Total
363386 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2442 | 1 Kphone | 1 Kphone | 2026-06-16 | 4.6 MEDIUM | N/A |
| kphone 4.2 creates .qt/kphonerc with world-readable permissions, which allows local users to read usernames and SIP passwords. | |||||
| CVE-2006-2441 | 1 Pioneers | 1 Pioneers Meta-server | 2026-06-16 | 5.0 MEDIUM | N/A |
| Pioneers meta-server before 0.9.55, when the server-console is not installed, allows remote attackers to cause a denial of service (crash) via certain requests from an older gnocatan client to create a new game. | |||||
| CVE-2006-2440 | 1 Imagemagick | 1 Imagemagick | 2026-06-16 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the libMagick component of ImageMagick 6.0.6.2 might allow attackers to execute arbitrary code via an image index array that triggers the overflow during filename glob expansion by the ExpandFilenames function. | |||||
| CVE-2006-2439 | 1 Zipcentral | 1 Zipcentral | 2026-06-16 | 7.6 HIGH | N/A |
| Stack-based buffer overflow in ZipCentral 4.01 allows remote user-assisted attackers to execute arbitrary code via a ZIP archive containing a long filename. | |||||
| CVE-2006-2438 | 1 Caucho Technology | 1 Resin | 2026-06-16 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the viewfile servlet in the documentation package (resin-doc) for Caucho Resin 3.0.17 and 3.0.18 allows remote attackers to read arbitrary files under other web roots via the contextpath parameter. NOTE: this issue can produce resultant path disclosure when the parameter is invalid. | |||||
| CVE-2006-2437 | 1 Caucho Technology | 1 Resin | 2026-06-16 | 5.0 MEDIUM | N/A |
| The viewfile servlet in the documentation package (resin-doc) for Caucho Resin 3.0.17 and 3.0.18 allows remote attackers to obtain the source code for file under the web root via the file parameter. | |||||
| CVE-2006-2436 | 1 Ibm | 1 Websphere Application Server | 2026-06-16 | 7.5 HIGH | N/A |
| WebSphere Application Server 5.0.2 (or any earlier cumulative fix) stores admin and LDAP passwords in plaintext in the FFDC logs when a login to WebSphere fails, which allows attackers to gain privileges. | |||||
| CVE-2006-2435 | 1 Ibm | 1 Websphere Application Server | 2026-06-16 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in IBM WebSphere Application Server 5.0.2 and earlier, and 5.1.1 and earlier, has unknown impact and attack vectors related to "Inserting certain script tags in urls [that] may allow unintended execution of scripts." | |||||
| CVE-2006-2434 | 1 Ibm | 1 Websphere Application Server | 2026-06-16 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in WebSphere 5.1.1 (or any earlier cumulative fix) Common Configuration Mode + CommonArchive and J2EE Models might allow attackers to obtain sensitive information via the trace. | |||||
| CVE-2006-2433 | 1 Ibm | 1 Websphere Application Server | 2026-06-16 | 10.0 HIGH | N/A |
| Unspecified vulnerability in IBM WebSphere Application Server 6.0.2, 6.0.2.1, 6.0.2.3, 6.0.2.5, and 6.0.2.7 has unknown impact and attack vectors related to the "administrative console". | |||||
| CVE-2006-2432 | 1 Ibm | 1 Websphere Application Server | 2026-06-16 | 7.5 HIGH | N/A |
| IBM WebSphere Application Server 5.0.2 (or any earlier cumulative fix) and 5.1.1 (or any earlier cumulative fix) allows EJB access on Solaris systems via a crafted LTPA token. | |||||
| CVE-2006-2431 | 1 Ibm | 1 Websphere Application Server | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the 500 Internal Server Error page on the SOAP port (8880/tcp) in IBM WebSphere Application Server 5.0.2 and earlier, 5.1.x before 5.1.1.12, and 6.0.2 up to 6.0.2.7, allows remote attackers to inject arbitrary web script or HTML via the URI, which is contained in a FAULTACTOR element on this page. NOTE: some sources have reported the element as "faultfactor," but this is likely erroneous. | |||||
| CVE-2006-2430 | 1 Ibm | 1 Websphere Application Server | 2026-06-16 | 10.0 HIGH | N/A |
| IBM WebSphere Application Server 5.0.2 and earlier, 5.1.1 and earlier, and 6.0.2 up to 6.0.2.7 records user credentials in plaintext in addNode.log, which allows attackers to gain privileges. | |||||
| CVE-2006-2429 | 1 Ibm | 1 Websphere Application Server | 2026-06-16 | 10.0 HIGH | N/A |
| Unspecified vulnerability in IBM WebSphere Application Server 6.0.2, 6.0.2.1, 6.0.2.3, 6.0.2.5, and 6.0.2.7 has unknown impact and remote attack vectors related to "HTTP request handlers". | |||||
| CVE-2006-2428 | 1 Duware Dubanner Project | 1 Duware Dubanner | 2026-06-16 | 7.5 HIGH | N/A |
| add.asp in DUware DUbanner 3.1 allows remote attackers to execute arbitrary code by uploading files with arbitrary extensions, such as ASP files, probably due to client-side enforcement that can be bypassed. NOTE: some of these details are obtained from third party information, since the raw source is vague. | |||||
| CVE-2006-2427 | 1 Clam Anti-virus | 2 Clamav, Clamxav | 2026-06-16 | 7.2 HIGH | N/A |
| freshclam in (1) Clam Antivirus (ClamAV) 0.88 and (2) ClamXav 1.0.3h and earlier does not drop privileges before processing the config-file command line option, which allows local users to read portions of arbitrary files when an error message displays the first line of the target file. | |||||
| CVE-2006-2426 | 1 Sun | 3 Jdk, Jre, Sdk | 2026-06-16 | 6.4 MEDIUM | N/A |
| Sun Java Runtime Environment (JRE) 1.5.0_6 and earlier, JDK 1.5.0_6 and earlier, and SDK 1.5.0_6 and earlier allows remote attackers to cause a denial of service (disk consumption) by using the Font.createFont function to create temporary files of arbitrary size in the %temp% directory. | |||||
| CVE-2006-2425 | 1 Phpremoteview | 1 Phpremoteview | 2026-06-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PRV.php in PhpRemoteView, possibly 2003-10-23 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) f, (2) d, and (3) ref parameters, and the (4) "MAKE DIR" and (5) "Full file name" fields. | |||||
| CVE-2006-2424 | 1 Ezusermanager | 1 Ezusermanager | 2026-06-16 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in ezUserManager 1.6 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the ezUserManager_Path parameter to ezusermanager_pwd_forgott.php, possibly due to an issue in ezusermanager_core.inc.php. | |||||
| CVE-2006-2423 | 1 Swsoft | 1 Confixx | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ftplogin/index.php in Confixx 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the login parameter. | |||||
