Vulnerabilities (CVE)

Total 367067 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-5719 1 Bytesfall Explorer 1 Bytesfall Explorer 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in libs/sessions.lib.php in BytesFall Explorer (bfExplorer) 0.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified parameters, a different issue than CVE-2006-5606.
CVE-2006-5718 1 Phpmyadmin 1 Phpmyadmin 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in error.php in phpMyAdmin 2.6.4 through 2.9.0.2 allows remote attackers to inject arbitrary web script or HTML via UTF-7 or US-ASCII encoded characters, which are injected into an error message, as demonstrated by a request with a utf7 charset parameter accompanied by UTF-7 data.
CVE-2006-5717 1 Zend 1 Zend Google Data Client Library Preview 2026-06-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Zend Google Data Client Library (ZendGData) Preview 0.2.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in (1) basedemo.php and (2) calenderdemo.php in samples/, and other unspecified files.
CVE-2006-5716 1 Freenews 1 Freenews 2026-06-16 5.0 MEDIUM N/A
Directory traversal vulnerability in aff_news.php in FreeNews 2.1 allows remote attackers to include local files via a .. (dot dot) sequence in the chemin parameter, when the aff_news parameter is not set to "1."
CVE-2006-5715 1 Efs Software 1 Easy Address Book 2026-06-16 5.0 MEDIUM N/A
Easy File Sharing (EFS) Easy Address Book 1.2, when run on an NTFS file system, allows remote attackers to read arbitrary files under the web root by appending "::$DATA" to the end of an HTTP GET request, which accesses the alternate data stream.
CVE-2006-5714 1 Efs Software 1 Efs Web Server 2026-06-16 5.0 MEDIUM N/A
Easy File Sharing (EFS) Web Server 4.0, when running on an NTFS file system, allows remote attackers to read arbitrary files under the web root by appending "::$DATA" to the end of a HTTP GET request, which accesses the alternate data stream.
CVE-2006-5713 1 Efs Software 1 Efs Web Server 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Easy File Sharing (EFS) Web Server 4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) author, (2) content, or (3) title parameters when posting a forum thread. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-5712 1 Mirapoint 1 Mirapoint Webmail 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Mirapoint WebMail allows remote attackers to inject arbitrary web script via the expression Cascading Style Sheets (CSS) function, as demonstrated using the width style for an IMG element.
CVE-2006-5711 1 Eci Telecom 1 B-focus Wireless 802.11bg Adsl2\+ Router 2026-06-16 5.0 MEDIUM N/A
ECI Telecom B-FOCuS Wireless 802.11b/g ADSL2+ Router allows remote attackers to read arbitrary files via a certain HTTP request, as demonstrated by a request for a router configuration file, related to the /html/defs/ URI.
CVE-2006-5710 2 Apple, Opendarwin 2 Mac Os X, Darwin Kernel 2026-06-16 7.5 HIGH N/A
The Airport driver for certain Orinoco based Airport cards in Darwin kernel 8.8.0 in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to execute arbitrary code via an 802.11 probe response frame without any valid information element (IE) fields after the header, which triggers a heap-based buffer overflow.
CVE-2006-5709 1 Alt-n 1 Mdaemon 2026-06-16 10.0 HIGH N/A
Unspecified vulnerability in WorldClient in Alt-N Technologies MDaemon before 9.50 has unknown impact and attack vectors related to a "JavaScript exploit."
CVE-2006-5708 1 Alt-n 1 Mdaemon 2026-06-16 5.0 MEDIUM 7.5 HIGH
Multiple unspecified vulnerabilities in MDaemon and WorldClient in Alt-N Technologies MDaemon before 9.50 allow attackers to cause a denial of service (memory consumption) via unspecified vectors resulting in memory leaks.
CVE-2006-5707 1 Phpeasydata Pro 1 Phpeasydata Pro 2026-06-16 7.5 HIGH N/A
SQL injection vulnerability in index.php in PHPEasyData Pro 1.4.1 and 2.2.1 allows remote attackers to execute arbitrary SQL commands via the cat parameter.
CVE-2006-5706 1 Php 1 Php 2026-06-16 7.2 HIGH N/A
Unspecified vulnerabilities in PHP, probably before 5.2.0, allow local users to bypass open_basedir restrictions and perform unspecified actions via unspecified vectors involving the (1) chdir and (2) tempnam functions. NOTE: the tempnam vector might overlap CVE-2006-1494.
CVE-2006-5705 1 Wordpress 1 Wordpress 2026-06-16 6.0 MEDIUM N/A
Multiple directory traversal vulnerabilities in plugins/wp-db-backup.php in WordPress before 2.0.5 allow remote authenticated users to read or overwrite arbitrary files via directory traversal sequences in the (1) backup and (2) fragment parameters in a GET request.
CVE-2006-5704 1 Hp 1 Nonstop Server 2026-06-16 6.2 MEDIUM N/A
HP NonStop Server G06.29, when running Standard Security T6533G06 before T6533G06^ABK, does not properly evaluate access permissions to OSS directories when no optional ACL entry exists, which allows local users to read arbitrary files.
CVE-2006-5703 1 Tiki 1 Tikiwiki Cms\/groupware 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in tiki-featured_link.php in Tikiwiki 1.9.5 allows remote attackers to inject arbitrary web script or HTML via a url parameter that evades filtering, as demonstrated by a parameter value containing malformed, nested SCRIPT elements.
CVE-2006-5702 1 Tiki 1 Tikiwiki Cms\/groupware 2026-06-16 5.0 MEDIUM N/A
Tikiwiki 1.9.5 allows remote attackers to obtain sensitive information (MySQL username and password) via an empty sort_mode parameter in (1) tiki-listpages.php, (2) tiki-lastchanges.php, (3) messu-archive.php, (4) messu-mailbox.php, (5) messu-sent.php, (6) tiki-directory_add_site.php, (7) tiki-directory_ranking.php, (8) tiki-directory_search.php, (9) tiki-forums.php, (10) tiki-view_forum.php, (11) tiki-friends.php, (12) tiki-list_blogs.php, (13) tiki-list_faqs.php, (14) tiki-list_trackers.php, (15) tiki-list_users.php, (16) tiki-my_tiki.php, (17) tiki-notepad_list.php, (18) tiki-orphan_pages.php, (19) tiki-shoutbox.php, (20) tiki-usermenu.php, and (21) tiki-webmail_contacts.php, which reveal the information in certain database error messages.
CVE-2006-5701 2 Linux, Redhat 2 Linux Kernel, Fedora Core 2026-06-16 4.9 MEDIUM N/A
Double free vulnerability in squashfs module in the Linux kernel 2.6.x, as used in Fedora Core 5 and possibly other distributions, allows local users to cause a denial of service by mounting a crafted squashfs filesystem.
CVE-2006-5681 1 Apple 2 Mac Os X, Mac Os X Server 2026-06-16 2.6 LOW N/A
QuickTime for Java on Mac OS X 10.4 through 10.4.8, when used with Quartz Composer, allows remote attackers to obtain sensitive information (screen images) via a Java applet that accesses images that are being rendered by other embedded QuickTime objects.