Vulnerabilities (CVE)

Total 365230 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-3969 1 Joomla 1 Colophon 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in administrator/components/com_colophon/admin.colophon.php in Colophon 1.2 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2006-3968 1 Sun 1 Solaris 2026-06-16 5.0 MEDIUM N/A
The crypto provider in Sun Solaris 10 3/05 HW2 without patch 121236-01, when running on Sun Fire T2000 platforms, incorrectly verifies a DSA signature, which might prevent applications from detecting that the data has been modified.
CVE-2006-3967 1 Moskool 1 Moskool 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in component/option,com_moskool/Itemid,34/admin.moskool.php in MamboXChange Moskool 1.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2006-3966 2 Carlos Sanchez Valle, Php Layers Menu 2 Mynewsgroups, Php Layers Menu 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in /lib/tree/layersmenu.inc.php in the PHP Layers Menu 2.3.5 package for MyNewsGroups :) 0.6b and earlier allows remote attackers to execute arbitrary PHP code via a URL in the myng_root parameter.
CVE-2006-3965 1 Banex 1 Banex 2026-06-16 5.0 MEDIUM N/A
Banex PHP MySQL Banner Exchange 2.21 stores lib.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as database usernames and passwords.
CVE-2006-3964 1 Banex 1 Banex 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in members.php in Banex PHP MySQL Banner Exchange 2.21 allows remote attackers to execute arbitrary PHP code via a URL in the cfg_root parameter.
CVE-2006-3963 1 Banex 1 Banex 2026-06-16 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in Banex PHP MySQL Banner Exchange 2.21 allow remote attackers to execute arbitrary SQL commands via the (1) site_name parameter to (a) signup.php, and the (2) id, (3) deleteuserbanner, (4) viewmem, (5) viewmemunb, (6) viewunmem,or (7) deleteuser parameters to (b) admin.php.
CVE-2006-3962 1 Mambo 1 Bayesiannaivefilter 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in administrator/components/com_bayesiannaivefilter/lang.php in the bayesiannaivefilter component (com_bayesiannaivefilter) 1.1 for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2006-3961 1 Mcafee 9 Antispyware, Internet Security Suite, Personal Firewall Plus and 6 more 2026-06-16 6.8 MEDIUM N/A
Buffer overflow in McSubMgr ActiveX control (mcsubmgr.dll) in McAfee Security Center 6.0.23 for Internet Security Suite 2006, Wireless Home Network Security, Personal Firewall Plus, VirusScan, Privacy Service, SpamKiller, AntiSpyware, and QuickClean allows remote user-assisted attackers to execute arbitrary commands via long string parameters, which are later used in vsprintf.
CVE-2006-3960 1 X-scripts 1 X-poll 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in top.php in X-Scripts X-Poll, probably 2.30, allows remote attackers to execute arbitrary SQL commands via the poll parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-3959 1 X-scripts 1 X-statistics 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in protect.php in X-Scripts X-Protection 1.10, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameter.
CVE-2006-3958 1 Pkr Internet 1 Taskjitsu 2026-06-16 4.3 MEDIUM N/A
Multiple unspecified cross-site scripting (XSS) vulnerabilities in Taskjitsu 2.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) the Search Tasks system, or authenticated users via (2) the Edit Task system, (3) the back-end Category Editor system, and (4) "Pages that display task status, email addresses, URL, customer, and project information."
CVE-2006-3957 1 Bosdev 1 Bosdates 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in payment.php in BosDev BosDates allows remote attackers to execute arbitrary PHP code via a URL in the insPath parameter.
CVE-2006-3956 1 Total Online Solutions 1 Advanced Webhost Billing System 2026-06-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in contact.php in Advanced Webhost Billing System (AWBS) 2.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) AccountUsername and (3) Message parameters.
CVE-2006-3955 1 Minibb 1 Minibb 2026-06-16 7.5 HIGH N/A
Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5a allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to (1) news.php, (2) search.php, or (3) whosOnline.php.
CVE-2006-3954 1 Mybulletinboard 1 Mybulletinboard 2026-06-16 5.0 MEDIUM N/A
Directory traversal vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to read arbitrary files via a .. (dot dot) in the gallery parameter in a (1) avatar or (2) do_avatar action.
CVE-2006-3953 1 Mybulletinboard 1 Mybulletinboard 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to inject arbitrary web script or HTML via the gallery parameter.
CVE-2006-3952 1 Efs Software 1 Efs Ftp Server 2026-06-16 7.5 HIGH N/A
Stack-based buffer overflow in EFS Software Easy File Sharing FTP Server 2.0 allows remote attackers to execute arbitrary code via a long argument to the PASS command. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-3951 1 Mam-moodle Alpha Component 1 Mam-moodle Alpha Component 2026-06-16 7.5 HIGH N/A
PHP remote file inclusion vulnerability in moodle.php in Mam-moodle alpha component (com_moodle) for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2006-3950 1 X-scripts 1 X-statistics 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in x-statistics.php in X-Scripts X-Statistics 1.20 allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header.