc 1 Netpanzer 2026-06-16 5.0 MEDIUM N/A
The setFrame function in Lib/2D/Surface.hpp for NetPanzer 0.8 and earlier allows remote attackers to cause a denial of service (crash) via a client flag (frameNum) that is greater than 41, which triggers an assert error.
CVE-2006-2574 1 Hp 1 Hp-ux 2026-06-16 7.2 HIGH N/A
Multiple unspecified vulnerabilities in Software Distributor in HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allow local users to gain privileges via unspecified attack vectors.