Vulnerabilities (CVE)

Total 363821 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-2806 1 Apache 1 James 2026-06-16 7.8 HIGH N/A
The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command.
CVE-2006-2805 1 Jelsoft 1 Vbulletin 2026-06-16 5.0 MEDIUM N/A
SQL injection vulnerability in VBulletin 3.0.10 allows remote attackers to execute arbitrary SQL commands via the featureid parameter.
CVE-2006-2804 1 Goss 1 Icm 2026-06-16 6.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.cfm in Goss Intelligent Content Management (iCM) 7.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party sources.
CVE-2006-2803 1 Deltascripts 1 Php Manualmaker 2026-06-16 6.8 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in PHP ManualMaker 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) id parameter to index.php, (2) search field (possibly the s parameter), or (3) comment field.
CVE-2006-2802 1 Xine 2 Gxine, Xine-lib 2026-06-16 5.0 MEDIUM N/A
Buffer overflow in the HTTP Plugin (xineplug_inp_http.so) for xine-lib 1.1.1 allows remote attackers to cause a denial of service (application crash) via a long reply from an HTTP server, as demonstrated using gxine 0.5.6.
CVE-2006-2801 1 Unak 1 Unak Cms 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in Unak CMS 1.5 RC2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) u_a or (2) u_s parameters.
CVE-2006-2800 1 Unak 1 Unak Cms 2026-06-16 6.8 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Unak CMS 1.5 RC2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) u_a or (2) u_s parameters. NOTE: this might be resultant from SQL injection.
CVE-2006-2799 1 Toenda Software Development 1 Toendacms 2026-06-16 6.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in content_footer.php in toendaCMS 0.7.0 allows remote attackers to inject arbitrary web scripts or HTML via the print_url variable. NOTE: the provenance of this information is unknown; the details are obtained solely from third party sources.
CVE-2006-2798 1 Phpcommunitycalendar 1 Phpcommunitycalendar 2026-06-16 6.8 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpCommunityCalendar 4.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) LoName parameter in (a) week.php and (b) month.php and (2) AddressLink parameter in (c) event.php.
CVE-2006-2797 1 Phpcommunitycalendar 1 Phpcommunitycalendar 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in phpCommunityCalendar 4.0.3 allow remote attackers to execute arbitrary SQL commands via the (1) CalendarDetailsID parameter in (a) month.php, (b) day.php, and (c) delCalendar.php; (2) ID parameter in (d) event.php; (3) AdminUserID parameter in (e) delAdmin.php; (4) EventLocationID parameter in (f) delAddress.php; and (5) LocationID parameter in (g) delCategory.php.
CVE-2006-2796 1 New-place 1 Captivate 2026-06-16 6.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in gallery.php in Captivate 1.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter, which is reflected in an error message.
CVE-2006-2795 1 Xiti 1 Xiti Tracking Script 2026-06-16 6.8 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in XiTi Tracking Script 6 and 7 RC allow remote attackers to inject arbitrary web script or HTML via (1) the xtref parameter in xiti.js and (2) an HTTP Referer header field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-2794 1 Aspsitem 1 Aspsitem 2026-06-16 7.8 HIGH N/A
Hesabim.asp in ASPSitem 2.0 and earlier allows remote attackers to read private messages of other users via a modified id parameter.
CVE-2006-2793 1 Aspsitem 1 Aspsitem 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in Anket.asp in ASPSitem 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the hid parameter.
CVE-2006-2792 1 Woltlab 1 Burning Board 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in misc.php in Woltlab Burning Board (WBB) 2.3.4 allows remote attackers to execute arbitrary SQL commands via the sid parameter.
CVE-2006-2791 1 Net Art Media 1 Iboutique.mall 2026-06-16 5.0 MEDIUM N/A
Directory traversal vulnerability in index.php in iBoutique.MALL and possibly iBoutique allows remote attackers to read arbitrary files via ".." sequences in the function parameter.
CVE-2006-2790 1 Sun 1 Storage Automated Diagnostic Environment 2026-06-16 7.2 HIGH N/A
A package component in Sun Storage Automated Diagnostic Environment (StorADE) 2.4 uses world-writable permissions for certain critical files and directories, which allows local users to gain privileges.
CVE-2006-2789 1 Gnome 1 Evolution 2026-06-16 2.6 LOW N/A
Evolution 2.2.x and 2.3.x in GNOME 2.7 and 2.8, when "load images if sender in addressbook" is enabled, allows remote attackers to cause a denial of service (persistent crash) via a crafted "From" header that triggers an assert error in camel-internet-address.c when a null pointer is used.
CVE-2006-2788 1 Mozilla 1 Firefox 2026-06-16 7.5 HIGH N/A
Double free vulnerability in the getRawDER function for nsIX509Cert in Firefox allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via certain Javascript code.
CVE-2006-2787 1 Mozilla 2 Firefox, Thunderbird 2026-06-16 9.3 HIGH N/A
EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to gain privileges via javascript that calls the valueOf method on objects that were created outside of the sandbox.